A system measures, by executing a monitoring process, first metric data associated with trade data at a first time point after the trade data is output by a first process of an application and before the trade data is input to a second process of the application, identifies the trade data at a second time point after the trade data is output by the second process and before the trade data is output by the application, measures second metric data associated with the trade data identified at the second time point, and sends, in response to a latency value obtained based on the first metric data or the second metric data exceeding a latency threshold, a latency alert to a user computing device associated with the application. The monitoring process is not a process of the application and is not linked with the first process or the second process.

A computer-implemented method, according to one embodiment, includes: receiving, at a clustered filesystem from a formatted filesystem, a request to perform a data integrity check for a portion of data. A determination is made as to whether the request includes a filesystem type of the portion of data, and in response to determining that the request includes a filesystem type of the portion of data, another determination is made as to whether the clustered filesystem supports the data integrity check for the filesystem type. In response to determining the clustered filesystem supports the data integrity check, another determination is made as to whether the portion of data is currently available. Furthermore, the computer-implemented method includes causing the data integrity check to be performed in response to determining that the portion of data is currently available. Results of performing the data integrity check are also sent to the formatted filesystem.

A method, system and product for detecting firmware vulnerabilities, including, during a testing phase of a firmware of a device, continuously polling states and activities of the device, wherein said polling is at a testing agent that is functionality separate from the firmware; correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; based on said correlating, determining for the firmware one or more normal events and one or more abnormal events; and after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events.

Virtual servers are monitored in real-time. A group of virtual servers from virtual server events occurring within a time window is identified by a computer system in real-time. A metric is determined for the group of virtual servers by the computer system in real-time using the virtual server events occurring within the time window for the group of virtual servers. A set of actions is performed by the computer system using the metric.

A method is disclosed. The method comprises analyzing, using a processing apparatus, event log entries of a plurality of devices, the plurality of devices forming part of a group of devices sharing a common attribute, wherein event log entries of a device relate to events that have taken place during a first period of interest in respect of that device. The method also comprises determining, using the processing apparatus, for a given device in the group of devices, based on the analysis of event log entries, a predicted entry that is expected to appear in the event log of the given device during the first period of interest. An apparatus and a machine-readable medium are also disclosed.

A key-value engine of a storage system may perform a restart recovery after a system failure. The key-value engine may read a metadata log to locate a latest system checkpoint, and load a page mapping table from the latest system checkpoint. The key-value engine may replay to apply changes to the page mapping table from a system transaction log starting from a system transaction replay starting point. The key-value engine may further form one or more read-only replicas using an underlying file stream opened in a read-only mode during the recovery after the system failure to further facilitate fast recovery and provide fast response to user transactions that conduct read only transactions after the system failure.

Aspects of the disclosure relate to the field of detecting a behavioral anomaly in an application. In one exemplary aspect, a method may comprise retrieving and identifying at least one key metric from historical usage information for an application on a computing device. The method may comprise generating a regression model configured to predict usage behavior associated with the application and generating a statistical model configured to identify outliers in the data associated with the at least one key metric. The method may comprise receiving usage information in real-time for the application. The method may comprise predicting, using the regression model, a usage pattern for the application indicating expected values of the at least one key metric. In response to determining that the usage information does not correspond to the predicted usage pattern and does not comprise a known outlier, the method may comprise detecting the behavioral anomaly.

A computing system is provided. The computing system includes a server having one or more processors configured to receive from a user computing device run-time telemetry data, the run-time telemetry data being recorded during execution of a target program of a plurality of programs by the user computing device and being indicative of communication between the user computing device and a user input device. The one or more processors are further configured to determine a performance metric based on the run-time telemetry data, determine an updated driver parameter for the target program based on the determined performance metric, send the updated driver parameter to the user computing device, and apply the updated driver parameter for use during a subsequent execution of the target program.

Computing clusters can be automatically configured according to some aspects described herein. For example, a system can receive configuration datasets from instantiated objects in a management cluster. The configuration datasets can be for configuring target objects in managed clusters, where the managed clusters are separate from the management cluster. The system can then configure the target objects within each of the managed clusters based on the configuration datasets.

A system includes: a distributed computing subsystem to execute an adjustable number of instances of a request handling process; and a scaling control subsystem connected with the distributed computing subsystem to: allocate received requests among the instances of the request handling process; receive respective self-perceived load indicators from each of the instances of the request handling process; generate, based on the self-perceived load indicators, a total load indicator of the distributed computing subsystem; and compare the total load indicator to a threshold to select an adjustment action; and instruct the distributed computing subsystem to adjust the number of instances of the request handling process, according to the selected adjustment action.