公开(公告)号：US11902296B2

公开(公告)日：2024-02-13

申请号：US17139058

申请日：2020-12-31

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

CPC分类号： H04L63/14 ,  G06F21/566 ,  G06F21/577 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/205 ,  H04L67/306 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to trace the entity interaction between the first entity and the second entity.

公开(公告)号：US11902295B2

公开(公告)日：2024-02-13

申请号：US17139055

申请日：2020-12-31

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

CPC分类号： H04L63/14 ,  G06F21/566 ,  G06F21/577 ,  H04L63/102 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/205 ,  H04L67/306 ,  G06F2221/034

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to perform a forensics analysis.

公开(公告)号：US11895158B2

公开(公告)日：2024-02-06

申请号：US16878124

申请日：2020-05-19

申请人： Forcepoint, LLC

发明人： Lawrence Bruce Huston, III ,  David Coffey ,  Andrew Mortensen

IPC分类号： H04L9/40 ,  G06F3/0482 ,  H04L47/20 ,  G06N5/025

CPC分类号： H04L63/205 ,  G06F3/0482 ,  G06N5/025 ,  H04L47/20

摘要： A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having security policy visualization. At least one embodiment is directed to a computer-implemented method for implementing security policies in a secured network, including: retrieving a set of rules of a security policy; analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy; and generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions. In at least one embodiment, two or more security policies are presented with visual indicia representing differences between the security policies, including representations of one or more targeted policy dimensions with respect to one or more fixed policy dimensions.

公开(公告)号：US20210367979A1

公开(公告)日：2021-11-25

申请号：US16878124

申请日：2020-05-19

申请人： Forcepoint, LLC

发明人： Lawrence Bruce Huston, III ,  David Coffey ,  Andrew Mortensen

IPC分类号： H04L29/06 ,  G06N5/02 ,  H04L12/813 ,  G06F3/0482

摘要： A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having security policy visualization. At least one embodiment is directed to a computer-implemented method for implementing security policies in a secured network, including: retrieving a set of rules of a security policy; analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy; and generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions. In at least one embodiment, two or more security policies are presented with visual indicia representing differences between the security policies, including representations of one or more targeted policy dimensions with respect to one or more fixed policy dimensions.

公开(公告)号：US11528281B2

公开(公告)日：2022-12-13

申请号：US17012645

申请日：2020-09-04

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L9/40 ,  G06F21/56 ,  G06F21/57 ,  H04L67/306

摘要： A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation. The security analytics mapping operation includes: monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity.

公开(公告)号：US20210152570A1

公开(公告)日：2021-05-20

申请号：US17139058

申请日：2020-12-31

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L29/06

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to trace the entity interaction between the first entity and the second entity.

公开(公告)号：US20220070191A1

公开(公告)日：2022-03-03

申请号：US17012645

申请日：2020-09-04

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L29/06

摘要： A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation. The security analytics mapping operation includes: monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity.

公开(公告)号：US11070533B2

公开(公告)日：2021-07-20

申请号：US16598657

申请日：2019-10-10

申请人： Forcepoint LLC

发明人： Olli-Pekka Niemi ,  Andrew Mortensen ,  Valtteri Rahkonen

IPC分类号： H04L29/06

摘要： A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.

公开(公告)号：US20210152569A1

公开(公告)日：2021-05-20

申请号：US17139055

申请日：2020-12-31

申请人： Forcepoint, LLC

发明人： Andrew Mortensen ,  Assaf Almaz ,  David Coffey ,  Ofir Arkin

IPC分类号： H04L29/06

摘要： A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes monitoring a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; monitoring a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; generating an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and, using the entity interaction map to perform a forensics analysis.