公开(公告)号：US20240089272A1

公开(公告)日：2024-03-14

申请号：US18361415

申请日：2023-07-28

Applicant: Wiz, Inc.

Inventor： Itamar GILAD ,  Aviel FOGEL ,  Udi REITBLAT ,  Alon SCHINDEL ,  Ami LUTTWAK ,  Roy REZNIK ,  Yinon COSTICA

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1441

Abstract: A system and method for reducing false positive detection of cybersecurity events is disclosed. The method includes: configuring a plurality of resources to deploy a sensor, each sensor configured to listen on a data link layer for an event; receiving from each sensor a plurality of events, each event including an event type; generating a group of resources having a common attribute; generating a noise metric for the group of resources based on a number of events of an event type; generating a threshold based on the noise metric; configuring each sensor of a resource from the group of resources to detect a number of events exceeding the threshold; detecting a cybersecurity event in response to determining that a first resource from the group of resources has a number of events of a first type exceeding the threshold; and initiating a mitigation action based on the detected cybersecurity event

公开(公告)号：US20240086572A1

公开(公告)日：2024-03-14

申请号：US18513407

申请日：2023-11-17

Applicant: Richard Jay LANGLEY

Inventor： Richard Jay LANGLEY

IPC: G06F21/62 ,  G06F11/14 ,  G06F21/60 ,  H04L9/08 ,  H04L9/40

CPC classification number: G06F21/6245 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/602 ,  H04L9/0894 ,  H04L63/10 ,  H04L63/1441 ,  G06F2201/805

Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

公开(公告)号：US11928231B2

公开(公告)日：2024-03-12

申请号：US18179870

申请日：2023-03-07

Applicant: Sophos Limited

Inventor： Joseph H. Levy ,  Andrew J. Thomas ,  Daniel Salvatore Schiappa ,  Kenneth D. Ray

IPC: G06F21/62 ,  G06F16/13 ,  G06F16/28 ,  G06F16/93 ,  G06F21/64 ,  G06N20/00 ,  H04L9/32 ,  H04L9/40 ,  H04L41/00 ,  H04L41/22

CPC classification number: G06F21/6218 ,  G06F16/137 ,  G06F16/285 ,  G06F16/93 ,  G06F21/64 ,  G06N20/00 ,  H04L9/3265 ,  H04L41/20 ,  H04L41/22 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/101 ,  H04L63/102 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/205

Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.

公开(公告)号：US20240080335A1

公开(公告)日：2024-03-07

申请号：US18385272

申请日：2023-10-30

Applicant: Qualys, Inc.

Inventor： Mayuresh Vishwas Dani ,  Ankur S. Tyagi

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/14 ,  H04L63/1425 ,  H04L63/1441

Abstract: The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.

公开(公告)号：US11924247B1

公开(公告)日：2024-03-05

申请号：US17839289

申请日：2022-06-13

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Daniel Stephen Popick ,  Derek Avery Lyon ,  John Michael Morkel ,  Graeme David Baer ,  Ajith Harshana Ranabahu ,  Khaled Salah Sedky

IPC: H04L9/40 ,  G06F16/93 ,  G06F21/33 ,  G06F21/60 ,  G06F21/62 ,  H04L43/55 ,  G06F3/06 ,  G06F21/12 ,  G06F21/31 ,  G06F21/52 ,  G06F21/57

CPC classification number: H04L63/164 ,  G06F16/93 ,  G06F21/33 ,  G06F21/604 ,  G06F21/6218 ,  H04L43/55 ,  H04L63/102 ,  G06F3/0601 ,  G06F21/125 ,  G06F21/31 ,  G06F21/316 ,  G06F21/52 ,  G06F21/577 ,  H04L63/08 ,  H04L63/1441

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

公开(公告)号：US11924073B2

公开(公告)日：2024-03-05

申请号：US17403026

申请日：2021-08-16

Applicant: Cisco Technology, Inc.

Inventor： Sunil Kumar Gupta ,  Navindra Yadav ,  Michael Standish Watts ,  Ali Parandehgheibi ,  Shashidhar Gandham ,  Ashutosh Kulshreshtha ,  Khawar Deen

IPC: G06F21/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/455 ,  G06F16/11 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17 ,  G06F16/174 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/28 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06N20/00 ,  G06N99/00 ,  G06T11/20 ,  H04J3/06 ,  H04J3/14 ,  H04L1/24 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/00 ,  H04L45/302 ,  H04L45/50 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  H04L67/50

CPC classification number: H04L43/045 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/45558 ,  G06F16/122 ,  G06F16/137 ,  G06F16/162 ,  G06F16/17 ,  G06F16/173 ,  G06F16/174 ,  G06F16/1744 ,  G06F16/1748 ,  G06F16/2322 ,  G06F16/235 ,  G06F16/2365 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/285 ,  G06F16/288 ,  G06F16/29 ,  G06F16/9535 ,  G06F21/53 ,  G06F21/552 ,  G06F21/556 ,  G06F21/566 ,  G06N20/00 ,  G06N99/00 ,  G06T11/206 ,  H04J3/0661 ,  H04J3/14 ,  H04L1/242 ,  H04L9/0866 ,  H04L9/3239 ,  H04L9/3242 ,  H04L41/046 ,  H04L41/0668 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L43/02 ,  H04L43/026 ,  H04L43/04 ,  H04L43/062 ,  H04L43/08 ,  H04L43/0805 ,  H04L43/0811 ,  H04L43/0829 ,  H04L43/0841 ,  H04L43/0858 ,  H04L43/0864 ,  H04L43/0876 ,  H04L43/0882 ,  H04L43/0888 ,  H04L43/10 ,  H04L43/106 ,  H04L43/12 ,  H04L43/16 ,  H04L45/306 ,  H04L45/38 ,  H04L45/46 ,  H04L45/507 ,  H04L45/66 ,  H04L45/74 ,  H04L47/11 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/28 ,  H04L47/31 ,  H04L47/32 ,  H04L61/5007 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1466 ,  H04L63/16 ,  H04L63/20 ,  H04L67/01 ,  H04L67/10 ,  H04L67/1001 ,  H04L67/12 ,  H04L67/51 ,  H04L67/75 ,  H04L69/16 ,  H04L69/22 ,  H04W72/54 ,  H04W84/18 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2145 ,  H04L67/535

Abstract: A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

公开(公告)号：US11921864B2

公开(公告)日：2024-03-05

申请号：US17951690

申请日：2022-09-23

Applicant: ReliaQuest Holdings, LLC

Inventor： Brian P. Murphy ,  Joe Partlow ,  Colin O'Connor ,  Jason Pfeiffer

IPC: G06F21/00 ,  G06F8/65 ,  G06F18/214 ,  G06F21/53 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G06F30/20 ,  G06N20/00 ,  H04L9/40

CPC classification number: G06F21/577 ,  G06F8/65 ,  G06F18/214 ,  G06F21/53 ,  G06F21/55 ,  G06F21/554 ,  G06F21/56 ,  G06F21/561 ,  G06F21/562 ,  G06F21/566 ,  G06F21/568 ,  G06F30/20 ,  G06N20/00 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/164 ,  H04L63/20 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A computer-implemented method, computer program product and computing system for: obtaining first system-defined platform information concerning a first security-relevant subsystem within a computing platform; obtaining at least a second system-defined platform information concerning at least a second security-relevant subsystem within the computing platform; combining the first system-defined platform information and the at least a second system-defined platform information to form system-defined consolidated platform information; and generating a security profile based, at least in part, upon the system-defined consolidated platform information.

公开(公告)号：US11918918B2

公开(公告)日：2024-03-05

申请号：US17557100

申请日：2021-12-21

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Michael R. Albrecht ,  Oliver Spatscheck

IPC: A63F13/71 ,  H04L9/40

CPC classification number: A63F13/71 ,  H04L63/126 ,  H04L63/1408 ,  H04L63/1441

Abstract: Aspects of the subject disclosure may include, for example, analyzing data to identify that the data is associated with an online game, translating, based on the analyzing, a first address associated with the data to a second address that is different from the first address, and transmitting the data to a communication device using the second address. Other embodiments are disclosed.

公开(公告)号：US11916953B2

公开(公告)日：2024-02-27

申请号：US16579215

申请日：2019-09-23

Applicant: Cybereason, Inc.

Inventor： Phillip Tsukerman

IPC: H04L9/40

CPC classification number: H04L63/1441

Abstract: A method of generating a baseline of expected behavior on a single machine or endpoint to accurately fingerprint the native behavior of the NTLM protocol on that particular endpoint in a network. By limiting the scope of a baseline to a single endpoint, the scope of the baseline can consist of expected behavior (including supported hash functions, version strings and various feature flags). Deviations from these behaviors are considered evidence of a redundant implementation of NTLM utilized by an attacker and thus as evidence of an attempted PTH attack. Using this method it is possible to accurately detect PTH attacks originating from all publicly known non-standard implementations of NTLM existing in tools such as Impacket, Metasploit, and Invoke-TheHash.

公开(公告)号：US11916932B2

公开(公告)日：2024-02-27

申请号：US17722131

申请日：2022-04-15

Applicant: Cisco Technology, Inc.

Inventor： Martin Rehak ,  David McGrew ,  Blake Harrell Anderson ,  Scott William Dunlop

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/02 ,  H04L63/0428 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20 ,  H04L63/166

Abstract: In one embodiment, a traffic inspection service executed by an intermediary device obtains, from a monitoring agent executed by an endpoint device, keying information for an encrypted traffic session between the endpoint device and a remote entity. The traffic inspection service provides a notification to the monitoring agent that acknowledges receipt of the keying information. The traffic inspection service uses the keying information to decrypt encrypted traffic from the encrypted traffic session. The traffic inspection service applies a policy to the encrypted traffic session between the endpoint device and the remote entity, based on the decrypted traffic from the session.