Abstract: A compliance monitor measures metrics regarding one or more managed devices in a network. The compliance monitor generates a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient. The compliance monitor also initiates one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value.

Abstract: A compliance monitor measures metrics regarding one or more managed devices in a network. The compliance monitor generates a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient. The compliance monitor also initiates one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value.

Abstract: Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits.

Abstract: A verification operating system (VOS) is an intermediary operating system that verifies data of a primary operating system before the primary operating system controls of the computing device. When the computing device is initialized, initial boot processes load the VOS instead of the primary operating system. The VOS performs verification processes on data storing the primary operating system to verify that the primary operating system has not been manipulated or corrupted before passing control of the computing device to the primary operating system. A VOS also may be used to verify an operating system used by a virtual machine (VM). The VOS verifies data storing a VM operating system to be used for requested VMs. If the VOS verifies that the VM OS data is accurate, the VOS provides the VM OS data to a hypervisor for use in a VM.

Abstract: A verification operating system (VOS) is an intermediary operating system that verifies data of a primary operating system before the primary operating system controls of the computing device. When the computing device is initialized, initial boot processes load the VOS instead of the primary operating system. The VOS performs verification processes on data storing the primary operating system to verify that the primary operating system has not been manipulated or corrupted before passing control of the computing device to the primary operating system. A VOS also may be used to verify an operating system used by a virtual machine (VM). The VOS verifies data storing a VM operating system to be used for requested VMs. If the VOS verifies that the VM OS data is accurate, the VOS provides the VM OS data to a hypervisor for use in a VM.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: A compliance monitor measures metrics regarding one or more managed devices in a network. The compliance monitor generates a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient. The compliance monitor also initiates one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: A compliance monitor measures metrics regarding one or more managed devices in a network. The compliance monitor generates a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient. The compliance monitor also initiates one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value.

Abstract: A method of rolling security for a system that includes multiple server groups, such as a first server group of one or more servers and a second server group of one or more servers. The method includes repeatedly initiating rebuilding of the first server group of one or more servers. The method also includes repeatedly initiating rebuilding of the second server group of one or more servers. The rebuilding of the first server group of one or more servers is staggered in time from the rebuilding of the second server group of one or more servers. The servers may be physical servers or virtual machines. Rolling security may also be applied to software containers, computing devices within a data center, and computing devices outside of a datacenter.

Abstract: A method of rolling security for a system that includes multiple server groups, such as a first server group of one or more servers and a second server group of one or more servers. The method includes repeatedly initiating rebuilding of the first server group of one or more servers. The method also includes repeatedly initiating rebuilding of the second server group of one or more servers. The rebuilding of the first server group of one or more servers is staggered in time from the rebuilding of the second server group of one or more servers. The servers may be physical servers or virtual machines. Rolling security may also be applied to software containers, computing devices within a data center, and computing devices outside of a datacenter.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits.

Abstract: Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits.

Abstract: A method for real-time detection of malware in a Kernel mode includes detecting a file operation request initiated by a process running in user mode. Malware detection analytics is performed on a file buffer associated with the detected file operation request to detect behavior indicating presence of malware. Responsive to detecting the behavior indicating the presence of the malware, the process responsible for initiating the detected file operation request is identified. A search for the identified process is performed on one or more of a blacklist of programs and a whitelist of programs to determine whether the identified process is a trusted process. Responsive to determining that the identified process is not a trusted process, a malware remediation action is executed against the identified process. Information describing the malware is transmitted to a client device.

Abstract: A method of rolling security for a system that includes multiple server groups, such as a first server group of one or more servers and a second server group of one or more servers. The method includes repeatedly initiating rebuilding of the first server group of one or more servers. The method also includes repeatedly initiating rebuilding of the second server group of one or more servers. The rebuilding of the first server group of one or more servers is staggered in time from the rebuilding of the second server group of one or more servers. The servers may be physical servers or virtual machines. Rolling security may also be applied to software containers, computing devices within a data center, and computing devices outside of a datacenter.