公开(公告)号：US11550909B2

公开(公告)日：2023-01-10

申请号：US17039350

申请日：2020-09-30

Applicant: Sophos Limited

Inventor： Beata Ladnai ,  Mark David Harris ,  Andrew J. Thomas ,  Andrew G. P. Smith ,  Russell Humphries

IPC: G06F21/56 ,  G06F21/55 ,  G06F8/65

Abstract: A multi-endpoint event graph is used to detect malware based on malicious software moving through a network.

公开(公告)号：US11310275B2

公开(公告)日：2022-04-19

申请号：US15885347

申请日：2018-01-31

Applicant: Sophos Limited

Inventor： John Edward Tyrone Shaw ,  Ross McKerchar ,  Moritz Daniel Grimm ,  Jan Karl Heinrich Weber ,  Shail R. Talati ,  Kenneth D. Ray ,  Andrew J. Thomas

IPC: H04L29/06 ,  H04W12/79

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.

公开(公告)号：US11184392B2

公开(公告)日：2021-11-23

申请号：US16224291

申请日：2018-12-18

Applicant: Sophos Limited

Inventor： Andrew J. Thomas ,  Daniel Stutz

IPC: H04L29/06 ,  G06F11/00 ,  G06F21/56 ,  G06F21/55 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  G06F21/45 ,  G06F21/40 ,  G06F21/43 ,  H04L9/32 ,  H04L12/58

Abstract: Attempts at lateral movement are detected by monitoring failed login attempts across a number of endpoints in a network. By configuring endpoints across the network to report unsuccessful login attempts and monitoring these login attempts at a central location, patterns of attempts and failures may advantageously be detected and used to identify malicious attempts at lateral movement within the network before any unauthorized lateral movement is achieved.

公开(公告)号：US11184391B2

公开(公告)日：2021-11-23

申请号：US16224218

申请日：2018-12-18

Applicant: Sophos Limited

Inventor： Andrew J. Thomas ,  Kenneth D. Ray ,  Karl Ackerman

IPC: H04L29/06 ,  G06F11/00 ,  G06F21/56 ,  G06F21/55 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  G06F21/45 ,  G06F21/40 ,  G06F21/43 ,  H04L9/32 ,  H04L12/58

Abstract: An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.

公开(公告)号：US11144895B2

公开(公告)日：2021-10-12

申请号：US15142667

申请日：2016-04-29

Applicant: Pay2Day Solutions, Inc.

Inventor： Christopher J. Brunner

IPC: G06Q20/10 ,  H04W4/14 ,  G06F21/31

Abstract: Provided herein are methods and systems for a bill payment platform that enables consumers to make bill payments using simplified methods of communication, such as by using text messages or short messaging service (SMS) messages and the like, through message interfaces provided by the bill payment platform, which may include components for context-based notification, intelligent message interpretation, and regulatory compliance.

公开(公告)号：US11019056B2

公开(公告)日：2021-05-25

申请号：US15885391

申请日：2018-01-31

Applicant: Sophos Limited

Inventor： John Edward Tyrone Shaw ,  Ross McKerchar ,  Moritz Daniel Grimm ,  Jan Karl Heinrich Weber ,  Shail R. Talati ,  Kenneth D. Ray ,  Andrew J. Thomas

IPC: H04L29/06

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.

公开(公告)号：US10997294B2

公开(公告)日：2021-05-04

申请号：US16896563

申请日：2020-06-09

Applicant: Sophos Limited

Inventor： Timothy Bruce Kenyon ,  Patrick James Hammack

IPC: G06F21/56 ,  G06F21/52 ,  G06F21/55

Abstract: A code segment executing on a compute instance may be identified as suspicious based on runtime behavior or similar behavioral analysis or the like. In order to ensure the identification and use of the most up-to-date identification and remediation tools, the compute instance may defer various remediation steps for an interval, during which the compute instance may wait for data updates from a threat management system. After the interval has passed, the compute instance may use any updated data or tools in order to address the code segment that triggered the initial malware detection.

公开(公告)号：US10984127B2

公开(公告)日：2021-04-20

申请号：US15635968

申请日：2017-06-28

Applicant: Sophos Limited

Inventor： John Bryan

IPC: G06F21/62

Abstract: Methods and systems for identifying content of interest. Accessed textual information is processed by at least one of character unification, phrase unification, and concept unification. A configured processor executes at least one predefined rule to determine whether the unified content includes certain types of information. Unified content that matches may be subject to further action such as alerts, encryption, logging, etc.

公开(公告)号：US10972485B2

公开(公告)日：2021-04-06

申请号：US16129143

申请日：2018-09-12

Applicant: Sophos Limited

Inventor： Beata Ladnai ,  Mark David Harris ,  Andrew G. P. Smith ,  Kenneth D. Ray ,  Andrew J. Thomas ,  Russell Humphries

IPC: H04L29/06 ,  G06N5/04 ,  G06N20/00 ,  G06F17/18 ,  G06F21/56 ,  G06Q10/06 ,  G06F16/955 ,  G06F11/07 ,  G06K9/62 ,  G06N7/00 ,  G06F21/55 ,  G06F9/54

Abstract: In a threat management platform, a number of endpoints log events in an event data recorder. A local agent filters this data and feeds a filtered data stream to a central threat management facility. The central threat management facility can locally or globally tune filtering by local agents based on the current data stream, and can query local event data recorders for additional information where necessary or helpful in threat detection or forensic analysis. The central threat management facility also stores and deploys a number of security tools such as a web-based user interface supported by machine learning models to identify potential threats requiring human intervention and other models to provide human-readable context for evaluating potential threats.

公开(公告)号：US10972429B2

公开(公告)日：2021-04-06

申请号：US16433588

申请日：2019-06-06

Applicant: Reflexion Networks, Inc.

Inventor： Joseph E. McIsaac ,  Marcus Dahllof ,  Louis Bruce Tatarsky ,  Richard K. Vallett

IPC: H04L29/12 ,  H04L12/58 ,  H04L29/06 ,  G06Q10/10

Abstract: A method may include receiving an outbound communication directed to one or more recipient addresses from a communications infrastructure hosting the true address for the user. A server or similar intermediary may generate an alias address for each recipient address in an outbound communication so that each recipient may communicate with the true address using a unique reply channel. A discrete security state may be assigned as a security attribute to each such alias address. The discrete security state, which can be controlled by the user and stored, e.g., at the intermediate server, establishes rules for controlling communications from one of the recipient addresses through the communications infrastructure to the true address via one of the alias addresses. Once an alias and a security state are assigned in this manner to facilitate handling of responsive communications, the outbound communication may be forwarded to recipient addresses through the communication network.