Abstract: In one embodiment, a device includes a memory to store a first public key indicating security ownership of the device by a first owner, an interface to receive a signature of an intermediate public key signed by a first owner signing service with a first private key, and processing circuitry to load the intermediate public key in the memory, responsively to authenticating the signature, and remove the first public key from the memory, and wherein the interface is to receive a second public key and a signature of the second public key signed by a second owner signing service with an intermediate private key, the processing circuitry is to load a second public key in the memory indicating ownership has been transferred to the second owner responsively to authenticating the signature of the second public key with the intermediate public key, and remove the intermediate public key from the memory.

Abstract: A secure processing engine and method configured to protect a computing system are provided. The system includes a first processor configured to provide real-time protection to at least processes executed over the main processor of the protected computing system; and a direct memory access (DMA) configured to provide an access to a main memory of the main processor, wherein the first processor is coupled to the DMA and further configured to monitor the at least processes by accessing the main memory via the DMA; wherein the first processor operates in an execution environment in complete isolation from an execution environment of the main processor.

Abstract: A secure processing engine and method configured to protect a computing system are provided. The system includes a first processor configured to provide real-time protection to at least processes executed over the main processor of the protected computing system; and a direct memory access (DMA) configured to provide an access to a main memory of the main processor, wherein the first processor is coupled to the DMA and further configured to monitor the at least processes by accessing the main memory via the DMA; wherein the first processor operates in an execution environment in complete isolation from an execution environment of the main processor.

Abstract: A sanitization circuit for sanitizing and authenticating a semiconductor device and method thereof are provided. The sanitization circuit is integrated in the semiconductor device and includes a memory verification module configured to verify any pre-programmed memory integrated in the semiconductor device; a memory eraser module configured to erase data stored in at least volatile memory accessed by the semiconductor device; and an implanted circuitry detection module configured to detect any unintended circuitry added to the semiconductor device.

Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.

Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

Abstract: Architecture that addresses security concerns while still providing transparent user experience with ability to perform tasks. When a user machine is considered incompliant or compromised due to, for example, a suspected infection, the user machine can be blocked from further access to a network or other computing hosts until the incompliance is resolved. A notification is presented that indicates the nature of the problem, and a way to access an automatically configured isolated environment via which to continue working. The user can be automatically routed to use the alternative isolated environment for temporary access to network resources. Once the user finishes activities in the isolated environment, the system hosting the isolated environment is reverted back to a known good state.

Abstract: Architecture that provides model-based systems management in virtualized and non-virtualized environments. A security component provides security models which define security requirements for services. A management component applies one or more of the security models during the lifecycle of virtual machines and services. The lifecycle can include initial deployment, expansion, moving servers, monitoring, and reporting. The architecture creates a formal description model of how a virtual machine or a service (composition of multiple virtual machines) is secured. The security requirements information can also be fed back to the general management system which uses this information in its own activities such as to guide the placement of workloads on servers can be security related.

Abstract: Methods, systems, and computer-readable media are disclosed for selecting a set of security offerings. A particular method includes receiving a security need profile associated with a computing environment and receiving security offering information related to a plurality of security offerings. The security offerings of the plurality of security offerings are evaluated with respect to the security need profile. A set of security offerings from the plurality of security offerings are automatically selected.

Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.

Abstract: In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.

Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

Abstract: A client device transmits requests via a gateway to a server in a network environment. The requests indicate specific portions of a file on a server to be transmitted as part of the download process. The gateway receives into its memory the requested portions of the file and assembles the received portions into an assembly file. The gateway continuously scans the largest contiguous sequence of the portions in the assembly file for viruses while the requested portions of the file are being received and become available before feeding the received portions to the client computer. By scanning the largest consecutive sequence while new portions become available, the time to complete the scan is reduced thereby increasing the throughput of the gateway.

Abstract: Architecture that addresses security concerns while still providing transparent user experience with ability to perform tasks. When a user machine is considered incompliant or compromised due to, for example, a suspected infection, the user machine can be blocked from further access to a network or other computing hosts until the incompliance is resolved. A notification is presented that indicates the nature of the problem, and a way to access an automatically configured isolated environment via which to continue working. The user can be automatically routed to use the alternative isolated environment for temporary access to network resources. Once the user finishes activities in the isolated environment, the system hosting the isolated environment is reverted back to a known good state.

Abstract: A system for executing a virtual application may use a virtualized operating system to execute an application. The application may be delivered to a host device through streaming, either to a streaming client in the virtual operating system or as a package that may include the virtualized operating system. The virtualized operating system may have a user interface connection to a host operating system to make the virtual application appear as a native application in the host operating system.

Abstract: Architecture that provides model-based systems management in virtualized and non-virtualized environments. A security component provides security models which define security requirements for services. A management component applies one or more of the security models during the lifecycle of virtual machines and services. The lifecycle can include initial deployment, expansion, moving servers, monitoring, and reporting. The architecture creates a formal description model of how a virtual machine or a service (composition of multiple virtual machines) is secured. The security requirements information can also be fed back to the general management system which uses this information in its own activities such as to guide the placement of workloads on servers can be security related.

Abstract: In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.

Abstract: Methods, systems, and computer-readable media are disclosed for selecting a set of security offerings. A particular method includes receiving a security need profile associated with a computing environment and receiving security offering information related to a plurality of security offerings. The security offerings of the plurality of security offerings are evaluated with respect to the security need profile. A set of security offerings from the plurality of security offerings are automatically selected.

Abstract: A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs.