公开(公告)号：US11522884B1

公开(公告)日：2022-12-06

申请号：US17133411

申请日：2020-12-23

申请人： FireEye, Inc.

发明人： Sai Vashisht ,  Sumer Deshpande

IPC分类号： H04L9/40 ,  H04L12/14

摘要： One embodiment of the described invention is directed to a key management module deployed within a cybersecurity system that operates as a multi-tenant Security-as-a-Service (SaaS) by relying on Infrastructure-as-a-Service (IaaS) cloud processing resources and cloud storage resources. The key management module is configured to assign a master key to a subscriber upon registration and, as requested, generate one or more virtual keys, based at least in part on the master key, for distribution to the subscriber. Each virtual key is included as part of a submission into the cybersecurity system and is used to authenticate the subscriber of the submission and verify that the subscriber is authorized to perform one or more tasks associated with the submission before the one or more tasks are performed.

公开(公告)号：US11271955B2

公开(公告)日：2022-03-08

申请号：US16222501

申请日：2018-12-17

申请人： FireEye, Inc.

发明人： Sai Vashisht ,  Alexander Otvagin

IPC分类号： H04L29/06 ,  G06F16/245 ,  G06F16/28

摘要： A system for detecting artifacts associated with a cyber-attack features a cybersecurity intelligence hub remotely located from and communicatively coupled to one or more network devices via a network. The hub includes a data store and retroactive reclassification logic. The data store includes stored meta-information associated with each prior evaluated artifact of a plurality of prior evaluated artifacts. Each meta-information associated with a prior evaluated artifact of the plurality of prior evaluated artifacts includes a verdict classifying the prior evaluated artifact as a malicious classification or a benign classification. The retroactive reclassification logic is configured to analyze the stored meta-information associated with the prior evaluated artifact and either (a) identify whether the verdict associated with the prior evaluated artifact is in conflict with trusted cybersecurity intelligence or (b) identify inconsistent verdicts for the same prior evaluated artifact.

公开(公告)号：US11240275B1

公开(公告)日：2022-02-01

申请号：US16223107

申请日：2018-12-17

申请人： FireEye, Inc.

发明人： Sai Vashisht ,  Alexander Otvagin

IPC分类号： H04L29/06

摘要： A network device for collecting and distributing cybersecurity intelligence, which features analytics logic and a plurality of plug-ins. The analytics logic is configured to (i) receive a request message to conduct a cybersecurity analysis and (ii) select one of a first set or second set of plug-ins to conduct the cybersecurity analysis. Responsive to selecting a first plug-in of the first set of plug-ins by the analytics logic, the system conducts and completes the cybersecurity analysis while a communication session between the first plug-in and a network device initiating the request message remains open. Responsive to selecting a second plug-in by the analytics logic, the system conducts and completes the cybersecurity analysis while allowing the cybersecurity intelligence to be provided in response to the request message during a different and subsequent communication session than the communication session during which the request message is received.

公开(公告)号：US10534906B1

公开(公告)日：2020-01-14

申请号：US15919085

申请日：2018-03-12

申请人： FireEye, Inc.

发明人： Sushant Paithane ,  Sai Vashisht

IPC分类号： H04L29/00 ,  G06F21/53 ,  G06F9/455 ,  G06F21/55 ,  G06F21/56 ,  H04L29/06

摘要： A computerized system and method is described for classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors, where the monitoring is conducted in an electronic device that is different than the electronic device within which an analysis of attributes of the objects is conducted beforehand. The monitors may monitor and record selected sets of process operations and capture associated process parameters, which describe the context in which the process operations were performed. By recording the context of process operations, the system and method described herein improves the intelligence of classifications and consequently reduces the likelihood of incorrectly identifying objects as malware or vice versa.

公开(公告)号：US20150220735A1

公开(公告)日：2015-08-06

申请号：US14173765

申请日：2014-02-05

申请人： FireEye, Inc.

发明人： Sushant Paithane ,  Sai Vashisht

IPC分类号： G06F21/56 ,  G06F21/53

CPC分类号： G06F21/53 ,  G06F9/45558 ,  G06F21/552 ,  G06F21/566 ,  G06F2009/45591 ,  G06F2221/033 ,  H04L63/145

摘要： A computerized system and method is described for classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors. The monitors may monitor and record selected sets of process operations and capture associated process parameters, which describe the context in which the process operations were performed. By recording the context of process operations, the system and method described herein improves the intelligence of classifications and consequently reduces the likelihood of incorrectly identifying objects as malware or vice versa.

摘要翻译： 描述了一种计算机化的系统和方法，用于通过处理虚拟环境中的对象并且在由一个或多个监视器处理期间监视行为来将对象分类为恶意的。 监视器可以监视和记录所选择的一组过程操作并捕获相关联的过程参数，其描述执行过程操作的上下文。 通过记录过程操作的上下文，本文描述的系统和方法改进了分类的智能，并因此降低了将对象错误地识别为恶意软件的可能性，反之亦然。

公开(公告)号：US11436327B1

公开(公告)日：2022-09-06

申请号：US17133379

申请日：2020-12-23

申请人： FireEye, Inc.

发明人： Sai Vashisht ,  Sushant Paithane ,  Imtiyaz Yunus Pathan

IPC分类号： G06F21/00 ,  G06F21/56 ,  G06F21/55 ,  G06F21/54

摘要： One embodiment of the described invention is directed to a computerized method for improving detection of cybersecurity threats initiated by a script. Herein, the method is configured to analyze the script provided as part of a script object by at least (i) determining whether any functional code blocks forming the script include a critical code statement, (ii) determining whether any of the functional code blocks include an evasive code statement, (iii) modifying the script to control processing of a subset of the functional code blocks by avoiding an execution code path including the evasive code statement and processing functional code blocks forming a code path including the critical code statement, and (iv) executing of the modified script and monitoring behaviors of a virtual environment. Thereafter, the method is configured to determine whether the script including cybersecurity threats based on the monitored behaviors.

公开(公告)号：US11368475B1

公开(公告)日：2022-06-21

申请号：US16231074

申请日：2018-12-21

申请人： FireEye, Inc.

发明人： Sai Vashisht

IPC分类号： G06F16/9535 ,  H04L9/40

摘要： A system and method for retrieval and analysis of stored objects for malware is described. The method involves receiving a scan request message from a customer to conduct analytics on one or more objects stored within a third-party controlled service. In response to receipt of the scan request message, the system generates a redirect message. The redirect message redirects the customer to an authentication portal of the third-party controlled service operating as a logon page and configures receipt by the system of access credentials for the third-party controlled service upon verification of the customer. Using the access credentials, the system is able to retrieve the one or more objects using the access credentials and performing analytics on each object of the one or more objects to classify each object as malicious or benign.

公开(公告)号：US11297074B1

公开(公告)日：2022-04-05

申请号：US16459536

申请日：2019-07-01

申请人： FireEye, Inc.

发明人： Michael Vincent ,  Emmanuel Thioux ,  Sai Vashisht ,  Darien Kindlund

IPC分类号： G06F21/00 ,  H04L29/06

摘要： According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.

公开(公告)号：US09483644B1

公开(公告)日：2016-11-01

申请号：US14675648

申请日：2015-03-31

申请人： FireEye, Inc.

发明人： Sushant Paithane ,  Sai Vashisht ,  Raymond Yang ,  Yasir Khalid

IPC分类号： G06F21/56 ,  G06F17/30

CPC分类号： G06F21/566 ,  G06F17/30088 ,  G06F17/30123 ,  G06F17/30144 ,  G06F2221/031

摘要： According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received object and monitors the processing during the dynamic analysis for a change to a file system within the virtual machine wherein the change involves a lure file placed in the file system. The file system is configured based on a received configuration file. Upon detection of a change in the file system associated with a lure file, the changes associated with the lure file during processing are compared to known file activity patterns of changes caused by file altering malware to determine whether the object includes file altering malware.

摘要翻译： 根据一个实施例，威胁检测平台与自动执行接收到的对象的动态分析的至少一个虚拟机集成，并且在动态分析期间监视对虚拟机内的文件系统的改变的处理，其中变化涉及 一个引用文件放在文件系统中。 文件系统是根据接收到的配置文件配置的。 在检测到与诱饵文件相关联的文件系统的变化时，将与处理期间的诱饵文件相关联的改变与由文件改变恶意软件引起的变化的已知文件活动模式进行比较，以确定对象是否包括文件更改恶意软件。

公开(公告)号：US09438613B1

公开(公告)日：2016-09-06

申请号：US14673535

申请日：2015-03-30

申请人： FireEye, Inc.

发明人： Sushant Paithane ,  Sai Vashisht

IPC分类号： G06F12/14 ,  H04L29/06 ,  G06F17/30

CPC分类号： H04L63/1425 ,  G06F21/566 ,  H04L63/168

摘要： According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received document object and monitors the processing during the dynamic analysis. The dynamic analysis includes a detection of embedded objects and may automatically process the embedded objects, while maintaining a context of the embedding, within the virtual machine processing the document object. The virtual machine may monitor the processing of both the document object and the embedded object. The results of the processing may be analyzed to determine whether the document object includes malware and/or a threat level of the document object.

摘要翻译： 根据一个实施例，威胁检测平台与至少一个虚拟机集成，所述至少一个虚拟机自动执行对所接收的文档对象的动态分析，并在动态分析期间监视处理。 动态分析包括对嵌入对象的检测，并且可以自动处理嵌入对象，同时保持嵌入的上下文，在虚拟机中处理文档对象。 虚拟机可以监视文档对象和嵌入对象的处理。 可以分析处理的结果以确定文档对象是否包括文档对象的恶意软件和/或威胁级别。