In one embodiment, a system for managing a virtualization environment includes a set of host machines, each of which includes a hypervisor, virtual machines, and a virtual machine controller, and a data migration system configured to identify one or more existing storage items stored at one or more existing File Server Virtual Machines (FSVMs) of an existing virtualized file server (VFS). For each of the existing storage items, the data migration system is configured to identify a new FSVMs of a new VFS based on the existing FSVM, send a representation of the storage item from the existing FSVM to the new FSVM, such that representations of storage items are sent between different pairs of FSVMs in parallel, and store a new storage item at the new FSVM, such that the new storage item is based on the representation of the existing storage item received by the new FSVM.

Systems and methods for authenticating identification information are disclosed. For example, a system may include an Automated Teller Machine (ATM). An ATM may comprise a user interface. The user interface may comprise a joystick. The user interface may be configured to receive joystick input from a user. The ATM may comprise at least one memory storing instructions. The ATM may comprise at least one processor configured to execute the instructions to perform operations. The operations may comprise receiving identification information from the user. The operations may comprise receiving the joystick input. The operations may comprise extracting a joystick sequence from the joystick input. When the joystick sequence is within a predetermined threshold from a stored joystick sequence corresponding to the identification information, the operations may comprise authenticating the user for an ATM operation.

Apparatuses and methods related to logging failed authentication attempts. Failed authentication attempts can be logged in the circuitry by degrading the circuitry. The degradation can signal a fail authentication attempt while an amount of the degradation can represent a timing of the error.

Some embodiments use text and/or image processing methods to determine whether a user of an electronic messaging platform is subject to an online threat such as cyberbullying, sexual grooming, and identity theft, among others. In some embodiments, a text content of electronic messages is automatically harvested and aggregated into conversations. Conversation data are then analyzed to extract various threat indicators. A result of a text analysis may be combined with a result of an analysis of an image transmitted as part of the respective conversation. When a threat is detected, some embodiments automatically send a notification to a third party (e.g., parent, teacher, etc.)

Systems and methods are disclosed for event-based application control. A system extension is configured to leverage an endpoint security API for monitoring event activity within operating system kernel processes. The system extension registers with the endpoint security API particular event types for which the system extension would like to receive notifications. In response to receiving notifications regarding detected events corresponding to the registered event types, the system extension determines if the event, and its corresponding process, are safe and allowable to execute. In various embodiments, the system leverages whitelists, blacklists, and rules policies for making a safeness determination regarding the event notification. The system extension transmits this determination to the operating system via the endpoint security API.

A computerized system for complying with critical infrastructure protection (“CIP”) standards concerning system configuration changes. The system can be used to automatically identify and track changes to computers on the network, improving system security and CIP compliance reporting. In certain embodiments, the system collects system information on servers and workstations using built-in commands. The configuration profiles of these computers/devices can be archived for audit purposes.

A method and system for initiating message listening and routing message content to authorized user devices is disclosed. For a second user device to receive notifications regarding records of a first user, the second user device provides information identifying the first user to a notification service. The notification service verifies the identifying information. The notification service initiates one or more listeners to listen for messages flowing over a messaging bus that are relating to the first user. Once a message is identified, at least a portion of the message is used to generate a notification that may be sent to the second user device.

Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.

A multi-endpoint event graph is used to detect malware based on malicious software moving through a network.

In one embodiment, a system for managing communication connections in a virtualization environment includes a plurality of host machines implementing a virtualization environment, wherein each of the host machines includes a hypervisor, at least one user virtual machine (user VM), and a distributed file server that includes file server virtual machines (FSVMs) and associated local storage devices. Each FSVM and associated local storage device are local to a corresponding one of the host machines, and the FSVMs conduct I/O transactions with their associated local storage devices based on I/O requests received from the user VMs. Each of the user VMs on each host machine sends each of its respective I/O requests to an FSVM that is selected by one or more of the FSVMs for each I/O request based on a lookup table that maps a storage item referenced by the I/O request to the selected one of the FSVMs.