Symantec Patent Applications

DATA LOSS MONITORING OF PARTIAL DATA STREAMS

Granted: January 5, 2017
Application Number: 20170005893
A method for detecting loss of sensitive information in partial data streams may include identifying partial data streams containing segments lost while capturing network traffic at a network computing device, determining characteristics of content of the partial data streams, padding content portions of the lost segments in the partial data streams, and scanning the partial data streams for sensitive information according to at least one data loss prevention (DLP) policy.

TECHNIQUES FOR MANAGING PRIVACY OF A NETWORK COMMUNICATION

Granted: December 22, 2016
Application Number: 20160371508
Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and…

TECHNIQUES FOR DATA BACKUP AND RESTORATION

Granted: June 23, 2016
Application Number: 20160179631
Techniques for data backup and restoration are disclosed. In one embodiment, the techniques may be realized as a method including generating a first backup representing a database at a first time; after the first backup, generating a plurality of journal entries, each journal entry representing a change to the database made after the first time; and restoring the database from the first backup and the plurality of journal entries, the restored database including the changes represented…

SEAMLESS AUTHENTICATION MECHANISM FOR USER PROCESSES AND WEB SERVICES RESIDING ON COMMON HOST

Granted: December 3, 2015
Application Number: 20150350195
Techniques are presented herein for authenticating local process to a web service, both executing on a common host computer server. The local process may present a self-signed certificate to the web service. In response, the web service may identify a file system directory on the first computer server containing a file storing the self-signed certificate. If the subject information identifying the owner of the process matches file system metadata indicating an owner of the file, then the…

AUTOMATED STEP-UP DIGITAL CERTIFICATE INSTALLATION PROCESS

Granted: November 26, 2015
Application Number: 20150341342
Techniques are disclosed for rapidly securing a server in response to request for a high-assurance digital certificate. As described, a CA may issue a basic tier certificate after performing a verification process to confirm that a party requesting a certificate for a given network domain, in fact, has control of that domain. Once issued and provisioned on the server, the server can establish secure connections with clients. At the same time, the CA continues to perform progressive…

DISCOVERY AND CLASSIFICATION OF ENTERPRISE ASSETS VIA HOST CHARACTERISTICS

Granted: October 29, 2015
Application Number: 20150310215
Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once classified, a monitoring system may use the assigned classifications to…

TRANSMITTING ENCODED DIGITAL CERTIFICATE DATA TO CERTIFICATE AUTHORITY USING MOBILE DEVICE

Granted: October 22, 2015
Application Number: 20150304309
Techniques are disclosed for managing a digital certificate enrollment process. A certificate assistant on a server is configured to encode certificate enrollment data in a barcode graphic, such as a quick response (QR) code. A mobile phone application can then scan the barcode graphic using a camera to recover and transmit the enrollment data to a certificate authority. Doing so allows a system administrator (or other user) to complete the certificate enrollment process in cases where…

SYSTEMS AND METHODS FOR IDENTIFYING A SOURCE OF A SUSPECT EVENT

Granted: October 1, 2015
Application Number: 20150278518
A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process.

SYSTEM TO IDENTIFY MACHINES INFECTED BY MALWARE APPLYING LINGUISTIC ANALYSIS TO NETWORK REQUESTS FROM ENDPOINTS

Granted: October 1, 2015
Application Number: 20150281257
A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal…

SYSTEMS AND METHODS FOR IDENTIFYING ACCESS RATE BOUNDARIES OF WORKLOADS

Granted: September 24, 2015
Application Number: 20150269067
A computer-implemented method for identifying access rate boundaries of workloads may include (1) tracking the number of times each region of data within a plurality of regions of data is accessed during a period of time, (2) creating an ordered list of each region of data from the plurality of regions of data, (3) calculating one or more drops in access rates between two or more regions of data in the ordered list, (4) determining that a calculated access-rate drop from a first region…

SYSTEMS AND METHODS FOR INCREASING COMPLIANCE WITH DATA LOSS PREVENTION POLICIES

Granted: September 24, 2015
Application Number: 20150269386
A computer-implemented method for increasing compliance with data loss prevention policies may include (1) identifying a file that is subject to a data loss prevention policy, (2) determining a classification of the file according to the data loss prevention policy, (3) identifying a graphical user interface that is configured to display a representation of the file, and (4) enhancing the representation of the file within the graphical user interface with a visual indication of the…

SYSTEMS AND METHODS FOR MANAGING SECURITY CERTIFICATES THROUGH EMAIL

Granted: September 24, 2015
Application Number: 20150271122
The disclosed computer-implemented method for managing security certificates through email may include (1) receiving an encrypted email that contains both identifying information that identifies a security certificate for authenticating a website and a management command relating to the security certificate, (2) determining whether authentication of the encrypted email succeeded such that the management command is authorized, and (3) when a determination is made that authentication of…

SYSTEMS AND METHODS FOR SMART CIPHER SELECTION

Granted: September 24, 2015
Application Number: 20150271145
A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a…

SYSTEMS AND METHODS FOR DISCOVERING WEBSITE CERTIFICATE INFORMATION

Granted: September 24, 2015
Application Number: 20150271171
The disclosed computer-implemented method for discovering website certificate information may include (1) receiving, from a plurality of computing devices within a community of users, information that identifies the certificate statuses of websites visited by the computing devices, (2) identifying, by analyzing the information, at least one issue with the certificate status of at least one website visited by at least one of the computing devices, and (3) performing at least one remedial…

SYSTEMS AND METHODS FOR PROVIDING TARGETED DATA LOSS PREVENTION ON UNMANAGED COMPUTING DEVICES

Granted: September 24, 2015
Application Number: 20150271207
A computer-implemented method for providing targeted data loss prevention on unmanaged computing devices may include (1) identifying a data loss prevention policy that defines permissible data handling within set bounds to prevent unauthorized data exfiltration from the set bounds, (2) identifying an application to install on at least one unmanaged endpoint device, where (i) the unmanaged endpoint device lacks a data loss prevention agent configured to apply the data loss prevention…

SYSTEMS AND METHODS FOR DETECTING INFORMATION LEAKAGE BY AN ORGANIZATIONAL INSIDER

Granted: September 17, 2015
Application Number: 20150261940
A computer-implemented method for detecting information leakage by an organizational insider may include (1) identifying a set of organizational insiders of an organization, (2) identifying a set of public forums used by one or more organizational insiders, (3) identifying a set of messages posted to one or more public forums, (4) creating a message record corresponding to each message, with the record including a message summary, and a set of message metadata fields, (5) consolidating…

SYSTEMS AND METHODS FOR PRE-INSTALLATION DETECTION OF MALWARE ON MOBILE DEVICES

Granted: September 17, 2015
Application Number: 20150261954
A computer-implemented method for pre-installation detection of malware on mobile devices may include intercepting one or more communications of an application installation agent that installs applications on a mobile computing device. The method may further include identifying, based on the one or more intercepted communications, an application that has been at least partially downloaded by the application installation agent. The method may also include, in response to identifying the…

SYSTEMS AND METHODS FOR PROTECTING ORGANIZATIONS AGAINST SPEAR PHISHING ATTACKS

Granted: September 17, 2015
Application Number: 20150264084
A computer-implemented method for protecting organizations against spear phishing attacks may include (1) searching a plurality of websites for user profiles belonging users who are affiliated with an organization and who have access to at least one privileged computing resource controlled by the organization, (2) retrieving, from the user profiles, personal information describing the users, (3) determining, based on the personal information, that a portion of the user profiles belongs…

SYSTEMS AND METHODS FOR PROVIDING SECURE ACCESS TO LOCAL NETWORK DEVICES

Granted: September 3, 2015
Application Number: 20150249645
A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the…

SPLITTING CERTIFICATE STATUS RESPONSES EVENLY ACROSS MULTIPLE DISTRIBUTED CERTIFICATE STATUS RESPONDERS

Granted: August 27, 2015
Application Number: 20150244533
Techniques are disclosed for evenly distributing certificate status validity messages across multiple response servers. A certificate authority (CA) may partition subsets of online certificate status protocol (OCSP) responses to each be handled by OCSP response servers. The partitions are based on serial numbers of the underlying digital certificates of the OCSP responses. For example, to determine which OCSP response server is assigned to distribute a particular OCSP response, a modulo…