公开(公告)号：US12010210B1

公开(公告)日：2024-06-11

申请号：US18370672

申请日：2023-09-20

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Robert McNutt ,  Daniel Ricardo dos Santos

IPC: H04L9/06 ,  H04L9/08

CPC classification number: H04L9/06 ,  H04L9/0852

Abstract: A system includes a processing device, operatively coupled to memory, to obtain one or more ciphers that are supported by a device that is coupled to a network, determine, by the processing device, a value associated with the device, based on whether each of the one or more ciphers that are supported by the device is quantum-safe, and generate a notification based on the value.

公开(公告)号：US20230421581A1

公开(公告)日：2023-12-28

申请号：US18241663

申请日：2023-09-01

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante ,  Mario Dagrada ,  Alessandro Manzi

IPC: H04L9/40 ,  H04L41/0604

CPC classification number: H04L63/1416 ,  H04L41/0609 ,  H04L63/1425 ,  H04L63/1433

Abstract: A method includes accessing events associated with a network and determining an issue based on a correlation of a portion of the events, wherein the issue represents an incident associated with the portion of the events, and wherein the correlation of the portion of the events is based on information associated with the network and at least in part on an event type of the portion of the events. A priority associated with the issue is determined at least based on the event type of the portion of the events. A first event type that is associated with an operational technology (OT) entity has a higher priority than a second event type that is not associated with the OT entity. Data associated with the issue is stored.

公开(公告)号：US20230198882A1

公开(公告)日：2023-06-22

申请号：US17557769

申请日：2021-12-21

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante

IPC: H04L43/18 ,  H04L43/04

CPC classification number: H04L43/18 ,  H04L43/04

Abstract: Systems, methods, and related technologies for determining fields of an unknown protocol are described. One or more packets may be removed from a network traffic capture in response to the one or more packets having a known protocol. The remaining network traffic capture may be grouped into one or more clusters of packets based on similarity. Each of the one or more clusters may be parsed to identify one or more fields of an unknown protocol. The network traffic capture may be modified, including annotating the one or more fields of the unknown protocol.

公开(公告)号：US20250071043A1

公开(公告)日：2025-02-27

申请号：US18948155

申请日：2024-11-14

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante

IPC: H04L43/18 ,  H04L43/04

Abstract: Systems and methods to determine fields of an unknown protocol are described. The method includes grouping network traffic capture into one or more clusters of packets based on similarity and parsing each of the one or more clusters to identify one or more fields of an unknown protocol. The method further includes generating a description of the unknown protocol comprising the identified one or more fields of the unknown protocol and an order of the identified one or more fields of the unknown protocol. The method further includes compiling the description into a protocol parser.

公开(公告)号：US20240031260A1

公开(公告)日：2024-01-25

申请号：US18373778

申请日：2023-09-27

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Michail Kapsalakis ,  Daniel Ricardo dos Santos ,  Davide Fauri

IPC: H04L43/062 ,  G06F18/213 ,  H04L41/0893 ,  H04L43/0811 ,  H04L43/0882

CPC classification number: H04L43/062 ,  G06F18/213 ,  H04L41/0893 ,  H04L43/0811 ,  H04L43/0882

Abstract: Systems, methods, and related technologies for entity classification and attribute designation are described. Device property data of a device coupled to a network is accessed. Features of the device are identified based on the device property data. A first value for an attribute of the device is determined based on a rule applied to the one or more features of the device, wherein a belief value for the first rule is associated with the first value. A final value for the attribute of the device is selected based on the first belief value for the first value of the attribute. An explanation of the selection of the final value for the attribute is provided and a security action is performed on the entity based on the final value for the attribute of the entity and a security policy associated with the final value for the attribute.

公开(公告)号：US11777832B2

公开(公告)日：2023-10-03

申请号：US17557769

申请日：2021-12-21

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Daniel Ricardo dos Santos ,  Elisa Costante

IPC: G06F15/167 ,  H04L43/18 ,  H04L43/04

CPC classification number: H04L43/18 ,  H04L43/04

Abstract: Systems, methods, and related technologies for determining fields of an unknown protocol are described. One or more packets may be removed from a network traffic capture in response to the one or more packets having a known protocol. The remaining network traffic capture may be grouped into one or more clusters of packets based on similarity. Each of the one or more clusters may be parsed to identify one or more fields of an unknown protocol. The network traffic capture may be modified, including annotating the one or more fields of the unknown protocol.

公开(公告)号：US20230099243A1

公开(公告)日：2023-03-30

申请号：US17489890

申请日：2021-09-30

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Michail Kapsalakis ,  Daniel Ricardo dos Santos ,  Davide Fauri

IPC: H04L12/26 ,  G06K9/62

Abstract: Systems, methods, and related technologies for entity classification and attribute designation are described. Device property data associated with a device coupled to a network is accessed. One or more features for the device are identified based on the device property data. A first value for an attribute of the device is determined based on a set of rules applied to the one or more features of the device. A first belief value for the attribute is determined based on the set of rules applied to the one or more features of the device. A final value for the attribute of the device is selected based at least in part on the first belief value for the first value of the attribute.

公开(公告)号：US20240291721A1

公开(公告)日：2024-08-29

申请号：US18639541

申请日：2024-04-18

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Elisa Costante ,  Daniel Ricardo dos Santos ,  Guillaume François Christophe Dupont

IPC: H04L41/14 ,  G06N5/04 ,  G06N20/00 ,  H04L41/12

CPC classification number: H04L41/14 ,  G06N5/04 ,  G06N20/00 ,  H04L41/12

Abstract: Systems, methods, and related technologies for entity classification are described. Entity attributes for entity classification are determined and entities coupled to a network are monitored. Values for each entity attribute for each entity coupled to the network are identified. A semantic similarity, between the plurality of entities, of the values for each entity attribute is determined. The entities are clustered into multiple entity clusters based on the semantic similarity of the values for each of the entity attributes for the entities.

公开(公告)号：US12003383B2

公开(公告)日：2024-06-04

申请号：US17362770

申请日：2021-06-29

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Elisa Costante ,  Daniel Ricardo dos Santos ,  Guillaume François Christophe Dupont

IPC: H04L41/14 ,  G06N5/04 ,  G06N20/00 ,  H04L41/12

CPC classification number: H04L41/14 ,  G06N5/04 ,  G06N20/00 ,  H04L41/12

Abstract: Systems, methods, and related technologies for classification are described. Entity attribute data associated with network entities is obtained. One or more entity attributes for classifying a set of entities is determined based on the entity attribute data. A set of entities coupled to a network are monitored. Values of the one or more entity attributes for the plurality of entities is identified. The set of entities are clustered into one or more entity clusters based on a similarity of the one or more entity attributes for the entities. An entity fingerprinting action is then performed based on the entity clusters.

公开(公告)号：US20230370479A1

公开(公告)日：2023-11-16

申请号：US18072238

申请日：2022-11-30

Applicant: FORESCOUT TECHNOLOGIES, INC.

Inventor： Elisa Costante ,  Daniel Ricardo dos Santos ,  Cristoffer Leite da Silva

IPC: H04L9/40

CPC classification number: H04L63/1416

Abstract: Systems and methods for automatic attack pattern generation from cyber threat intelligence are described. Attack pattern generation includes obtaining cyber threat intelligence including a set of methodologies used by a cyber threat and identifying a set of network detectable events associated with the set of methodologies used by the cyber threat. An attack pattern is generated including the plurality of detectable events associated with the plurality of methodologies.