公开(公告)号：US08677479B2

公开(公告)日：2014-03-18

申请号：US11893934

申请日：2007-08-17

申请人： John Neystadt ,  Efim Hudis

发明人： John Neystadt ,  Efim Hudis

IPC分类号： H04L29/06

CPC分类号： G06F21/552 ,  G06F21/577 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/101 ,  H04L63/1416 ,  H04L2209/76 ,  H04L2463/144

摘要： An automated arrangement for detecting adversaries is provided in which assessments of detected adversaries are reported to a reputation service from security devices, such as unified threat management systems in deployed customer networks. By using actual deployed networks, the number of available sensors can be very large to increase the scope of the adversary detection, while still observing real attacks and threats including those that are targeted to small sets of customers. The reputation service performs a number of correlations and validations on the received assessments to then return a reputation back to the security device in the enterprise network that can be used for blocking adversaries, but only when multiple, distinct sources report the same adversary in their assessments to thus ensure that the reputation is accurate and reliable.

摘要翻译： 提供了用于检测对手的自动化安排，其中检测到的对手的评估被报告给来自安全设备（诸如部署的客户网络中的统一威胁管理系统）的信誉服务。 通过使用实际部署的网络，可用传感器的数量可能非常大，以增加对手检测的范围，同时仍然观察到真正的攻击和威胁，包括针对小型客户的攻击和威胁。 信誉服务对接收到的评估执行一些相关性和验证，然后将声誉返回到可用于阻止对手的企业网络中的安全设备，但只有当多个不同来源在其评估中报告相同的对手时 从而确保声誉准确可靠。

公开(公告)号：US08516583B2

公开(公告)日：2013-08-20

申请号：US11096490

申请日：2005-03-31

申请人： Anil Francis Thomas ,  Michael Kramer ,  Mihai Costea ,  Efim Hudis ,  Pradeep Bahl ,  Rajesh K Dadhia ,  Yigal Edery

发明人： Anil Francis Thomas ,  Michael Kramer ,  Mihai Costea ,  Efim Hudis ,  Pradeep Bahl ,  Rajesh K Dadhia ,  Yigal Edery

IPC分类号： G06F21/00

CPC分类号： G06F21/56 ,  G06F21/562 ,  G06F21/577

摘要： In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.

摘要翻译： 根据本发明，提供了一种用于聚合多个安全服务或其他事件收集系统的知识库以保护计算机免受恶意软件的系统，方法和计算机可读介质。 本发明的一个方面是通过使用反恶意软件服务或其他事件收集系统来观察潜在地指示恶意软件的可疑事件来主动地保护计算机免受恶意软件的影响; 确定可疑事件是否满足预定阈值; 并且如果可疑事件满足预定阈值，则实施旨在防止恶意软件传播的限制性安全策略。

公开(公告)号：US08424094B2

公开(公告)日：2013-04-16

申请号：US11824732

申请日：2007-06-30

申请人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

发明人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

IPC分类号： G06F21/00

CPC分类号： H04L63/1425 ,  H04L63/308

摘要： An automated collection of forensic evidence associated with a security incident is provided by an arrangement in which different security products called endpoints in an enterprise network are enabled for sharing security-related information over a common communication channel using an abstraction called a security assessment. A security assessment is generally configured to indicate an endpoint's understanding of a detected security incident that pertains to an object in the environment which may include users, computers, IP addresses, and website URIs (Universal Resource Identifiers). The security assessment is published by the endpoint into the channel and received by subscribing endpoints. The security assessment triggers the receiving endpoints to go into a more comprehensive or detailed mode of evidence collection. In addition, any forensic evidence having relevance to the security incident that may have already been collected prior to the detection will be marked for retention so that it is not otherwise deleted.

摘要翻译： 与安全事件相关联的法医证据的自动收集由一种安排提供，其中使企业网络中称为端点的不同安全产品能够使用称为安全性评估的抽象通过公共通信信道共享与安全相关的信息。 通常，安全性评估被配置为指示端点对于可能包括用户，计算机，IP地址和网站URI（通用资源标识符）的环境中的对象的检测到的安全事件的理解。 安全评估由端点发布到信道中，并由订阅端点接收。 安全评估使得接收端点进入更全面或详细的证据收集模式。 此外，与检测前已经收集到的安全事件相关的任何法医证据将被标记为保留，以免另外删除。

公开(公告)号：US08095979B2

公开(公告)日：2012-01-10

申请号：US11627594

申请日：2007-01-26

申请人： Ellen McDermott ,  Efim Hudis

发明人： Ellen McDermott ,  Efim Hudis

IPC分类号： G06F11/00

CPC分类号： G06F21/552 ,  G06Q20/40

摘要： Analysis of audit information that takes into account a wide context allows for a rich picture from which system conditions may be assessed. Event information about various events that have occurred or are occurring, on various sources in the computing arrangement, is maintained. Each entity has an “activity identifier”, which remains the same across various events performed by that entity at the various sources. Event information associated with the various sources is contextually analyzed on the basis of the activity identifier, to assess whether a condition exists that impacts the performance and/or security of the computing arrangement. In case it is determined that such a condition exists, an action is performed to remediate the condition.

摘要翻译： 考虑到广泛背景的审计信息的分析可以从哪个系统条件评估出丰富的图景。 维护在计算安排的各种来源上发生或正在发生的各种事件的事件信息。 每个实体都有一个“活动标识符”，它在不同来源的实体执行的各种事件中保持不变。 根据活动标识符对与各种来源相关联的事件信息进行上下文分析，以评估是否存在影响计算安排的性能和/或安全性的条件。 在确定存在这种情况的情况下，执行动作来修复条件。

公开(公告)号：US07953969B2

公开(公告)日：2011-05-31

申请号：US11893974

申请日：2007-08-17

申请人： John Neystadt ,  Efim Hudis

发明人： John Neystadt ,  Efim Hudis

IPC分类号： G06F15/173 ,  H04L9/32

CPC分类号： H04L63/1416 ,  H04L63/1433 ,  H04L2463/144

摘要： An automated arrangement for reducing the occurrence and/or minimizing the impact of false positives by a reputation service is provided in which overrides for a reputation of an adversary are reported to a reputation service from security devices, such as unified threat management systems, deployed in enterprise or consumer networks. An override is typically performed by an administrator at a customer network to allow the security device to accept traffic from, or send traffic to a given IP address or URL. Such connectivity is allowed—even if such objects have a blacklisted reputation provided by a reputation service—in cases where the administrator recognizes that the blacklisted reputation is a false positive. The reputation service uses the reported overrides to adjust the fidelity (i.e., a confidence level) of that object's reputation, and then provides an updated reputation, which reflects the fidelity adjustment, to all the security devices that use the reputation service.

摘要翻译： 提供了一种用于减少由信誉服务引起的误报的发生和/或最小化误报的影响的自动布置，其中将对手的声誉的覆盖从诸如统一威胁管理系统的安全设备（例如统一威胁管理系统）报告给信誉服务 企业或消费者网络。 覆盖通常由客户网络上的管理员执行，以允许安全设备接受来自给定IP地址或URL的流量或发送流量。 允许这样的连接 - 即使这样的对象具有由信誉服务提供的黑名单声誉 - 在管理员认识到列入黑名单的声誉是假阳性的情况下。 信誉服务使用报告的覆盖来调整该对象的信誉的保真度（即，置信水平），然后向使用信誉服务的所有安全设备提供反映保真度调整的更新信誉。

公开(公告)号：US20090328222A1

公开(公告)日：2009-12-31

申请号：US12146440

申请日：2008-06-25

申请人： Yair Helman ,  Efim Hudis ,  Lior Arzi

发明人： Yair Helman ,  Efim Hudis ,  Lior Arzi

IPC分类号： G06F21/00

CPC分类号： H04L63/1425 ,  G06F21/554

摘要： Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint will generate a tentative assignment of contextual meaning called a security assessment that is published when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”. ESAS is configured with the capabilities to map between objects, including users and machines in the enterprise network, so that security assessments applicable to one object domain can be used to generate security assessments in another object domain.

摘要翻译： 在企业安全评估共享（“ESAS”）系统中的对象类型映射可以对企业网络进行攻击，并更好地检测安全事件，并提高响应能力。 ESAS系统分布在共享通用通信通道的企业网络中包含不同安全产品的端点之间。 端点将产生一个上下文意义的临时赋值，称为安全评估，当检测到潜在的安全事件时，该评估将被发布。 安全评估确定感兴趣的对象，安全事件的类型及其严重性。 还提供了一种由被称为“保真度”的属性表示的对检测的置信度。 配置ESAS配置能够在企业网络中的对象（包括用户和计算机）之间进行映射，以便可以使用适用于一个对象域的安全评估来生成另一对象域中的安全性评估。

公开(公告)号：US20090178108A1

公开(公告)日：2009-07-09

申请号：US12192111

申请日：2008-08-14

申请人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

发明人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

IPC分类号： G06F17/00

CPC分类号： G06F21/56 ,  G06F17/30867 ,  G06F21/55 ,  G06F21/629 ,  G06F2221/2115 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2151 ,  G06Q30/0204 ,  G06Q30/0215 ,  H04L63/0281 ,  H04L63/14 ,  H04L63/20

摘要： Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

摘要翻译： 启用安全内容管理作为基于云的服务，通过该服务可以为内部部署的网络用户和非内部部署或漫游用户实施安全保护和策略强制。 全球SCM服务将通常由企业网络SCM设备硬件或服务器提供的安全功能（如防病毒，间谍软件和网络钓鱼保护，防火墙，入侵检测，集中管理等）集成到基于云的 用户通过基于互联网的在线点（“POPs”）达成的服务。 POP被配置有转发代理服务器，并且在一些实现中，缓存和网络加速组件，并且耦合到提供诸如主动目录服务的配置管理和身份管理服务的集线器。

公开(公告)号：US20090177514A1

公开(公告)日：2009-07-09

申请号：US12192113

申请日：2008-08-14

申请人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

发明人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

IPC分类号： G06F9/46 ,  H04L9/32 ,  G06F7/06 ,  G06Q30/00 ,  G06F12/14 ,  G06F17/30

CPC分类号： G06F21/56 ,  G06F17/30867 ,  G06F21/55 ,  G06F21/629 ,  G06F2221/2115 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2151 ,  G06Q30/0204 ,  G06Q30/0215 ,  H04L63/0281 ,  H04L63/14 ,  H04L63/20

摘要： Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

摘要翻译： 启用安全内容管理作为基于云的服务，通过该服务可以为内部部署的网络用户和漫游用户实施安全保护和策略强制。 全球SCM服务将通常由企业网络SCM设备硬件或服务器提供的安全功能（如防病毒，间谍软件和网络钓鱼保护，防火墙，入侵检测，集中管理等）集成到基于云的 用户通过基于互联网的在线点（“POPs”）达成的服务。 POP被配置有转发代理服务器，并且在一些实现中，缓存和网络加速组件，并且耦合到提供诸如主动目录服务的配置管理和身份管理服务的集线器。

公开(公告)号：US20080256619A1

公开(公告)日：2008-10-16

申请号：US11893934

申请日：2007-08-17

申请人： John Neystadt ,  Efim Hudis

发明人： John Neystadt ,  Efim Hudis

IPC分类号： H04L9/32 ,  G06F9/00

CPC分类号： G06F21/552 ,  G06F21/577 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/101 ,  H04L63/1416 ,  H04L2209/76 ,  H04L2463/144

摘要： An automated arrangement for detecting adversaries is provided in which assessments of detected adversaries are reported to a reputation service from security devices, such as unified threat management systems in deployed customer networks. By using actual deployed networks, the number of available sensors can be very large to increase the scope of the adversary detection, while still observing real attacks and threats including those that are targeted to small sets of customers. The reputation service performs a number of correlations and validations on the received assessments to then return a reputation back to the security device in the enterprise network that can be used for blocking adversaries, but only when multiple, distinct sources report the same adversary in their assessments to thus ensure that the reputation is accurate and reliable.

摘要翻译： 提供了用于检测对手的自动化安排，其中检测到的对手的评估被报告给来自安全设备（诸如部署的客户网络中的统一威胁管理系统）的信誉服务。 通过使用实际部署的网络，可用传感器的数量可能非常大，以增加对手检测的范围，同时仍然观察到真正的攻击和威胁，包括针对小型客户的攻击和威胁。 信誉服务对接收到的评估执行一些相关性和验证，然后将声誉返回到可用于阻止对手的企业网络中的安全设备，但只有当多个不同来源在其评估中报告相同的对手时 从而确保声誉准确可靠。

公开(公告)号：US08719236B2

公开(公告)日：2014-05-06

申请号：US13593508

申请日：2012-08-23

申请人： Yaron Zinar ,  Efim Hudis ,  Yifat Orlin ,  Gal Novik ,  Yuri Gurevich ,  Gad Peleg

发明人： Yaron Zinar ,  Efim Hudis ,  Yifat Orlin ,  Gal Novik ,  Yuri Gurevich ,  Gad Peleg

IPC分类号： G06F17/30 ,  G06F3/06

CPC分类号： G06F17/30156 ,  G06F3/0641 ,  G06F17/30138 ,  G06F17/30303

摘要： The present invention extends to methods, systems, and computer program products for selecting candidate records for deduplication from a table. A table can be processed to compute an inverse index for each field of the table. A deduplication algorithm can traverse the inverse indices in accordance with a flexible user-defined policy to identify candidate records for deduplication. Both exact matches and approximate matches can be found.

摘要翻译： 本发明扩展到用于从表中选择重复数据删除的候选记录的方法，系统和计算机程序产品。 可以处理表以计算表的每个字段的反向索引。 重复数据删除算法可以根据灵活的用户定义策略遍历反向索引，以识别重复数据删除的候选记录。 可以找到精确匹配和近似匹配。