Abstract: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.

Abstract: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.

Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.

Abstract: A framework and method are disclosed for supporting changed addresses by mobile network nodes. Such support is provided through enhancements to the mobile network nodes and utilizes DNS servers, Dynamic Host Configuration Protocol (DHCP), and virtual private network (VPN) servers—or their functional equivalents—to dynamically assign a current network address to a mobile node, provide the current network address to an authoritative name server, and thereafter have correspondent nodes update their addresses for the mobile node based upon an address provided by the authoritative name server. A mobile node registers all of its name-to-address mappings with its authoritative DNS server using a time to live of zero. Furthermore, when a mobile node moves outside its home security domain, the mobile node initiates a virtual private network connection to a virtual private server for a security domain.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.

Abstract: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.

Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.

Abstract: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.

Abstract: In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.

Abstract: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.

Abstract: Among other things, one or more systems and/or methods for a network aware firewall are disclosed. A method comprises accessing a first network connection from a client computer system and determining whether the first network connection is a first network type or a second network type. The method further comprises dynamically modifying security parameters associated with a firewall local to the client computer system in response to determining whether the network connection is the first network type or the second network type.

Abstract: A Network State Database (NSD) can comprise information regarding the network-centric state of one or more computing devices connected to a network. The information contained in the NSD can be passively received by the NSD, or it can be actively obtained by the NSD. Additionally the NSD can comprise either a centralized collection of information, or a distributed collection of information independently maintained and conceptualized as a single entity. The information of the NSD can be used by a Network Risk Management Service (NRMS) to appropriately respond and protect the network. The NRMS can provide relevant information from the NSD to subscribers, which can independently act to protect the network. The NRMS can likewise itself instruct computing devices regarding an appropriate action, or it can itself instruct the performance of such action.

Abstract: A method and system for enhancing a network load balancing system's ability to distribute connection information and data amongst the plurality of nodes within the system is presented. A client connection request is redirected to a load balancing service residing on a receiving node by modifying the destination port information contained within the packet. The receiving node can be any node within the load balancing system, and is determined from amongst the plurality of nodes that comprise the system by a conventional means. A transparent connection is then established between the client and the load balancing service residing on the node by modifying subsequently transmitted connection setup packets sent by the receiving node and the client. A target node is determined according to resource specific information contained within initially received data packets from the client. The target node determined this way could be the local node or another node.

Abstract: Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.

Abstract: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks.