公开(公告)号：US20080244742A1

公开(公告)日：2008-10-02

申请号：US11824718

申请日：2007-06-30

申请人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

发明人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

IPC分类号： G06F12/14

CPC分类号： H04L63/1425 ,  H04L63/308

摘要： An automated arrangement for detecting adversaries is provided by examining a log that contains records of communications into and out of the enterprise network upon the detection of a security incident by which a host computer on an enterprise network becomes compromised. The log is analyzed over a window of time starting before the occurrence of the detected security incident to identify the web site URIs (Uniform Resource Identifiers) and IP (Internet Protocol) addresses (collectively “resources”) that were respectively accessed by the compromised host and/or from which traffic was received by the compromised host. When other host computers in the enterprise are detected as being compromised, a similar analysis is performed and the results of all the analyses are correlated to identify one or more resources that are common to the logged communications of all the compromised machines.

摘要翻译： 通过在检测到企业网络上的主计算机被破坏的安全事件的检测时，通过检查包含进出企业网络的通信记录的日志来提供用于检测对手的自动化安排。 在检测到的安全事件发生之前的时间窗口分析日志，以识别受损主机分别访问的网站URI（统一资源标识符）和IP（因特网协议）地址（统称为“资源”） 和/或由受损主机接收到的流量。 当企业中的其他主机被检测为被泄露时，执行类似的分析，并且将所有分析的结果相关联以识别所有受损机器的记录通信共同的一个或多个资源。

公开(公告)号：US20080229422A1

公开(公告)日：2008-09-18

申请号：US11724061

申请日：2007-03-14

申请人： Efim Hudis ,  Yair Helman ,  Joseph Malka ,  Uri Barash

发明人： Efim Hudis ,  Yair Helman ,  Joseph Malka ,  Uri Barash

IPC分类号： G06F11/00

CPC分类号： H04L63/20 ,  G06F21/552 ,  G06F21/577 ,  H04L41/0803 ,  H04L41/0893 ,  H04L63/1425

摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.

摘要翻译： 企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 其暂定性质体现在其两个组成部分：用于表达对评估的信心程度的忠实领域，以及评估有效的估计时间段的实时生存领域。 端点可以将安全评估发布到安全评估通道上，并订阅其他端点发布的安全评估子集。 通过订阅所有安全性评估，记录安全性评估以及记录端点响应安全威胁所采取的本地操作，专用端点与作为集中审核点执行的通道相连。

公开(公告)号：US20060250968A1

公开(公告)日：2006-11-09

申请号：US11120759

申请日：2005-05-03

申请人： Efim Hudis ,  Ron Mondri

发明人： Efim Hudis ,  Ron Mondri

IPC分类号： H04J3/14 ,  H04J1/16 ,  H04L1/00 ,  H04L12/26 ,  H04L12/28 ,  H04J3/22 ,  H04J3/16

CPC分类号： H04L43/0817 ,  H04L43/0811

摘要： A network access protection method includes creating an access policy as a function of statement-of-health information. The network access protection method also includes selectively allowing, denying or redirecting communications based upon the access policy and the current statement-of-health of one or more computing devices associated with the communications.

摘要翻译： 网络访问保护方法包括创建作为健康声明信息的功能的访问策略。 网络访问保护方法还包括基于与通信相关联的一个或多个计算设备的访问策略和当前健康状况来选择性地允许，拒绝或重定向通信。