公开(公告)号：US12001563B2

公开(公告)日：2024-06-04

申请号：US17226722

申请日：2021-04-09

申请人： Forcepoint, LLC

发明人： Alan Ross ,  Raffael Marty ,  Nicolas Christian Fischbach

IPC分类号： G06F21/57 ,  G06F21/55 ,  G06F21/56 ,  G06F21/62 ,  G06N5/04 ,  G06N20/00 ,  H04L9/40

CPC分类号： G06F21/577 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F21/6227 ,  G06N5/04 ,  G06N20/00 ,  H04L63/102 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  G06F2221/033 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

公开(公告)号：US11979414B2

公开(公告)日：2024-05-07

申请号：US17226707

申请日：2021-04-09

申请人： Forcepoint, LLC

发明人： Raffael Marty ,  Nicolas Christian Fischbach

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

CPC分类号： H04L63/14 ,  G06F21/566 ,  G06F21/577 ,  H04L63/04 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/205 ,  H04L67/306 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a human factors risk operation. The human factors risk operation includes: monitoring an entity, the monitoring observing an electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source; analyzing the security related activity, the analyzing the security related activity using a human factors framework; and, performing a human factors risk operation in response to the analyzing the security related activity.

公开(公告)号：US11902296B2

公开(公告)日：2024-02-13

申请号：US17139058

申请日：2020-12-31

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

CPC分类号： H04L63/14 ,  G06F21/566 ,  G06F21/577 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/205 ,  H04L67/306 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to trace the entity interaction between the first entity and the second entity.

公开(公告)号：US11888864B2

公开(公告)日：2024-01-30

申请号：US17131018

申请日：2020-12-22

申请人： Forcepoint, LLC

发明人： Lawrence Bruce Huston, III ,  David Coffey

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

CPC分类号： H04L63/04 ,  G06F21/566 ,  G06F21/577 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/205 ,  H04L67/306 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation. The security analytics mapping operation includes receiving a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; receiving a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining, via a distributed security analytics environment, whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; and, generating, via the distributed security analytics environment, an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity.

公开(公告)号：US11843613B2

公开(公告)日：2023-12-12

申请号：US17119808

申请日：2020-12-11

申请人： Forcepoint, LLC

发明人： Margaret Cunningham ,  Clifford Charles Wright

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

CPC分类号： H04L63/14 ,  G06F21/566 ,  G06F21/577 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/205 ,  H04L67/306 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source, the security related activity comprising a concerning behavior; generating a contextual modifier relating to the security related activity; analyzing the security related activity, the analyzing the security related activity being based upon the contextual modifier; and, performing a security operation in response to the analyzing the security related activity.

公开(公告)号：US11836248B2

公开(公告)日：2023-12-05

申请号：US16206194

申请日：2018-11-30

申请人： Forcepoint, LLC

发明人： Peidong Chen ,  Manikandan Thiagarajan ,  Michael Miller ,  Xin Hu

IPC分类号： G06F7/04 ,  G06F21/55 ,  H04L9/40

CPC分类号： G06F21/554 ,  G06F21/552 ,  H04L63/20 ,  G06F2221/034

摘要： A method, system and computer-usable medium are disclosed for operating an endpoint agent at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint agent at an endpoint device, including: operating the endpoint agent to selectively subscribe to events corresponding to activities occurring at an endpoint platform; processing events received from a message bus by the endpoint agent, where the events processed by the endpoint agent are events to which the endpoint agent has subscribed; and communicating, to a service, information corresponding to the events processed by the endpoint agent. Other embodiments of this aspect of the invention may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

公开(公告)号：US11805001B2

公开(公告)日：2023-10-31

申请号：US17473463

申请日：2021-09-13

申请人： Forcepoint LLC

发明人： Kari J. Nurmela

IPC分类号： H04L41/0266 ,  H04L49/552 ,  H04L49/55

CPC分类号： H04L41/0266 ,  H04L49/552 ,  H04L49/555

摘要： A method for migrating a data schema comprising combining a first deterministic finite automaton with a second deterministic finite automaton to generate a modified deterministic finite automation. Identifying a state of the modified deterministic finite automaton without computed followers. Computing a new vector of original states for each state of the modified deterministic finite automaton corresponding to the identified state.

公开(公告)号：US11783216B2

公开(公告)日：2023-10-10

申请号：US17091088

申请日：2020-11-06

申请人： Forcepoint, LLC

发明人： Josh Lospinoso ,  Guy Louis Filippelli ,  Christopher Poirel ,  James Michael Detwiler

IPC分类号： G06N5/04 ,  G06N7/01 ,  G06N20/00 ,  G06N5/022 ,  G06N5/048 ,  G06Q30/0201 ,  G06Q30/00 ,  G06Q10/10

CPC分类号： G06N7/01 ,  G06N5/022 ,  G06N5/048 ,  G06N20/00 ,  G06Q10/10 ,  G06Q30/00 ,  G06Q30/0201 ,  G06N5/04

摘要： A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.

公开(公告)号：US11783053B2

公开(公告)日：2023-10-10

申请号：US17709673

申请日：2022-03-31

申请人： Forcepoint, LLC

发明人： Raffael Marty ,  Alan Ross ,  Nicolas Christian Fischbach ,  Matthew P. Moynahan ,  Chad Anson

IPC分类号： G06F21/57 ,  G06F21/55 ,  G06F21/56 ,  G06F21/62 ,  G06N5/04 ,  H04L9/40 ,  G06N20/00

CPC分类号： G06F21/577 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F21/6227 ,  G06N5/04 ,  G06N20/00 ,  H04L63/102 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  G06F2221/033 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

公开(公告)号：US11675910B2

公开(公告)日：2023-06-13

申请号：US16791449

申请日：2020-02-14

申请人： Forcepoint, LLC

发明人： Alan Ross ,  Raffael Marty ,  Nicolas Christian Fischbach ,  Matthew P. Moynahan ,  Chad Anson

IPC分类号： G06F21/00 ,  G06F21/57 ,  G06F21/55 ,  G06F21/56 ,  G06F21/62 ,  G06N5/04 ,  H04L9/40 ,  G06N20/00

CPC分类号： G06F21/577 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F21/6227 ,  G06N5/04 ,  G06N20/00 ,  H04L63/102 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  G06F2221/033 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; and, accessing an entity behavior catalog based upon the entity behavior catalog data; and performing a security operation via a security system, the security operation using the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.