Methods, systems and apparatus, e.g., non-transitory machine readable medium having stored thereon instructions, for providing a value indicating a judgment of whether a human or an autonomic computer application operating a client computer is interacting with a server, by operations comprising: receive data from the client computer including active data relating to interactions of the client computer with a website of the server and passive data of the client computer; analyze received data from the client computer for indication of a human operating the client computer, wherein the analyzing includes analyzing the received data in conjunction with model data based on human interactions from a prior session with the same website and developing a first analysis value; and provide a request for further data from the client computer when the first analysis value fails to meet the first analysis predetermined criteria.

A method for providing an automated response to user behavior comprising: receiving, by a computer system, data of user actions taken on a computer of the user, the computer of the user in communication with the computer system; analyzing the received data against the knowledge level of the user as determined by the computer system, and/or, the user's responses to simulations generated by the computer system, to determine a score for the user; and, in response to the score, making a behavior recommendation for the user and/or making a decision to take an action associated with the computer of the user.

A host Virtual Machine Monitor (VMM) operates “blindly,” without the host VMM having the ability to access data within a guest virtual machine (VM) or the ability to access directly control structures that control execution flow of the guest VM. Guest VMs execute within a protected region of memory (called a key domain) that even the host VMM cannot access. Virtualization data structures that pertain to the execution state (e.g., a Virtual Machine Control Structure (VMCS)) and memory mappings (e.g., Extended Page Tables (EPTs)) of the guest VM are also located in the protected memory region and are also encrypted with the key domain key. The host VMM and other guest VMs, which do not possess the key domain key for other key domains, cannot directly modify these control structures nor access the protected memory region. The host VMM, however, using VMPageIn and VMPageOut instructions, can build virtual machines in key domains and page VM pages in and out of key domains.

In some examples, a method for performing an out-of-band security inspection of a device comprises generating a snapshot of the state of the device, storing data representing the snapshot to a non-volatile storage of the device, and storing a hash of the snapshot in a device BIOS, transitioning the power state of the device, triggering boot of a trusted diskless operating system image, providing the data representing the snapshot and the hash of the snapshot to the trusted diskless operating system image, and executing a script selected on the basis of a trigger event and the hash of the snapshot to analyse at least a portion of the non-volatile storage of the device.

The present invention puts forward a personal electronic access permission (Figure B, 31) that can both check on the customer's identity (Figure A, step 2) and right to access an event/venue in one scanning event, and address the unwanted secondary market, still enabling a customer (Figure D, 5) to sell back an electronic access permission to the system (Figure D, I) in case the customer is not able to attend the event.

The present invention puts forward a personal electronic access permission (Figure B, 31) that can both check on the customer's identity (Figure A, step 2) and right to access an event/venue in one scanning event, and address the unwanted secondary market, still enabling a customer (Figure D, 5) to sell back an electronic access permission to the system (Figure D, I) in case the customer is not able to attend the event.

Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.

Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.

Systems and methods are provided for monitoring and logging all activity occurring in a system. The logged activity may include keystroke entries input into the system, user and/or application interactions with the system, access restriction conflicts, and the like. The logged activity may be stored in at least two datastores, at least one of which is an immutable, append-only datastore. Storage of the logged activity in the immutable, append-only datastore is performed using hash algorithms. Attempts at manipulating or at hiding malicious or unauthorized activity can be recognized due to all activity being captured in the immutable, append-only datastore.

Systems and methods are provided for monitoring and logging all activity occurring in a system. The logged activity may include keystroke entries input into the system, user and/or application interactions with the system, access restriction conflicts, and the like. The logged activity may be stored in at least two datastores, at least one of which is an immutable, append-only datastore. Storage of the logged activity in the immutable, append-only datastore is performed using hash algorithms. Attempts at manipulating or at hiding malicious or unauthorized activity can be recognized due to all activity being captured in the immutable, append-only datastore.