Abstract: Thermoformed articles comprising a film thermoformed to be in the form of a pouch defining an interior pouch volume, the film comprising a mixture of a polyvinyl alcohol resin and a plasticizer, wherein the plasticizer is provided in an amount in a range of about 5 to about 30 weight parts, based on 100 weight parts of total polyvinyl alcohol resin; wherein the thermoformed film in the form of a pouch defining an interior pouch volume is characterized by a draw ratio in a range of about 2.3 to about 2.9; the article is characterized by a release time of at least 30 seconds when formed into a sealed packet and tested in accordance with the Liquid Release Test; and the article is characterized by a residue value of at most 9%, as determined by the Residue Test.

Abstract: According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.

Abstract: A method and system to detect cyber-attacks by analyzing client-server or other east-west traffic within an enterprise network is disclosed. East-west traffic comprises communications between network devices within the enterprise network, in contradistinction to north-south traffic which involves communications intended to traverse the periphery of the enterprise network. The system includes a network interface to receive the network traffic; analysis logic to analyze communications within the received network traffic to identify a set of indicators; correlation logic to assemble one or more groups of weak indicators from the set of indicators, and conduct an analysis to determine whether each of the groups of weak indicators is correlated with known malicious patterns or sequences of indicators, thereby producing at least one strong indicator from which a determination can be made of whether a cyber-attack is being conducted.

Abstract: A method for detecting a cyber-attack is described. The method features (i) collecting a first plurality of weak indicators, (ii) grouping a second plurality of weak indicators from the first plurality of weak indicators where the second plurality of weak indicators being lesser in number than the first plurality of weak indicators, and (iii) performing a correlation operation between the second plurality of weak indicators and one or more patterns or sequences of indicators associated with known malware. A weak indicator of the first plurality of weak indicators corresponds to data that, by itself, is not definitive as to whether the data is associated with a cyber-attack being conducted on a source of the weak indicator.

Abstract: According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.

Abstract: According to one embodiment, a system features analysis circuitry and detection circuitry. The analysis circuitry features a first processing unit and a first memory that includes a filtering logic configured to produce a second plurality of objects from a received first plurality of objects. The second plurality of objects is a subset of the first plurality of objects. The detection circuitry is communicatively coupled to and remotely located from the analysis circuitry. The detection circuitry includes a second processing unit and a second memory. The second memory includes a virtual execution logic to process content within at least a first object of the second plurality of objects. The virtual execution logic is configured to monitor for behaviors, during the processing of the first object, and determine whether any or all of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack.

Abstract: According to one embodiment, a network security device configured to detect malicious content within received network traffic comprises a traffic analysis controller (TAC) is provided. The traffic analysis controller comprises a network processing unit (NPU) and is configured to perform at least packet processing on the NPU with a set of pre-filters. In addition, the network security device further comprises a central processing unit (CPU) and is configured to perform at least virtual machine (VM)-based processing. The set of pre-filters is configured to distribute objects of received network traffic such that either static analysis or dynamic analysis may be performed on an object to determine whether the object contains malicious content. The static analysis may be performed on either the NPU or the CPU while the dynamic analysis is performed on the CPU.

Abstract: A method, computer program product, apparatus, and system that detects a substring in an input data string by producing a fingerprint of a portion of the data string and comparing the fingerprint of the portion of the data string to at least one predefined fingerprint. The predefined fingerprint may be a fingerprint of a portion of a predefined pattern of interest. If the fingerprints match, further pattern recognition processing may be performed on the input string.

Abstract: A method, computer program product, apparatus, and system that detects a substring in an input data string by producing a fingerprint of a portion of the data string and comparing the fingerprint of the portion of the data string to at least one predefined fingerprint. The predefined fingerprint may be a fingerprint of a portion of a predefined pattern of interest. If the fingerprints match, further pattern recognition processing may be performed on the input string.