Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.

Abstract: Systems, methods, and computer-readable for defining host functionalities in a computing environment include obtaining two or more snapshots comprising information pertaining to two or more processes executing in two or more hosts, the two or more snapshots being obtained at two or more points in time from the two or more hosts. One or more long-running processes amongst the two or more processes are identified based on one or more criteria associated with long-running processes. One or more priorities associated with the one or more long-running processes and used for defining functionalities for at least a subset of the two or more hosts, where high priorities are assigned to long-running processes, such as web server or database server processes, which are unique to at least the subset of the two or more hosts. Resources may be provisioned based on these host functionalities.

Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.

Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.

Abstract: Systems, methods, and computer-readable for defining host functionalities in a computing environment include obtaining two or more snapshots comprising information pertaining to two or more processes executing in two or more hosts, the two or more snapshots being obtained at two or more points in time from the two or more hosts. One or more long-running processes amongst the two or more processes are identified based on one or more criteria associated with long-running processes. One or more priorities associated with the one or more long-running processes and used for defining functionalities for at least a subset of the two or more hosts, where high priorities are assigned to long-running processes, such as web server or database server processes, which are unique to at least the subset of the two or more hosts. Resources may be provisioned based on these host functionalities.

Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.