Abstract: A system for monitoring and controlling at least one program capable of being executed on any one of at least two workstations in a network. The network includes at least one agent module resident on each of the at least two workstations and a management console connected to each of the at least two workstations. The system includes modules for identifying an event occurring with respect to a program executing on one of the at least two workstations, modules for sending an alert to the management console which identifies the event, memory for storing a plurality of triggers, each of the triggers adapted to cause an action to be taken within the network, memory for storing at least one procedure, the at least one procedure comprising at least one of the plurality of triggers, and modules for sending at least one of the procedures from the management console to the agent module resident on the one of the at least two workstations in response to receipt of the alert.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A policy-based cache manager, including a memory storing a cache of digital content, a plurality of policies, and a policy index to the cache contents, the policy index indicating allowable cache content for each of a plurality of policies, a content scanner for scanning a digital content received, to derive a corresponding content profile, and a content evaluator for determining whether a given digital content is allowable relative to a given policy, based on the content profile. A method is also described and claimed.

Abstract: A security system for scanning content within a computer, including a network interface, housed within a computer, for receiving content from the Internet on its destination to an Internet application running on the computer, a database of rules corresponding to computer exploits, stored within the computer, a rule-based content scanner that communicates with said database of rules, for scanning content to recognize the presence of potential exploits therewithin, a network traffic probe, operatively coupled to the network interface and to the rule-based content scanner, for selectively diverting content from its intended destination to the rule-based content scanner, and a rule update manager that communicates with said database of rules, for updating said database of rules periodically to incorporate new rules that are made available. A method and a computer readable storage medium are also described and claimed.

Abstract: A system for embedding messages within HTTP streams, including a gateway communicator, situated within a network gateway computer that communicates with at least one client computer, for receiving management data intended for the at least one client computer from a management server computer that communicates with the network gateway computer, a gateway data embedder situated within the network gateway computer for inserting non-HTTP management data within an HTTP message, and a client data extractor situated within each of the at least one client computer for extracting non-HTTP management data from within an HTTP message. A method and a computer readable storage medium are also described and claimed.

Abstract: A method for scanning content, including identifying tokens within an incoming byte stream, the tokens being lexical constructs for a specific language, identifying patterns of tokens, generating a parse tree from the identified patterns of tokens, and identifying the presence of potential exploits within the parse tree, wherein said identifying tokens, identifying patterns of tokens, and identifying the presence of potential exploits are based upon a set of rules for the specific language. A system and a computer readable storage medium are also described and claimed.

Abstract: A computer gateway for an intranet of computers, including a scanner for scanning incoming files from the Internet and deriving security profiles therefor, the security profiles being lists of computer commands that the files are programmed to perform, a file cache for storing files, a security profile cache for storing security profiles for files, and a security policy cache for storing security policies for client computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers. A method and a computer-readable storage medium are also described and claimed.

Abstract: A computer-based method for generating a Downloadable ID to identify a Downloadable, including obtaining a Downloadable that includes one or more references to software components required by the Downloadable, fetching at least one software component identified by the one or more references, and performing a function on the Downloadable and the fetched software components to generate a Downloadable ID. A system and a computer-readable storage medium are also described and claimed.

Abstract: A method for tracking the routing of an electronic document, including embedding a unique identifier within an electronic document and monitoring e-mail messages transmitted from senders to recipients, for detection of e-mail messages having the electronic document embedded therewithin or attached thereto, based on the unique identifier. A system and computer readable storage medium are also described and claimed.

Abstract: A system for monitoring and controlling at least one program capable of being executed on any one of at least two workstations in a network. The network includes at least one agent module resident on each of the at least two workstations and a management console connected to each of the at least two workstations. The system includes modules for identifying an event occurring with respect to a program executing on one of the at least two workstations, modules for sending an alert to the management console which identifies the event, memory for storing a plurality of triggers, each of the triggers adapted to cause an action to be taken within the network, memory for storing at least one procedure, the at least one procedure comprising at least one of the plurality of triggers, and modules for sending at least one of the procedures from the management console to the agent module resident on the one of the at least two workstations in response to receipt of the alert.

Abstract: A system for monitoring and controlling at least one program capable of being executed on any one of at least two workstations in a network. The network includes at least one agent module resident on each of the at least two workstations and a management console connected to each of the at least two workstations. The system includes modules for identifying an event occurring with respect to a program executing on one of the at least two workstations, modules for sending an alert to the management console which identifies the event, memory for storing a plurality of triggers, each of the triggers adapted to cause an action to be taken within the network, memory for storing at least one procedure, the at least one procedure comprising at least one of the plurality of triggers, and modules for sending at least one of the procedures from the management console to the agent module resident on the one of the at least two workstations in response to receipt of the alert.

Abstract: A system protects a client from hostile Downloadables. The system includes security rules defining suspicious actions and security policies defining the appropriate responsive actions to rule violations. The system includes an interface for receiving incoming Downloadable and requests made by the Downloadable. The system still further includes a comparator coupled to the interface for examining the Downloadable, requests made by the Downloadable and runtime events to determine whether a security policy has been violated, and a response engine coupled to the comparator for performing a violation-based responsive action.

Abstract: A system and method examine execution or interpretation of a Downloadable for operations deemed suspicious or hostile, and respond accordingly. The system includes security rules defining suspicious actions and security policies defining the appropriate responsive actions to rule violations. The system includes an interface for receiving incoming Downloadable and requests made by the Downloadable. The system still further includes a comparator coupled to the interface for examining the Downloadable, requests made by the Downloadable and runtime events to determine whether a security policy has been violated, and a response engine coupled to the comparator for performing a violation-based responsive action.

Abstract: A system comprises an inspector and a protection engine. The inspector includes a content inspection engine that uses a set of rules to generate a Downloadable security profile corresponding to a Downloadable, e.g., Java.TM. applets, ActiveX.TM. controls, JavaScript.TM. scripts, or Visual Basic scripts. The content inspection engine links the Downloadable security profile to the Downloadable. The set of rules may include a list of suspicious operations, or a list of suspicious code patterns. The first content inspection engine may link to the Downloadable a certificate that identifies the content inspection engine which created the Downloadable security profile. Additional content inspection engines may generate and link additional Downloadable security profiles to the Downloadable. Each additional Downloadable security profile may also include a certificate that identifies its creating content inspection engine.

Abstract: A system for monitoring and controlling at least one program capable of being executed on any one of at least two workstations in a network. The network includes at least one agent module resident on each of the at least two workstations and a management console connected to each of the at least two workstations. The system includes modules for identifying an event occurring with respect to a program executing on one of the at least two workstations, modules for sending an alert to the management console which identifies the event, memory for storing a plurality of triggers, each of the triggers adapted to cause an action to be taken within the network, memory for storing at least one procedure, the at least one procedure comprising at least one of the plurality of triggers, and modules for sending at least one of the procedures from the management console to the agent module resident on the one of the at least two workstations in response to receipt of the alert.

Abstract: A system protects a computer from suspicious Downloadables. The system comprises a security policy, an interface for receiving a Downloadable, and a comparator, coupled to the interface, for applying the security policy to the Downloadable to determine if the security policy has been violated. The Downloadable may include a Java.TM. applet, an ActiveX.TM. control, a JavaScript.TM. script, or a Visual Basic script. The security policy may include a default security policy to be applied regardless of the client to whom the Downloadable is addressed, or a specific security policy to be applied based on the client or the group to which the client belongs. The system uses an ID generator to compute a Downloadable ID identifying the Downloadable, preferably, by fetching all components of the Downloadable and performing a hashing function on the Downloadable including the fetched components.