Abstract: A system is provided with one or more virtual machines and a replayer. The virtual machine(s) are configured to mimic operations of a first device. The replayer is configured to mimic operations of a second device. Herein, the replayer receives a portion of network data under analysis, dynamically modifies the portion of the network data, and transmits the modified portion of the network data to at least one virtual machine of the one or more virtual machines in accordance with a protocol sequence utilized between the first device and the second device.

Abstract: A system is provided with one or more virtual machines and a replayer. The virtual machine(s) are configured to mimic operations of a first device. The replayer is configured to mimic operations of a second device. Herein, the replayer receives a portion of network data under analysis, dynamically modifies the portion of the network data, and transmits the modified portion of the network data to at least one virtual machine of the one or more virtual machines in accordance with a protocol sequence utilized between the first device and the second device.

Abstract: Techniques for malicious content detection using memory dump are described herein. According to one embodiment, a monitoring module is configured to monitor activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of one or more predetermined events triggered by the malicious content suspect, a memory dump module is configured to generate a memory dump of the malicious content suspect. An analysis module is configured to analyze the memory dump to determine whether the malicious content suspect should be declared as malicious based on a set of one or more rules.

Abstract: A system is provided with an interface and controller. The interface is configured to receive packets transmitted over a network between a first device and a second device. Transmitted over the network in accordance with a packet protocol, the packets include at least one packet transmitted from the first device and at least one packet transmitted from the second device. Coupled to the interface, the controller is configured to determine whether a plurality of packets have suspicious characteristics of malware and transmit the suspicious packets to an analysis environment. The analysis environment is configured to receive the plurality of packets that have suspicious characteristics of malware, modify at least a portion of these suspicious packets, and transmit at least the modified portion of the plurality of packets that have suspicious characteristics of malware to a virtual machine in accordance with a sequence of the packet protocol.

Abstract: A system is provided with a controller and a device configured to receive and output network data from a communication network to the controller. Accordingly, the controller is configured to (i) receive the network data from the device, (ii) conduct heuristic analysis on the network data, (iii) identify at least a portion of the network data as suspicious upon determining by the heuristic analysis of a likelihood that at least the portion of the network data including malware, (iv) simulate transmission of the suspicious network data to at least one virtual machine of a plurality of virtual machines that is selected or configured using at least one software profile, and (v) analyze effects of the suspicious network data on the at least one virtual machine.

Abstract: A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.

Abstract: A network address assignment server is disclosed, which is capable of dynamically updating its own configuration information during runtime. The configuration information (which may include, for example, one or more network addresses that can be assigned by the server, an association between a device identifier and a specific network address, etc.) may be updated and then used by the server without restarting the server. As a result, the server can update its configuration information without incurring any server downtime.

Abstract: A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.

Abstract: Methods and apparatus providing, controlling and managing a dynamically sized, highly scalable and available server farm are disclosed. A Virtual Server Farm (VSF) is created out of a wide scale computing fabric (“Computing Grid”) which is physically constructed once and then logically divided up into VSFs for various organizations on demand. Each organization retains independent administrative control of a VSF. A VSF is dynamically firewalled within the Computing Grid. Allocation and control of the elements in the VSF is performed by a control plane connected to all computing, networking, and storage elements in the computing grid through special control ports. The internal topology of each VSF is under control of the control plane. A request queue architecture is also provided for processing work requests that allows selected requests to be blocked until required human intervention is satisfied.

Abstract: A method and apparatus for selectively logically adding storage to a host features dynamically mapping one or more disk volumes to the host using a storage virtualization layer, without affecting an operating system of the host or its configuration. Storage devices participate in storage area networks and are coupled to gateways. A boot port of the host is coupled to a direct-attached storage network that includes a switching fabric. When a host needs storage to participate in a virtual server farm, software elements allocate one or more volumes or concatenated volumes of disk storage, and command the gateways and switches in the storage networks to logically and physically connect the host to the allocated volumes. As a result, the host acquires access to storage without modification to a configuration of the host, and a real-world virtual server farm or data center may be created and deployed substantially instantly.