公开(公告)号：US20240015084A1

公开(公告)日：2024-01-11

申请号：US18471125

申请日：2023-09-20

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: H04L43/045 ,  H04L9/40 ,  G06F9/455 ,  G06N20/00 ,  G06F21/55 ,  G06F21/56 ,  G06F16/28 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/29 ,  G06F16/16 ,  G06F16/17 ,  G06F16/11 ,  G06F16/13 ,  G06F16/174 ,  G06F16/23 ,  G06F16/9535 ,  G06N99/00 ,  H04L9/32 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/106 ,  H04L45/00 ,  H04L45/50 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  H04W72/54 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/24 ,  H04L9/08 ,  H04J3/06 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0864 ,  H04L47/11 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L47/31 ,  G06F3/0482 ,  G06T11/20 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L45/302

CPC classification number: H04L43/045 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20 ,  G06F9/45558 ,  G06N20/00 ,  G06F21/552 ,  G06F21/566 ,  G06F16/285 ,  G06F16/288 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/29 ,  G06F16/162 ,  G06F16/17 ,  G06F16/122 ,  G06F16/137 ,  G06F16/173 ,  G06F16/1744 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/9535 ,  G06F16/1748 ,  G06F16/174 ,  G06N99/00 ,  H04L9/3239 ,  H04L41/0668 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0858 ,  H04L43/106 ,  H04L45/46 ,  H04L45/507 ,  H04L63/1458 ,  H04L67/12 ,  H04L43/026 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/51 ,  H04L67/75 ,  H04L67/1001 ,  G06F21/556 ,  H04W72/54 ,  H04L63/1416 ,  H04L63/145 ,  H04L43/062 ,  H04L43/10 ,  H04L47/2441 ,  H04L41/0893 ,  H04L43/08 ,  H04L43/04 ,  H04W84/18 ,  H04L67/10 ,  H04L41/046 ,  H04L43/0876 ,  H04L41/12 ,  H04L41/16 ,  H04L41/0816 ,  G06F21/53 ,  H04L63/16 ,  H04L41/22 ,  G06F3/04842 ,  G06F3/04847 ,  H04L41/0803 ,  H04L43/0829 ,  H04L43/16 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3242 ,  H04L63/06 ,  H04L63/0876 ,  H04J3/0661 ,  H04J3/14 ,  H04L47/20 ,  H04L47/32 ,  H04L43/0841 ,  H04L43/0864 ,  H04L47/11 ,  H04L63/1408 ,  H04L69/22 ,  H04L45/74 ,  H04L47/2483 ,  H04L43/0882 ,  H04L63/0227 ,  H04L63/0263 ,  H04L41/0806 ,  H04L43/0888 ,  H04L43/12 ,  H04L63/1433 ,  H04L47/31 ,  H04L45/38 ,  H04L45/66 ,  G06F3/0482 ,  G06T11/206 ,  H04L43/02 ,  H04L47/28 ,  H04L69/16 ,  H04L63/1466 ,  H04L45/306 ,  G06F16/2365 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

Abstract: An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

公开(公告)号：US11868798B2

公开(公告)日：2024-01-09

申请号：US17821345

申请日：2022-08-22

Applicant: Orca Security Ltd.

Inventor： Avi Shua

IPC: H04L9/40 ,  G06F21/55 ,  G06F9/455 ,  G06F16/11 ,  G06F11/14 ,  G06F21/56

CPC classification number: G06F9/45558 ,  G06F11/1464 ,  G06F16/128 ,  G06F21/552 ,  G06F21/554 ,  G06F21/565 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  G06F2009/45562 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2201/84

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

公开(公告)号：US20230421601A1

公开(公告)日：2023-12-28

申请号：US17808188

申请日：2022-06-22

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Rosa M. Bolger ,  Jacobus P. Lodewijkx ,  Mauro Marzorati ,  Christopher A. Kulakowski

IPC: H04L9/40

CPC classification number: H04L63/1441 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/08 ,  H04L2463/082

Abstract: Described are techniques for cybersecurity incident mitigation. The techniques include detecting, by an Endpoint Detection and Response (EDR) function in a networked environment comprising a plurality of endpoints, a security incident on a first endpoint of the plurality of endpoints. The techniques further include identifying an administrator of the first endpoint and initiating a process requiring Multi-Factor Authentication (MFA) associated with the administrator of the first endpoint by transmitting a push notification to a second device associated with the administrator and receiving a response to the push notification from the second device. The techniques further include characterizing, by the EDR function, a maliciousness of the security incident based on the response.

公开(公告)号：US11856007B2

公开(公告)日：2023-12-26

申请号：US17114212

申请日：2020-12-07

Applicant: Material Security Inc.

Inventor： Ryan M. Noon ,  Abhishek Agrawal ,  Christopher J. Park

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/1416 ,  G06F9/54 ,  H04L63/1425 ,  H04L63/1441

Abstract: A system and a method are disclosed for determining that a first electronic communication, received in a first private repository of a user, has been identified (e.g., flagged) as including a threat, and determining a probability that the first electronic communication includes the threat. In response to determining that the probability exceeds a threshold probability, the system monitors monitoring for a second electronic communication, received in a second private repository, that includes contents that match the contents of the first electronic communication. In response to, based on the monitoring, identification of the second electronic communication, the system generates a copy of the second electronic communication to an administrative private repository of an administrator, edits the copy to remove a portion that is likely to include the threat, inserts the copy of the second electronic communication to the second private repository, and deletes the second electronic communication from the second private repository.

公开(公告)号：US20230412577A1

公开(公告)日：2023-12-21

申请号：US18228468

申请日：2023-07-31

Applicant: AUTHENTIC8, INC.

Inventor： Ramesh Rajagopal ,  James K. Tosh ,  Fredric L. Cox ,  Perry F. Nguyen ,  Jason T. Champion

IPC: H04L9/40 ,  G06F21/31 ,  G06F21/35 ,  G06F21/36 ,  G06F21/43 ,  G06F21/53 ,  H04L67/01

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/313 ,  G06F21/35 ,  G06F21/36 ,  G06F21/43 ,  G06F2221/2111 ,  H04L67/01 ,  H04L63/20 ,  H04L63/102 ,  H04L63/1441 ,  H04L63/168 ,  G06F21/53

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.

公开(公告)号：US11846746B2

公开(公告)日：2023-12-19

申请号：US17744507

申请日：2022-05-13

Applicant: CHERTOFF GROUP, LLC

Inventor： Lee Kair ,  Bennet Waters

IPC: G01V5/00 ,  G06N20/00 ,  G06F21/57 ,  H04L9/40 ,  G06V20/52

CPC classification number: G01V5/0083 ,  G06F21/577 ,  G06N20/00 ,  G06V20/52 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: In a transportation security technique, images are stored that are received from image capturing equipment deployed at respective screening nodes. The images are analyzed using a machine learning model, where presence of a particular object in an image indicates that a threat condition exists at the screening node. The analyzed images are transmitted to threat assessment components in accordance with predetermined criteria. An indication that the particular object is observed in the image is received from the threat assessment components. An indication that the particular object is observed in the image is transmitted to the screening node responsive to receiving the indication that the particular object is observed in the image. An indication of whether the particular object is present at the screening node is received. The machine learning model is trained based on the received indication of whether the particular object is observed in the image.

公开(公告)号：US20230403247A1

公开(公告)日：2023-12-14

申请号：US17838978

申请日：2022-06-13

Applicant: BANK OF AMERICA CORPORATION

Inventor： Anna Kristen Pingel Berry ,  Shweta Ambulkar ,  Benjamin Daniel Hardman ,  Angela Ianni ,  Olga Kocharyan ,  Luqman Sharief ,  Michael Wm. Whitaker

IPC: H04L51/212 ,  H04L51/08 ,  H04L51/42 ,  H04L9/40

CPC classification number: H04L51/212 ,  H04L51/08 ,  H04L51/42 ,  H04L63/1408 ,  H04L63/1441

Abstract: Implementing artificial intelligence, specifically, machine learning techniques to identify malicious emails and, in response, identifying and conducting actions, including reporting the malicious emails to identified internal and/or external entities and preventing the malicious emails from being delivered to email client mailboxes. The machine learning techniques rely on malicious email patterns identified, at least, from previously identified malicious emails and data resulting from continuously crawling the Web and threat intelligence sources. Further, the email clients may be configured to include an add-on feature in which the user can provide a single input to report the email as being suspicious, which results in further analysis to determine whether the email is, in fact, a malicious email.

公开(公告)号：US11843616B2

公开(公告)日：2023-12-12

申请号：US17702606

申请日：2022-03-23

Applicant: Threatology, Inc.

Inventor： Frederick Frey ,  Timothy Nary

IPC: H04L9/40 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G06F3/0482 ,  G06N20/00

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  G06F21/577 ,  G06N20/00 ,  H04L63/14 ,  H04L63/145 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/1483 ,  H04L63/20 ,  G06F2221/034

Abstract: Disclosed is a cyber threat intelligence platform configured to: a) designate a virtual machine as an attacker machine; b) designate a virtual machine as a victim machine; c) receive cyberattack data representative of a cyberattack executed by the attacker machine against the victim machine; e) receive defense action data representative of a defense action executed by the victim machine against the cyberattack; f) mark a first point in time when the cyberattack is executed, and mark a second point in time when the defense action is initiated; g) compare the first point in time with the second point in time to ascertain an attack-defense time lapse as a performance measure for computer system threat management of cyberattacks or defense actions, and h) view or analyze cyberattack and defense actions for effectiveness, including perspectives derived from the relative timing of the actions as indicated on the time lapse.

公开(公告)号：US20230396633A1

公开(公告)日：2023-12-07

申请号：US18204906

申请日：2023-06-01

Applicant: Hangzhou Dbappsecurity Co., Ltd.

Inventor： Jiangchuan LI ,  Si LI ,  Haijun JIN ,  Lei WANG ,  Zhuoqun WU

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: The present disclosure discloses a method and apparatus for detecting security event, and a non-transitory computer-readable storage medium, and relates to the field of big data. The method includes: acquiring a time window, and acquiring log data, wherein the time window is a rolling window in a preset period; matching the log data with a security event model in each time window, so as to generate a matching result set in each time window, wherein the security event model is a model comprising a plurality of rule models for identifying whether the log data has an attack behavior; and generating security event data according to the matching result set, so as to restore an attack process according to the security event data.

公开(公告)号：US11838841B2

公开(公告)日：2023-12-05

申请号：US17821422

申请日：2022-08-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

CPC classification number: H04W4/70 ,  H04L63/06 ,  H04L63/08 ,  H04L63/1441 ,  H04W4/00 ,  H04W12/069

Abstract: In one embodiment, a domain controller (a) quarantines unknown devices at a first quarantine point at a first layer of a multi-layer communication model; (b) communicates with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service; (c) receives a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model; (d) verifies a device type of the first device with the DNS service; and (e) responsive to that verification, provisions the first device into the domain. The domain controller may also send a provisioning response to the access point to enable the first device to be removed from the second quarantine point, to enable the first device to communicate with the domain controller. Other embodiments are described and claimed.