A computer-implemented method, computer program product and computing system for: obtaining hardware performance information concerning hardware deployed within a computing platform; obtaining platform performance information concerning the operation of the computing platform; obtaining application performance information concerning one or more applications deployed within the computing platform; and generating a holistic platform report concerning the computing platform based, at least in part, upon the hardware performance information, the platform performance information and the application performance information.

In some implementations, a method includes retrieving data from multiple sensors in a computing device, and the multiple sensors comprise different types of sensors. The sensor data is analyzed based on a predictive model, and the predictive model is trained to detect malware. Initiation of malware is determined based on the analysis. In response to the determination, the malware is terminated.

Embodiments of the present invention provide a system for providing enhanced cryptography based response mechanism for malicious attacks. The system is configured for generating one or more tracker seeds, storing the one or more tracker seeds in at least one entity system associated with an entity, identifying a malicious event associated with data in the at least one entity system, in response to identifying the malicious event, identifying an encryption algorithm key pair for the malicious event based on the one or more tracker seeds, and decrypting the data in the at least one entity system based on the encryption algorithm key pair.

Novel tools and techniques might provide for implementing Internet of Things (“IoT”) functionality, and, in particular embodiments, implementing added services for OBD2 connection for IoT-capable vehicles. In various embodiments, a portable device (when connected to an OBD2 DLC port of a vehicle) might monitor wireless communications between a vehicle computing system(s) and an external device(s), might monitor vehicle sensor data from vehicular sensors tracking operational conditions of the vehicle, and might monitor operator input sensor data from operator input sensors tracking input by a vehicle operator. The portable device (or a server) might analyze either the monitored wireless communications or a combination of the monitored vehicle sensor data and the monitored operator input sensor data, to determine whether vehicle operation has been compromised. If so, the portable device (or the server) might alert the operator of the vehicle via a user interface, and might initiate one or more remediation operations.

A network edge storage apparatus having a security feature is disclosed. A file selected from a network attached storage (NAS) device is encrypted by means of encryption software embedded in a development board, causing a user without an encryption key to fail to acquire the encrypted file from the NAS device; and/or even if a user without an encryption key can acquire the encrypted file from the NAS device by means of a local area network (LAN), the user still has no means of acquiring the specific content of the encrypted file, such that the security is improved. All files in the NAS device may be selected and encrypted to ensure that a user without an encryption key has no means of acquiring any file and the specific content thereof from the NAS device, which further improves the security.

Techniques are provided for detection of anomalous backup files using known anomalous file fingerprints (or other file-dependent values such as hash values, signatures and/or digest values). One method comprises obtaining first file-dependent values corresponding to respective known anomalous files; obtaining a second file-dependent value for a stored backup file; comparing the second file-dependent value to the first file-dependent values; and performing an automated remedial action in response to a result of the comparing. The second file-dependent value for the stored backup file may be determined by a backup server in response to a source file corresponding to the stored backup file being backed up by the backup server, and may be stored as part of metadata associated with the stored backup file.

A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

A method, apparatus and system for malware characterization includes receiving data identifying a presence of at least one anomaly of a respective portion of a processing function captured by at least one of each of at least two different sensor payloads and one sensor payload at two different times, determining a correlation between the at least two anomalies identified by the data captured by the at least one sensor payloads, and determining a presence of malware in the processing function based on the determined correlation. The method, apparatus and system can further include predicting an occurrence of at least one anomaly in the network based on at least one of current sensor payload data or previously observed and stored sensor payload data, recommending and/or initiating a remediation action and reporting a result of the malware characterization to a user.

The disclosed systems and methods are directed to a method for malicious software detection comprising: recognizing and extracting an EP section in an unrecognized PE file, collecting bytes in the EP section of the unrecognized PE file, converting the bytes to an array of integers, generating one or more n-grams from the array of integers, converting the one or more n-grams into b-MinHash, converting the bytes in an EP function included in the EP section to an array of assembly-based mnemonics; generating one or more n-grams from the array of assembly-based mnemonics and converting the one or more n-grams from the array of assembly-based mnemonics into a-MinHash, generating a similarity matrices, converting, the similarity matrices into a lower dimensionality code representation, and classifying the code as a PE benign or a malware file.

An information management system implements a method for securing a media agent from unauthorized access, where the method includes configuring a secondary storage computing device to initialize a filter driver at boot time and monitor process calls to a media agent, where the media agent provides read and write operations to a secondary storage device in communication with the secondary storage computing device. The filter driver may detect a process call to the media agent, and determine whether the process call is authorized. In response to a determination that the process call is authorized, the filter driver may allow the process call to request an operation be performed by the media agent, and the media agent may then perform the requested operation. If the filter driver determines that the process call is not authorized, the filter driver may ignore the process call for the requested operation.