公开(公告)号：US12132746B2

公开(公告)日：2024-10-29

申请号：US17825146

申请日：2022-05-26

申请人： Sophos Limited

发明人： Andrew J. Thomas ,  Mangal Rakesh Vankadaru ,  Prakash Kumar Talreja ,  Timothy Rayment ,  Biju Balakrishnan Nair

IPC分类号： H04L9/40 ,  G06F21/53 ,  G06F21/56

CPC分类号： H04L63/1408 ,  G06F21/53 ,  G06F21/567 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

摘要： A threat management facility receives data from a variety of sources such as compute instances within an enterprise network, cloud service providers supporting the enterprise network, and third-party data providers such as geolocation services. In order to facilitate prompt notification of potential risks, the threat management facility may incrementally update data for use in threat assessments as the data becomes available from these different sources, and create suitable alerts or notifications whenever the currently accumulated data provides an indication of threat meeting a predetermined threshold.

公开(公告)号：US12130923B2

公开(公告)日：2024-10-29

申请号：US17710127

申请日：2022-03-31

申请人： Sophos Limited

发明人： Younghoo Lee ,  Miklós Sándor Béky ,  Joshua Daniel Saxe

IPC分类号： G06F21/57 ,  G06F40/205 ,  G06F40/30 ,  G06N3/08 ,  G06F40/274

CPC分类号： G06F21/57 ,  G06F40/205 ,  G06F40/30 ,  G06N3/08 ,  G06F40/274 ,  G06F2221/034

摘要： In some embodiments, a processor receives natural language data for performing an identified cybersecurity task. The processor can provide the natural language data to a first machine learning (ML) model. The first ML model can automatically infer a template query based on the natural language data. The processor can receive user input indicating a finalized query and to provide the finalized query as input to a system configured to perform the identified computational task. The processor can provide the finalized query as a reference phrase to a second ML model, the second ML model configured to generate a set of natural language phrases similar to the reference phrase. The processor can generate supplemental training data using the set of natural language phrases similar to the reference phrase to augment training data used to improve performance of the first ML model and/or the second ML model.

公开(公告)号：US12111927B2

公开(公告)日：2024-10-08

申请号：US18359283

申请日：2023-07-26

申请人： Sophos Limited

发明人： Andrew J. Thomas

IPC分类号： G06F21/56 ,  G06F21/62 ,  H04L9/40

CPC分类号： G06F21/56 ,  G06F21/62 ,  H04L63/107 ,  H04L63/1408

摘要： In embodiments, a framework for an extensible, file-based security system is described for determining an appropriate application, application environment, and/or access or security control measure based at least in part on a file's reputation.

公开(公告)号：US20240311503A1

公开(公告)日：2024-09-19

申请号：US18673015

申请日：2024-05-23

申请人： Sophos Limited

发明人： Joseph H. Levy ,  Andrew J. Thomas ,  Daniel Salvatore Schiappa ,  Kenneth D. Ray

IPC分类号： G06F21/62 ,  G06F16/13 ,  G06F16/28 ,  G06F16/93 ,  G06F21/64 ,  G06N20/00 ,  H04L9/32 ,  H04L9/40 ,  H04L41/00 ,  H04L41/22

CPC分类号： G06F21/6218 ,  G06F16/137 ,  G06F16/285 ,  G06F16/93 ,  G06F21/64 ,  G06N20/00 ,  H04L9/3265 ,  H04L41/20 ,  H04L41/22 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/101 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205

摘要： A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.

公开(公告)号：US20240283849A1

公开(公告)日：2024-08-22

申请号：US18169475

申请日：2023-02-15

申请人： Sophos Limited

发明人： Anirban DEBNATH ,  Pramit DEY ,  Dhiraj JHA ,  Amulya Kumar MISHRA

IPC分类号： H04L67/55 ,  G06F9/448

CPC分类号： H04L67/55 ,  G06F9/448

摘要： In an embodiment, an apparatus includes one or more processors configured to receive at least one command line interface command, generate a push notification associated with the at least one command line interface command, send the push notification to at least one managed device, responsive to the at least one managed device receiving the push notification, receive a pull request from the at least one managed device, responsive to receiving the pull request, send the at least one command line interface command to a device-specific adaptor of the at least one managed device such that the device-specific adaptor converts the at least one command line interface command to a device-specific command associated with the at least one managed device, and receive an execution status from the at least one managed device in response to the device-specific command being executed by the at least one managed device.

公开(公告)号：US12039055B2

公开(公告)日：2024-07-16

申请号：US17491208

申请日：2021-09-30

申请人： SOPHOS LIMITED

发明人： Mehdi Karimibiuki ,  Craig Paradis

IPC分类号： G06F21/00 ,  G06F11/36 ,  G06F16/2457 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/28 ,  G06F21/57 ,  G06N7/02

CPC分类号： G06F21/577 ,  G06F11/3684 ,  G06F11/3688 ,  G06F16/24578 ,  G06F16/2468 ,  G06F16/248 ,  G06F16/285 ,  G06N7/02 ,  G06F2221/033

摘要： Various aspects related to methods, systems, and computer readable media for automatic fuzz testing. An example method of automatic software fuzz testing can include, receiving a description of a target software application, determining, based on the description, a type of fuzzing, identifying one or more fuzzers based on the type of fuzzing, executing the one or more fuzzers on the target software application, extracting prioritized results of the executing of the one or more fuzzers, and, presenting the prioritized results.

公开(公告)号：US12021831B2

公开(公告)日：2024-06-25

申请号：US15179547

申请日：2016-06-10

申请人： Sophos Limited

发明人： Andrew J. Thomas ,  Mark David Harris ,  Kenneth D Ray

IPC分类号： H04L9/00 ,  G06F21/52 ,  H04L9/40

CPC分类号： H04L63/02 ,  G06F21/52 ,  H04L63/10 ,  H04L63/145 ,  G06F2221/2133 ,  H04L63/20

摘要： A gateway or other network device may be configured to monitor endpoint behavior, and to request a verification of user presence at the endpoint under certain conditions suggesting, e.g., malware or other endpoint compromise. For example, when a network request is directed to a low-reputation or unknown network address, user presence may be verified to ensure that this action was initiated by a human user rather than automatically by malware or the like. User verification may be implicit, based on local behavior such as keyboard or mouse activity, or the user verification may be explicit, such as where a notification is presented on a display of the endpoint requesting user confirmation to proceed.

公开(公告)号：US12010129B2

公开(公告)日：2024-06-11

申请号：US17239128

申请日：2021-04-23

申请人： Sophos Limited

发明人： Tamás Vörös ,  Richard Harang ,  Joshua Daniel Saxe

IPC分类号： H04L29/06 ,  G06N3/045 ,  H04L9/40

CPC分类号： H04L63/1425 ,  G06N3/045 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/20

摘要： Embodiments disclosed include methods and apparatus for detecting a reputation of infrastructure associated with potentially malicious content. In some embodiments, an apparatus includes a memory and a processor. The processor is configured to identify an Internet Protocol (IP) address associated with potentially malicious content and define each row of a matrix by applying a different subnet mask from a plurality of subnet masks to a binary representation of the IP address to define that row of the matrix. The processor is further configured to provide the matrix as an input to a machine learning model, and receive, from the machine learning model, a score associated with a maliciousness of the IP address.

公开(公告)号：US20240179043A1

公开(公告)日：2024-05-30

申请号：US18071132

申请日：2022-11-29

申请人： Sophos Limited

发明人： Neil Richard Terry

IPC分类号： H04L41/0604 ,  H04L41/0654 ,  H04L43/16

CPC分类号： H04L41/0627 ,  H04L41/0672 ,  H04L43/16

摘要： A method includes monitoring a plurality of packets received by a network sensor associated with a port of a network, determining a ratio of unicast, multicast or broadcast packets to a total number of packets for the plurality of packets, determining that the ratio is outside the bounds of a threshold range, detecting that a port is misconfigured based on the determination that the ratio is outside the bounds of a threshold range, and automatically notifying a network administrator that the port is misconfigured based on the determination that the ratio is outside the bounds of a threshold range. Further disclosed is a computer system and computer program product configured to perform the method.

公开(公告)号：US11995205B2

公开(公告)日：2024-05-28

申请号：US18096882

申请日：2023-01-13

申请人： Sophos Limited

发明人： Joseph H. Levy ,  Andrew J. Thomas ,  Daniel Salvatore Schiappa ,  Kenneth D. Ray

IPC分类号： G06F21/62 ,  G06F16/13 ,  G06F16/28 ,  G06F16/93 ,  G06F21/64 ,  G06N20/00 ,  H04L9/32 ,  H04L9/40 ,  H04L41/00 ,  H04L41/22

CPC分类号： G06F21/6218 ,  G06F16/137 ,  G06F16/285 ,  G06F16/93 ,  G06F21/64 ,  G06N20/00 ,  H04L9/3265 ,  H04L41/20 ,  H04L41/22 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/101 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205

摘要： A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.