Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A system, apparatus and method are provided for dynamically updating a configuration of a network device when relevant sources and destinations of network traffic are added, removed or migrated in a network. A configuration of a network device is associated with a set of network addresses representing a set of relevant sources and destinations of network traffic. The set is dynamic in that the membership of the set can change over time to include different network addresses as the set of relevant sources and destinations of network traffic changes over time. One or more data sources are monitored to obtain the network addresses for the set of relevant sources and destinations and to determine if the membership of the set has changed. When a change is detected, the configuration of the network device is updated on the network device to reflect the network addresses that are currently in the set.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A system, apparatus and method are provided for dynamically updating a configuration of a network device when relevant sources and destinations of network traffic are added, removed or migrated in a network. A configuration of a network device is associated with a set of network addresses representing a set of relevant sources and destinations of network traffic. The set is dynamic in that the membership of the set can change over time to include different network addresses as the set of relevant sources and destinations of network traffic changes over time. One or more data sources are monitored to obtain the network addresses for the set of relevant sources and destinations and to determine if the membership of the set has changed. When a change is detected, the configuration of the network device is updated on the network device to reflect the network addresses that are currently in the set.

Abstract: A system, apparatus and method are provided for dynamically updating a configuration of a network device when relevant sources and destinations of network traffic are added, removed or migrated in a network. A configuration of a network device is associated with a set of network addresses representing a set of relevant sources and destinations of network traffic. The set is dynamic in that the membership of the set can change over time to include different network addresses as the set of relevant sources and destinations of network traffic changes over time. One or more data sources are monitored to obtain the network addresses for the set of relevant sources and destinations and to determine if the membership of the set has changed. When a change is detected, the configuration of the network device is updated on the network device to reflect the network addresses that are currently in the set.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A system, apparatus and method are provided for dynamically updating a configuration of a network device when relevant sources and destinations of network traffic are added, removed or migrated in a network. A configuration of a network device is associated with a set of network addresses representing a set of relevant sources and destinations of network traffic. The set is dynamic in that the membership of the set can change over time to include different network addresses as the set of relevant sources and destinations of network traffic changes over time. One or more data sources are monitored to obtain the network addresses for the set of relevant sources and destinations and to determine if the membership of the set has changed. When a change is detected, the configuration of the network device is updated on the network device to reflect the network addresses that are currently in the set.

Abstract: A system, apparatus and method are provided for dynamically updating a configuration of a network device when relevant sources and destinations of network traffic are added, removed or migrated in a network. A configuration of a network device is associated with a set of network addresses representing a set of relevant sources and destinations of network traffic. The set is dynamic in that the membership of the set can change over time to include different network addresses as the set of relevant sources and destinations of network traffic changes over time. One or more data sources are monitored to obtain the network addresses for the set of relevant sources and destinations and to determine if the membership of the set has changed. When a change is detected, the configuration of the network device is updated on the network device to reflect the network addresses that are currently in the set.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A method and system for providing an executable module having an address space for storing program data that is to reside in a read-only storage medium and an address space for storing program data that is to reside in a random access memory is herein described. The executable module represents Java classes that are structured for dynamic class loading. A static class loader is used to modify the class structure to accommodate static loading. The static class loader also identifies methods that contain unresolved symbolic references and data that varies during the execution of the module. These methods and data are identified in order to place them in the address space that resides in the random access memory. The static loader is beneficial in a distributed computing environment having a client computer that has little or no secondary storage thereby requiring applications to run entirely in random access memory.

Abstract: A system and method for automatically converting a compiled program that accesses objects stored in main memory into a program that accesses and updates persistently stored objects. An initial computer program includes original instructions for accessing and updating objects in at least a first object class. The original instructions access and update objects in a computer's main memory. The system automatically revises the initial computer program to generate a revised computer program by adding to the original instructions object loading instructions and object storing instructions. The system further revises the initial computer program to generate the revised computer program by adding to the original instructions dirty object marking instructions that, during execution of the revised computer program, keep track of which objects in the computer's main memory contain new and/or updated data.

Abstract: A method and system for providing an executable module having an address space for storing program data that is to reside in a read-only storage medium and an address space for storing program data that is to reside in a random access memory is herein described. The executable module represents Java classes that are structured for dynamic class loading. A static class loader is used to modify the class structure to accommodate static loading. The static class loader also identifies methods that contain unresolved symbolic references and data that varies during the execution of the module. These methods and data are identified in order to place them in the address space that resides in the random access memory. The static loader is beneficial in a distributed computing environment having a client computer that has little or no secondary storage thereby requiring applications to run entirely in random access memory.

Abstract: A method and system for providing an executable module having an address space for storing program data that is to reside in a read-only storage medium and an address space for storing program data that is to reside in a random access memory is herein described. The executable module represents Java classes that are structured for dynamic class loading. A static class loader is used to modify the class structure to accommodate static loading. The static class loader also identifies methods that contain unresolved symbolic references and data that varies during the execution of the module. These methods and data are identified in order to place them in the address space that resides in the random access memory. The static loader is beneficial in a distributed computing environment having a client computer that has little or no secondary storage thereby requiring applications to run entirely in random access memory.