-
公开(公告)号:US08904520B1
公开(公告)日:2014-12-02
申请号:US12407772
申请日:2009-03-19
IPC分类号: H04L29/06
CPC分类号: H04L63/1425 , G06F21/56 , G06F21/564 , G06F21/566 , G06F2221/034 , G06F2221/2101 , H04L63/145 , H04L67/22
摘要: A communication between an entity and a host is identified. Reputation information associated with a set of other entities that communicate with the host is identified. A reputation score associated with the host is generated based on the reputation information associated with a set of other entities. A reputation score associated with the entity is generated based on the reputation score associated with the host.
摘要翻译: 识别实体和主机之间的通信。 识别与与主机通信的一组其他实体相关联的信誉信息。 基于与一组其他实体相关联的信誉信息生成与主机相关联的信誉评分。 基于与主机相关联的信誉评分,生成与该实体相关联的信誉评分。
-
公开(公告)号:US07562391B1
公开(公告)日:2009-07-14
申请号:US11109215
申请日:2005-04-18
CPC分类号: G06F21/55 , G06F21/52 , G06F2221/2151
摘要: Certain events, such as data input operating system calls, are likely to initiate a buffer overflow attack. A timing module generates timestamps that indicate when such possible initiating events occur. The timestamp is associated with a particular process and/or thread executing on the computer. If subsequent evidence of a buffer overflow attack is detected on the computer, the timestamps are consulted to determine if a possible initiating event occurred recently. If there is a recent initiating event, a buffer overflow attack is declared. Evidence of a buffer overflow attack can include receiving a signal from the processor indicating that the processor was asked to execute an instruction residing in non-executable memory. Evidence of a buffer overflow attack can also include detecting an action on the computer that malicious software is likely to perform, such as opening a file or network connection, being performed by an instruction residing in non-executable memory.
摘要翻译: 某些事件(如数据输入操作系统调用)可能会发生缓冲区溢出攻击。 定时模块生成指示何时发生这种可能的发起事件的时间戳。 时间戳与计算机上执行的特定进程和/或线程相关联。 如果在计算机上检测到缓冲区溢出攻击的后续证据,则查询时间戳以确定最近是否发生可能的启动事件。 如果存在最近的启动事件,则会声明缓冲区溢出攻击。 缓冲区溢出攻击的证据可以包括从处理器接收指示处理器被要求执行驻留在不可执行存储器中的指令的信号。 缓冲区溢出攻击的证据还可以包括检测由驻留在不可执行存储器中的指令执行恶意软件可能执行的操作,例如打开文件或网络连接。
-
公开(公告)号:US20200344113A1
公开(公告)日:2020-10-29
申请号:US16926907
申请日:2020-07-13
摘要: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.
-
公开(公告)号:US09959404B2
公开(公告)日:2018-05-01
申请号:US11865073
申请日:2007-10-01
申请人: Carey Nachenberg , Michael Spertus , Sourabh Satish , Gerry Egan
发明人: Carey Nachenberg , Michael Spertus , Sourabh Satish , Gerry Egan
CPC分类号: G06F21/51 , G06F21/56 , H04L63/1416
摘要: Computer-implemented methods and systems for creating or updating approved-file and trusted-domain databases and verifying the legitimacy of files are disclosed. A method for creating or updating an approved-file database may include intercepting a first file, identifying a source domain associated with the first file, identifying a trusted-domain database, determining whether a database record for the source domain associated with the first file exists within the trusted-domain database, creating a hash value for the first file if a database record for the source domain associated with the first file exists within the trusted-domain database, and storing the hash value for the first file in an approved-file database. Methods and systems for verifying the legitimacy of a file and for creating or updating a trusted-domain database are also disclosed.
-
公开(公告)号:US09077715B1
公开(公告)日:2015-07-07
申请号:US11394846
申请日:2006-03-31
申请人: Sourabh Satish , Brian Hernacki
发明人: Sourabh Satish , Brian Hernacki
CPC分类号: H04L63/10 , G06F21/00 , G06F21/552 , H04L63/1425 , H04L63/145
摘要: Making a trust decision is disclosed. One or more members of a social trust network are polled for information associated with a trust decision about a computing environment. The information includes information collected automatically with respect to activities of one or more of the one or more members of the social trust network. At least one action is taken based at least in part on the information.
摘要翻译: 披露信任决定。 针对与关于计算环境的信任决策相关联的信息,轮询社会信任网络的一个或多个成员。 该信息包括针对一个或多个一个或多个社会信任网络成员的活动而自动收集的信息。 至少部分地基于该信息采取至少一个动作。
-
公开(公告)号:US08977764B1
公开(公告)日:2015-03-10
申请号:US12039515
申请日:2008-02-28
申请人: Zulfikar Ramzan , Sourabh Satish , Brian Hernacki
发明人: Zulfikar Ramzan , Sourabh Satish , Brian Hernacki
IPC分类号: G06F15/16
CPC分类号: G06F11/3466 , G06F9/44521 , G06F11/3409 , G06F2201/865
摘要: Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.
摘要翻译: 应用程序使用情况基于应用程序流式进行分析。 多个应用程序的代码页从服务器流式传输到多个客户端计算机(端点)以供执行。 监视代码页的流式传输,并收集使用数据,例如哪些页面被流式传输到哪个端点,在什么情况下和什么时候。 通过引用流传输的代码页和底层的源代码,代码页被映射(至少近似)到相应的应用程序特征。 分析收集的使用数据用法和相关映射,以创建流应用程序的应用程序使用情况数据。 应用程序使用情况数据可以包括诸如应用组件的执行频率,何时何地以及由哪个应用组件执行的信息以及哪些组件导致错误,最受欢迎的,混淆用户等的信息。
-
7.发明授权公开(公告)号:US08955109B1
公开(公告)日:2015-02-10
申请号:US12771980
申请日:2010-04-30
申请人: Sourabh Satish
发明人: Sourabh Satish
IPC分类号: G06F11/00
CPC分类号: G06F21/577 , G06F21/50 , G06F2221/034 , G09B5/00 , G09B19/0053
摘要: Social engineering attacks are simulated to a user, by performing the steps of the attacks without actually performing any malicious activity. Educational security information is displayed to the user, based on the user's response to simulated social engineering attacks. If the user responds to a simulated social engineering attack in a manner indicating that the user is vulnerable, educational security information can be displayed that educates the user as to how to avoid being victimized. One or more security settings for protecting the user's computer from malware can be adjusted, based on the user's response to the simulating of social engineering attacks. Additionally, other factors can be adjusted based on the user's response to the simulating of social engineering attacks, such as a security hygiene rating and/or a level of monitoring activity concerning the user.
摘要翻译: 通过在不实际执行任何恶意活动的情况下执行攻击步骤,向用户模拟社会工程攻击。 根据用户对模拟社会工程攻击的反应,向用户显示教育安全信息。 如果用户以表示用户易受攻击的方式对模拟的社会工程攻击做出响应,则可以显示教育安全信息,教育用户如何避免受害。 可以根据用户对模拟社会工程攻击的反应来调整用于保护用户计算机免受恶意软件的一个或多个安全设置。 另外,还可以根据用户对模拟社会工程攻击的反应来调整其他因素,例如安全卫生评级和/或关于用户的监视活动级别。
-
8.发明授权Systems and methods for creating and managing backups based on health information 有权基于健康信息创建和管理备份的系统和方法公开(公告)号:US08949187B1
公开(公告)日:2015-02-03
申请号:US12130786
申请日:2008-05-30
申请人: Sourabh Satish , William E. Sobel
发明人: Sourabh Satish , William E. Sobel
CPC分类号: G06F11/1461 , G01R31/3679 , G06F11/1441
摘要: A computer-implemented method may include performing an evaluation of the computing system's health. The computer-implemented method may also include comparing results of the evaluation with the results of at least one prior evaluation of the computing system's health and then determining, based on the comparison, that a current state of health of the computing system is healthier than at least one prior state of health of the computing system. In addition, the computer-implemented method may include creating a backup of the computing system. A computer-implemented method for managing backups of a computing system based on health information is also disclosed. Corresponding systems and computer-readable media are also disclosed.
摘要翻译: 计算机实现的方法可以包括对计算系统的健康进行评估。 计算机实现的方法还可以包括将评估的结果与计算系统的健康的至少一个先前评估的结果进行比较,然后基于比较来确定计算系统的当前健康状况比在 至少一个计算系统的健康状况。 此外,计算机实现的方法可以包括创建计算系统的备份。 还公开了一种用于管理基于健康信息的计算系统的备份的计算机实现的方法。 还公开了相应的系统和计算机可读介质。
-
公开(公告)号:US08862730B1
公开(公告)日:2014-10-14
申请号:US11392093
申请日:2006-03-28
申请人: Brian Hernacki , Sourabh Satish
发明人: Brian Hernacki , Sourabh Satish
IPC分类号: G06F15/173 , H04L29/06 , H04L12/24
CPC分类号: H04L63/1433 , H04L29/06551 , H04L29/06884 , H04L29/06904 , H04L41/08 , H04L41/0803 , H04L63/10 , H04L63/1408 , H04L63/20
摘要: Providing security for a network is disclosed. Network traffic associated with a host is monitored. If an activity pattern associated with a configuration change of the host is observed, access by the host to the network is restricted based at least in part on the observed activity pattern.
摘要翻译: 披露了网络的安全性。 监控与主机相关联的网络流量。 如果观察到与主机的配置更改相关联的活动模式,则至少部分地基于观察到的活动模式来限制主机对网络的访问。
-
公开(公告)号:US08788845B1
公开(公告)日:2014-07-22
申请号:US13525105
申请日:2012-06-15
申请人: Sourabh Satish
发明人: Sourabh Satish
摘要: An execution environment of a computer computes an initial effective permissions set for managed code based on user identity evidence, code evidence and/or a security policy and executes the code with this permissions set. If the managed code requests a data access, the execution environment considers data evidence that indicates the trustworthiness of the requested data. The data evidence can be based on the source of the data, the location of the data, the content of the data itself, or other factors. The execution environment computes a new effective permissions set for the managed code based on the data evidence and the security policy. This new effective permissions set is applied to the managed code while the code accesses the data. The execution environment restores the initial permissions set once the managed code completes the data access.
摘要翻译: 计算机的执行环境根据用户身份证据,代码证据和/或安全策略计算托管代码的初始有效权限集,并使用该权限集执行代码。 如果托管代码请求数据访问,则执行环境会考虑指示所请求数据的可信赖性的数据证据。 数据证据可以基于数据的来源,数据的位置,数据本身的内容或其他因素。 执行环境根据数据证据和安全策略计算托管代码的新的有效权限集。 当代码访问数据时,这个新的有效权限集应用于托管代码。 一旦托管代码完成数据访问,执行环境将恢复初始权限集。
-
-
-
-
-
-
-
-
-
搜索结果
177 条记录 (耗时 0.021 秒)
