688 results about "Remedial action" patented technology

Techniques described herein enable virtualizing a processor into one or more virtual machines and suspending an operating system of one of the virtual machines from outside of the operating system environment. Once suspended, these techniques capture a snapshot of the virtual machine to determine a presence of malware. This snapshot may also be used to determine whether an unauthorized change has occurred within contents of the virtual machine. Remedial action may occur responsive to determining a presence of malware or an unauthorized change.

A computer includes a virtual machine controlled by a hypervisor. The virtual machine runs a virtualized operating system with running processes. A security initialization module sets the state in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a process making a system call in the virtualized operating system. Responsive to execution being passed from the virtual machine to the hypervisor, a security module analyzes the process making the system call to determine whether it poses a security threat. If a security threat is found, the security module takes remedial action to address the threat.

Systems and methods for measuring access risk associated with an enterprise having at least one resource accessible by at least one user with at least one entitlement to access the resource. Some embodiments implement a method of identifying the resources, users, and entitlements and associating access risk scores with the entitlements. The method can include combining the access risk scores associated with each user to form composite access risks scores and outputting the composite access risk scores. In some embodiments, the user with the highest composite access risk score can be identified and remedial action taken. The highest access risk user of some embodiments may be a department, a division, a subsidiary, or an organization. The method can occur in real time and an administrator can be alerted to changes in entitlements. Access risk scores can be adjusted for compensating controls and personal factors and attributes of the users.

A page list comprising a list of transitions between network resources is established. Subsequently, a transition is detected between a first network resource and a second network resource. An expected security level associated with the transition is identified based on the page list. Responsive to the detected security level being determined to be lower than the expected security level, a remedial action is performed.

A method for managing policy in a service-oriented architecture includes intercepting a communication representing a transaction between a client and a service along a network, interpreting the communication to determine details of the transaction, determining if the transaction complies with policy based on the details of the transaction and remediating where the transaction is determined to not comply with the policy.

The solution of the present application provides many types and forms of resources, such as products or services, to an environment of heterogeneous devices. An agent and centralized service may communicate to deliver an optimum package of resources to a device. Each device may include an agent that collects information important to determining the appropriate resources for the device and understanding the environment the devices are contributing to. The information may be stored and analyzed in a cross device knowledge base, and the knowledge base may be consulted to determine resources appropriate for devices. The agent and centralized service may engage in pro-active alerting and provisioning of services, based on any collected information, to minimize the burden of resource procurement on the customer. After delivery of resources, the agent and centralized service may also perform updating, repairing, and healing functions for the resources. Resources may be aggregated into a cohesive platform to be combined and delivered in an optimum manner, and resources may also be maintained and monitored to ensure their quality via escalation or remedial action. Devices may be connected to the resources through intelligent routing.

A system and method are provided for detecting extension attacks made to a communication enterprise, and taking appropriate remedial action to prevent ongoing attacks and future attacks. One or more attributes of a suspect call are analyzed, and a risk is associated with each analyzed attribute. An overall risk or assessment is then made of the analyzed attributes, attack attributes are logged, and one or more remedial actions may be triggered as a result of the analyzed call attributes. The remedial actions may include recording the call, notifying an administrator of a suspect call, or isolating the communication enterprise from the attack by terminating the call or shutting down selected communication endpoints to prevent calls being made to those extensions. Rules may be applied to the analyzed attributes in order to trigger the appropriate remedial action. The call attributes analyzed may include call destination, call direction, call type, time of day of the call, call duration, whether a call source is spoofed, call volume from a particular call source, and hash values created for a suspect media stream.

Generally speaking, systems, methods and media for management of grid computing resources based on service level requirements are disclosed. Embodiments of a method for scheduling a task on a grid computing system may include updating a job model by determining currently requested tasks and projecting future task submissions and updating a resource model by determining currently available resources and projecting future resource availability. The method may also include updating a financial model based on the job model, resource model, and one or more service level requirements of an SLA associated with the task, where the financial model includes an indication of costs of a task based on the service level requirements. The method may also include scheduling performance of the task based on the updated financial model and determining whether the scheduled performance satisfies the service level requirements of the task and, if not, performing a remedial action.

An enterprise vulnerability management application (EVMA), enterprise vulnerability management process (EVMP) and system. In one embodiment, the EVMP may include executing computer software code on at least one computer hardware platform to receive login information from a user, inventory current information technology assets of the enterprise, conduct vulnerability scanning of the inventoried information technology assets, analyze vulnerability correlation and prioritization of the information technology assets, remediate one or more vulnerabilities of the information technology assets, and report to the user about the vulnerabilities and remediation undertaken. As part of the analysis, one or more vulnerability scores such as, for example, Common Vulnerability Scoring System (CVSS) scores, may be generated from base score metrics, temporal score metrics and environment score metrics.

In embodiments of the present invention improved capabilities are described for the steps of identifying, through a monitoring module of a security software component, a data extraction behavior of a software application attempting to extract data from an endpoint computing facility; and in response to a finding that the data extraction behavior is related to extracting sensitive information and that the behavior is a suspicious behavior, causing the endpoint to perform a remedial action. The security software component may be a computer security software program, a sensitive information compliance software program, and the like.

An early-warning security system for monitoring and tracking in real-time or at least in near-real-time the activities and movements associated with prescribed personnel, personal property, mobile vehicles, and buildings. The system comprises a plurality of in situ local controllers having a microprocessor and a coordinated plurality of conspicuous and clandestine digital video cameras for continuously producing digital audio and visual signals, uplinking such signals via a suitable wireless telecommunications device to a satellite, general packet radio service, the Internet, intranet or extranet, and then downlinking these signals to a plurality of control centers for recording and analysis thereof. Uplinking of these digital signals may occur continuously or may be activated by a manual or predefined trigger event. Preventive or remedial action is immediately taken when perturbations from normal behavior or activities are observed in the recorded audio and visual signals.

Systems and methods for detecting malware in a selected computer that is part of a network of computers. The approach includes inspecting a predetermined set of operational attributes of the selected computer to detect a change in a state of the selected computer. In response to a detected change in state, the selected computer is scanned to create a snapshot of the overall state of the selected computer. The snapshot is transmitted to an analytic system wherein it is compared with an aggregated collection of snapshots previously respectively received from a plurality of computers in the computer network. Based on the comparison, anomalous state of the selected computer can be identified. In turn, a probe of the selected computer is launched to gather additional information related to the anomalous state of the selected computer so that a remediation action for the anomalous state of the selected computer can be generated.

A building monitoring computer system for monitoring building integrity may be provided. Various types of sensors may be embedded throughout or within certain portions of different types of building or construction material making up the building, such as within roofing, foundation, or structural materials. The sensors may be in wireless communication with a home controller. The sensors may be water, moisture, temperature, vibration, or other types of sensors, and may detect unexpected or abnormal conditions within the home. The sensors and/or home controller may transmit alerts to a mobile device of the home owner associated with the unexpected condition, and/or that remedial actions may be required to repair the home or mitigate further damage to the home. The sensor data may also be communicated to an insurance provider remote server to facilitate the insurance provider communicating insurance-related recommendations, updating insurance policies, or preparing insurance claims for review for home owners.

Once a potential bottleneck is identified, the system provides a methodology for locating the bottleneck. The methodology involves checking in order each of the application, transport and network layers of a sender and receiver nodes for performance problems. Conditions are defined for each of the layers at the sender and receiver nodes that are indicative of a particular type of bottleneck. When the conditions are met in any one of the layers, the system can be configured to stop the checking process and output a message indicating the presence of a bottleneck in the layer and its location. In addition, the system can be configured to generate and output a remedial action for eliminating the bottleneck. The system can be configured to perform the action automatically or after receiving a confirmation from the user.