公开(公告)号：US11025638B2

公开(公告)日：2021-06-01

申请号：US16040128

申请日：2018-07-19

申请人： Forcepoint, LLC

发明人： Richard A. Ford ,  Jeff Timbs ,  Kurt Natvig

IPC分类号： G06F21/00 ,  H04L29/06

摘要： A method, system and computer-usable medium for providing security friction to a request for access to a resource based on whether the access request is atypical. In certain embodiments, a request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction that would otherwise not have been asserted if the resource request was typical. In certain embodiments, an elapsed time between access requests based on the user identity is used to determine whether the access request is atypical.

公开(公告)号：US20210152568A1

公开(公告)日：2021-05-20

申请号：US17139051

申请日：2020-12-31

申请人： Forcepoint, LLC

发明人： Raffael Marty ,  Nicolas Christian Fischbach

IPC分类号： H04L29/06

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; associating a human factor with the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source; analyzing the event of analytic utility, the analyzing the event of analytic utility taking into account the human factor associated with the entity enacting the event of analytic utility; generating a risk score in response to the analyzing, the risk score taking into account the human factor associated with the entity; and, performing the security operation when the risk score meets a security risk parameter.

公开(公告)号：US20210152519A1

公开(公告)日：2021-05-20

申请号：US16686694

申请日：2019-11-18

申请人： Forcepoint LLC

发明人： Jaakko MOLLER

IPC分类号： H04L29/06

摘要： A method, system, and computer-usable medium are disclosed for: (i) communicating, from a client device to a security device via a metadata connection, metadata regarding a data connection to be established by the client device, the metadata comprising a connection identifier uniquely identifying the data connection; and (ii) communicating, from the client device to the security device via the data connection, network traffic comprising a packet that includes the connection identifier, such that the security device may use the connection identifier to index an entry associated with the metadata that the security device has stored in a metadata cache.

公开(公告)号：US11005659B2

公开(公告)日：2021-05-11

申请号：US15877974

申请日：2018-01-23

申请人： Forcepoint LLC

发明人： Otto Airamo ,  Tuomo Syvänne ,  Ville Mattila

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04L29/08 ,  H04L9/14

摘要： A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.

公开(公告)号：US20210112074A1

公开(公告)日：2021-04-15

申请号：US17119808

申请日：2020-12-11

申请人： Forcepoint, LLC

发明人： Margaret Cunningham ,  Clifford Charles Wright

IPC分类号： H04L29/06

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity, the security related activity being based upon the observable from the electronic data source, the security related activity comprising a concerning behavior; generating a contextual modifier relating to the security related activity; analyzing the security related activity, the analyzing the security related activity being based upon the contextual modifier; and, performing a security operation in response to the analyzing the security related activity.

公开(公告)号：US20210112040A1

公开(公告)日：2021-04-15

申请号：US16598657

申请日：2019-10-10

申请人： Forcepoint LLC

发明人： Olli-Pekka NIEMI ,  Andrew MORTENSEN ,  Valtteri RAHKONEN

IPC分类号： H04L29/06

摘要： A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.

公开(公告)号：US10972740B2

公开(公告)日：2021-04-06

申请号：US15912718

申请日：2018-03-06

申请人： Forcepoint, LLC

发明人： Alexander Smith ,  Kevin Crandell ,  Mark Price ,  Natalie McMullen

IPC分类号： H04N19/167 ,  H04L29/06 ,  G06F3/14

摘要： A method, system and computer-usable medium for performing a bandwidth reduction operation, comprising: receiving a plurality of streams of high-density image frames from a respective plurality of monitored devices; storing the plurality of streams of high-density image frames within a monitored content repository; identifying a subset of the plurality of streams of high-density image frames for increased scrutiny; and, presenting a portion of the subset of the plurality of streams of high-density image frames within a scalable viewport.

公开(公告)号：US10860942B2

公开(公告)日：2020-12-08

申请号：US16432408

申请日：2019-06-05

申请人： Forcepoint, LLC

发明人： Josh Lospinoso ,  Guy Louis Filippelli ,  Christopher Poirel ,  James Michael Detwiler

IPC分类号： G06N5/04 ,  G06N7/00 ,  G06N20/00 ,  G06N5/02 ,  G06Q30/02 ,  G06Q30/00 ,  G06Q10/10

摘要： A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.

公开(公告)号：US10834131B2

公开(公告)日：2020-11-10

申请号：US15824214

申请日：2017-11-28

申请人： Forcepoint LLC

发明人： Tuomo Syvänne ,  Olli-Pekka Niemi ,  Valtteri Rahkonen

IPC分类号： H04L29/06

摘要： A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client based on the identity.

公开(公告)号：US10776708B2

公开(公告)日：2020-09-15

申请号：US15399147

申请日：2017-01-05

申请人： RedOwl Analytics, Inc.

发明人： Josh Lospinoso ,  Guy Louis Filippelli

IPC分类号： G06N5/04 ,  G06N7/00 ,  G06N20/00 ,  G06Q30/02 ,  G06N5/02

摘要： A relational event history is determined based on a data set, the relational event history including a set of relational events that occurred in time among a set of actors. Data is populated in a probability model based on the relational event history, where the probability model is formulated as a series of conditional probabilities that correspond to a set of sequential decisions by an actor for each relational event, where the probability model includes one or more statistical parameters and corresponding statistics. A baseline communications behavior for the relational event history is determined based on the populated probability model, and departures within the relational event history from the baseline communications behavior are determined.