Abstract: The disclosed computer-implemented method for threat and information protection through file classification may include (1) assigning a classification tag to each of an number of files on a computing device based on a set of rules, (2) storing the classification tag in the files and a corresponding file descriptor describing a sensitivity level of the files externally to the files, (3) detecting creation of a process associated with accessing the files, (4) determining whether the process is potentially suspicious, (5) identifying an operation initiated by the potentially suspicious process to access the files, and (6) performing a security action that protects the computing device from malicious activity by the operation initiated by the potentially suspicious process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for detecting security vulnerabilities are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting security vulnerabilities including assigning a reputation to an application, distributing the reputation to a client, receiving monitored system behavior from the client related to the client executing the application, determining whether to change the reputation of the application based on the monitored system behavior, distributing the changed reputation to the client, receiving further monitored system behavior from the client, and determining whether to generate a rule for the application based on the monitored system behavior received from the client.

Abstract: Techniques for detecting advanced security threats are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting a security threat including generating a resource at a client, implementing the resource on the client, monitoring system behavior of the client having the resource implemented thereon, determining whether a security event involving the implemented resource has occurred based on the monitored system behavior, and generating a report when it has been determined that the security event has occurred.

Abstract: Techniques for detecting security vulnerabilities are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting security vulnerabilities including assigning a reputation to an application, distributing the reputation to a client, receiving monitored system behavior from the client related to the client executing the application, determining whether to change the reputation of the application based on the monitored system behavior, distributing the changed reputation to the client, receiving further monitored system behavior from the client, and determining whether to generate a rule for the application based on the monitored system behavior received from the client.

Abstract: Reputation-based automatic remediation is applied for enforcing good network hygiene of a client. A scanning module scans the client to detect files on the client in response to an attempt by the client to connect to a secure network. A reputation score module retrieves onto the client a reputation score for each of the files detected. The reputation scores can be retrieved from a reputation database of a reputation server storing reputation data for files. A hygiene score module calculates on the client a hygiene score for the client based on the reputation scores for the files on the client. The hygiene score indicates a likelihood of the client to engage in risky behavior. The threshold determination module determines whether the hygiene score exceeds a threshold for bad client hygiene. The policy module applies a policy to the client that restricts network access in response to the hygiene score for the client exceeding the threshold.