Abstract: Systems and techniques for security content delivery based on tagged personas are described herein. User data may be obtained for a user of a network file system. Attributes may be extracted from the user data to establish a user persona. Event data may be obtained for a security event experienced by the network file system. The security event may be associated with the user. A set of available remediation content items may be identified using the event data. A content item may be selected from the set of remediation content items using the user persona. A transmission medium may be determined for transmission of the content item to the user using the user persona. The content item may be transmitted to the user via the transmission medium.

Abstract: Systems and techniques for security content delivery based on tagged personas are described herein. User data may be obtained for a user of a network file system. Attributes may be extracted from the user data to establish a user persona. Event data may be obtained for a security event experienced by the network file system. The security event may be associated with the user. A set of available remediation content items may be identified using the event data. A content item may be selected from the set of remediation content items using the user persona. A transmission medium may be determined for transmission of the content item to the user using the user persona. The content item may be transmitted to the user via the transmission medium.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor detects a software application installed on a client computing device, and/or usage data. Detected usage data is associated with a current user of the client computing device and with the software application. The processor identifies a user role for the current user based on the software application and/or usage data. The processor applies a security configuration to the client computing device based on the user role. The security configuration limits access by the current user to a portion of the software application. The processor sends an identifier of the user role to an administrative server for storage in an Active Directory (AD) database.

Abstract: A system for detecting anomalous user interactions with a computing resource a processor and a memory communicatively coupled to the processor and configured with instructions, which cause the processor to perform operations including receiving a request to monitor interactions of a user with the computing resource, obtaining first event data first event data that includes information that is indicative of first interactions of the user with the computing resource prior to receiving the request and obtaining second event data that includes information that is indicative of second interactions of the user with the computing resource after receiving the request. The operations further include determining, based on the first event data and the second event data, whether a deviation between the first interactions and the second interactions satisfies an indicated criteria. The operations additionally include generating a security alert based on the determination.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for applications that detect indicators of data exfiltration through applications such as browser-based interfaces. The disclosed system monitors file system element events related to one or more target applications (such as browsers) through operating system interfaces. Once an event of interest is detected, the system interfaces with the browser to determine a context for the event of interest that may include a URL of a website that the user was visiting corresponding to the file system element event. If the URL is directed towards a prohibited site, a notification may be generated that may be used as a signal to alert an administrator. As used herein, a file system element may include a file, directory, folder, archive, blob, raw storage, metadata, or the like File system element events may include copying, deleting, modifying, or moving a file system element.

Abstract: A system for processing a file stored on a computing system includes causing a processor of the system to obtain file usage data that is indicative of a number of times the file is loaded into a memory of the system and to obtain file-size data that is indicative of a size the file. The system further includes causing the processor to obtain metadata indicative of contents the file and to determine a file value based on the file usage data and at least one of the file-size data, the metadata, or a file-identifier value that is derived from an identifier of the file, where the file value comprising a quantitative or qualitative indicator of a value of the file. The system additionally includes causing the processor to adjust processing of the file relative to processing of other files associated with the computing system based on the file value.

Abstract: A system for detecting anomalous user interactions with a computing resource a processor and a memory communicatively coupled to the processor and configured with instructions, which cause the processor to perform operations including receiving a request to monitor interactions of a user with the computing resource, obtaining first event data first event data that includes information that is indicative of first interactions of the user with the computing resource prior to receiving the request and obtaining second event data that includes information that is indicative of second interactions of the user with the computing resource after receiving the request. The operations further include determining, based on the first event data and the second event data, whether a deviation between the first interactions and the second interactions satisfies an indicated criteria. The operations additionally include generating a security alert based on the determination.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor detects a software application installed on a client computing device, and/or usage data. Detected usage data is associated with a current user of the client computing device and with the software application. The processor identifies a user role for the current user based on the software application and/or usage data. The processor applies a security configuration to the client computing device based on the user role. The security configuration limits access by the current user to a portion of the software application. The processor sends an identifier of the user role to an administrative server for storage in an Active Directory (AD) database.

Abstract: General-purpose components are selectively included in a toolkit hosted by hosting provider computing devices. The general-purpose components are software components. The general-purpose components in the toolkit are available over a computer network to end user computing devices. The end user computing devices utilizes general-purpose components in the toolkit to provide system administration solutions. The system administration solutions are web applications hosted by the hosting provider computing devices. The system administration solutions provide an ability to perform administration tasks on on-premises computer systems of the end users. A hosting provider computing device is configured such that the end user computing devices are able to utilize the general-purpose components in the toolkit on a Software-as-a-Service (SaaS) basis.

Abstract: General-purpose components are selectively included in a toolkit hosted by hosting provider computing devices. The general-purpose components are software components. The general-purpose components in the toolkit are available over a computer network to end user computing devices. The end user computing devices utilizes general-purpose components in the toolkit to provide system administration solutions. The system administration solutions are web applications hosted by the hosting provider computing devices. The system administration solutions provide an ability to perform administration tasks on on-premises computer systems of the end users. A hosting provider computing device is configured such that the end user computing devices are able to utilize the general-purpose components in the toolkit on a Software-as-a-Service (SaaS) basis.