ENFORCING POLICY-BASED COMPLIANCE OF VIRTUAL MACHINE IMAGE CONFIGURATIONS
Granted: September 18, 2014
Application Number:
20140282518
Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security…
Providing Local Cache Coherency in a Shared Storage Environment
Granted: September 18, 2014
Application Number:
20140281273
Multiple nodes of a cluster have associated non-shared, local caches, used to cache shared storage content. Each local cache is accessible only to the node with which it is associated, whereas the cluster-level shared storage is accessible by any of the nodes. Attempts to access the shared storage by the nodes of the cluster are monitored. Information is tracked concerning the current statuses of the local caches of the nodes of the cluster. Current tracked local cache status information…
SYSTEMS AND METHODS FOR DISTRIBUTING REPLICATION TASKS WITHIN COMPUTING CLUSTERS
Granted: September 18, 2014
Application Number:
20140279884
A computer-implemented method for distributing replication tasks within computing clusters may include (1) identifying a primary volume that is replicated to a secondary volume, (2) identifying a computing cluster with access to the primary volume that includes at least a first node and a second node, (3) receiving a request to write data to the primary volume, (4) logging, via the first node, the request to write the data to the primary volume to a replication log, and (5) using the…
DEDUPLICATION STORAGE SYSTEM WITH EFFICIENT REFERENCE UPDATING AND SPACE RECLAMATION
Granted: August 28, 2014
Application Number:
20140244599
A deduplication storage system and associated methods are described. The deduplication storage system may split data objects into segments and store the segments. A plurality of data segment containers may be maintained. Each of the containers may include two or more of the data segments. Maintaining the containers may include maintaining a respective logical size of each container. In response to detecting that the logical size of a particular container has fallen below a threshold…
METHOD AND TECHNIQUE FOR APPLICATION AND DEVICE CONTROL IN A VIRTUALIZED ENVIRONMENT
Granted: August 21, 2014
Application Number:
20140237537
A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a source associated with a file open or create event. The source is at least one of an application or a device being used by a guest virtual machine (GVM). The DLP manager enforces a first response rule associated with the GVM when the source is a non-approved source per a source control policy. The DLP manager enforces a…
METHOD AND DEVICE FOR PREVENTING DOMAIN NAME SYSTEM SPOOFING
Granted: July 24, 2014
Application Number:
20140208423
A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters…
SECURE AND SCALABLE DETECTION OF PRESELECTED DATA EMBEDDED IN ELECTRONICALLY TRANSMITTED MESSAGES
Granted: July 24, 2014
Application Number:
20140208421
A method and apparatus for detecting preselected data embedded in electronically transmitted messages is described. In one embodiment, the method comprises monitoring messages electronically transmitted over a network for embedded preselected data and performing content searches on the messages to detect the presence of the embedded preselected data using an abstract data structure derived from the preselected data.
SYSTEMS AND METHODS FOR PROVIDING ACCESS TO DATA ACCOUNTS WITHIN USER PROFILES VIA CLOUD-BASED STORAGE SERVICES
Granted: July 17, 2014
Application Number:
20140201824
A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a…
Classifying Samples Using Clustering
Granted: July 17, 2014
Application Number:
20140201208
An unlabeled sample is classified using clustering. A set of samples containing labeled and unlabeled samples is established. Values of features are gathered from the samples contained in the datasets and a subset of features are selected. The labeled and unlabeled samples are clustered together based on similarity of the gathered values for the selected subset of features to produce a set of clusters, each cluster having a subset of samples from the set of samples. The selecting and…
METHODS AND SYSTEMS FOR INSTANT RESTORE OF SYSTEM VOLUME
Granted: July 10, 2014
Application Number:
20140195848
Techniques are disclosed for restoring a system volume on a computing system without requiring the system volume to be fully restored prior to being used or requiring the use of a dedicated recovery environment (e.g., the WinPE or BartPE environments). Instead, the computing system is booted directly from the restore image or by redirecting I/O interrupts to the restore image. That is, when user initiates a restore process, the system boots from the backup itself. Once booted, a…
METHODS AND SYSTEMS FOR INSTANT RESTORE OF SYSTEM VOLUME
Granted: July 10, 2014
Application Number:
20140195791
Techniques are disclosed for restoring a system volume on a computing system without requiring the system volume to be fully restored prior to being used or requiring the use of a dedicated recovery environment (e.g., the WinPE or BartPE environments). Instead, the computing system is booted directly from the restore image or by redirecting I/O interrupts to the restore image. That is, when user initiates a restore process, the system boots from the backup itself. Once booted, a…
SYSTEM AND METHOD FOR VULNERABILITY RISK ANALYSIS
Granted: July 3, 2014
Application Number:
20140189873
Embodiments of the present invention are directed to a method and system for automated risk analysis. The method includes accessing host configuration information of a host and querying a vulnerability database based on the host configuration information. The method further includes receiving a list of vulnerabilities and accessing a plurality of vulnerability scores. The list of vulnerabilities corresponds to vulnerabilities of the host. Vulnerabilities can be removed from the list…
SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS
Granted: July 3, 2014
Application Number:
20140189784
A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting,…
IDENTIFYING PRIMARILY MONOSEMOUS KEYWORDS TO INCLUDE IN KEYWORD LISTS FOR DETECTION OF DOMAIN-SPECIFIC LANGUAGE
Granted: June 26, 2014
Application Number:
20140181983
Techniques are described for generating a monosemous (i.e., single sense) keyword list associated with a particular domain (e.g., a medical or financial domain) for document classification. An input term frequency dictionary, a candidate keyword list, and a document corpus may be used to generate the keyword list. A collection of documents is divided into two sets, one related to a target domain and one not. A statistical approach may be used to evaluate each term in the candidate list…
Providing Optimized Quality of Service to Prioritized Virtual Machines and Applications Based on Quality of Shared Resources
Granted: June 19, 2014
Application Number:
20140173113
Quality of service is provided to prioritized VMs and applications, based on the varied quality of different shared computing resources. Each VM or application has an associated priority. A quality rating is dynamically assigned to each shared computing resource. Requests for shared computing resources made by specific VMs or applications are received. For each specific received request, the current priority of the requesting VM or application is identified. In response to each received…
USER INTERFACE AND WORKFLOW FOR PERFORMING MACHINE LEARNING
Granted: June 19, 2014
Application Number:
20140172760
A computing device receives a training data set that includes a plurality of positive examples of sensitive data and a plurality of negative examples of sensitive data. The computing device analyzes the training data set using machine learning to generate a machine learning-based detection (MLD) profile that can be used to classify new data as sensitive data or as non-sensitive data. The computing device computes a quality metric for the MLD profile.
METHODS AND SYSTEMS FOR SECURE STORAGE SEGMENTATION BASED ON SECURITY CONTEXT IN A VIRTUAL ENVIRONMENT
Granted: June 5, 2014
Application Number:
20140157363
A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does…
SYSTEMS AND METHODS FOR PERFORMING CUSTOMIZED LARGE-SCALE DATA ANALYTICS
Granted: June 5, 2014
Application Number:
20140156588
A computer-implemented method for performing customized large-scale data analytics may include (1) providing a logical-data-model user interface to enable modifying a logical data model of a relational multi-dimensional analytic database, (2) receiving, via the logical-data-model user interface, user input to modify the logical data model of the relational multi-dimensional analytic database, (3) modifying the logical data model of the relational multi-dimensional analytic database based…
SYSTEMS AND METHODS FOR ELIMINATING REDUNDANT SECURITY ANALYSES ON NETWORK DATA PACKETS
Granted: May 29, 2014
Application Number:
20140150081
A computer-implemented method for eliminating redundant security analyses on network data packets may include (1) intercepting, at a networking device, at least one network data packet destined for a target computing device, (2) identifying a security system installed on the target computing device, (3) determining that the security system installed on the target computing device does not satisfy a predefined security standard, and then (4) performing a security analysis that satisfies…
USING TELEMETRY TO REDUCE MALWARE DEFINITION PACKAGE SIZE
Granted: May 22, 2014
Application Number:
20140143869
Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware…
