-
公开(公告)号:US11025665B2
公开(公告)日:2021-06-01
申请号:US16895608
申请日:2020-06-08
发明人: Philip K. Newman , Puhazholi Vetrivel , Sudhakar Narayanamurthy , Ejike E. Ofuonye , Suresh C. Palani , Ashish Mishra
摘要: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.
-
公开(公告)号:US10715545B2
公开(公告)日:2020-07-14
申请号:US15874983
申请日:2018-01-19
发明人: Philip K. Newman , Puhazholi Vetrivel , Sudhakar Narayanamurthy , Ejike E. Ofuonye , Suresh C. Palani , Ashish Mishra
摘要: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.
-
公开(公告)号:US20190098040A1
公开(公告)日:2019-03-28
申请号:US15874983
申请日:2018-01-19
发明人: Philip K. Newman , Puhazholi Vetrivel , Sudhakar Narayanamurthy , Ejike E. Ofuonye , Suresh C. Palani , Ashish Mishra
IPC分类号: H04L29/06
摘要: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.
-
公开(公告)号:US20180255099A1
公开(公告)日:2018-09-06
申请号:US15447359
申请日:2017-03-02
发明人: Binyan Chen , Ben Appleby , Anupama Janardhan , Rui Chen , Krishna Kumar Parthasarathy , Suresh C. Palani , Puhazholi Vetrivel , Philip K. Newman , Michael A. Wilde
CPC分类号: H04L63/20 , H04L41/06 , H04L41/14 , H04L43/16 , H04L63/0227 , H04L63/1416 , H04L63/1425 , H04L63/145 , H04L63/1483 , H04L67/10
摘要: Correlated signals associated with one or more of stored content, content metadata, and activities associated with the stored content of a tenant may be analyzed and alert(s) determined based on alert threshold(s) or broader “abnormal” pattern detection. Different recipients for different alerts or alert levels may be designated and the alert(s) transmitted to the designated recipients. Alerts may also be displayed through an alert management dashboard of a protection service. The alert(s) and the results of the analysis may also be provided to a policy engine for use in adjusting or creating rules within a policy, alert thresholds, and signal collection/analysis. Post-fact investigations may also be initiated upon alerts.
-
公开(公告)号:US20180191781A1
公开(公告)日:2018-07-05
申请号:US15474042
申请日:2017-03-30
发明人: Suresh C. Palani , Ben Appleby , Rui Chen , Binyan Chen , Puhazholi Vetrivel , Michael A. Wilde
IPC分类号: H04L29/06
CPC分类号: H04L63/1441 , G06F21/552 , G06F21/554 , H04L63/1433 , H04L63/20
摘要: A multi-purpose platform may collect different types of signals such as metadata, documents, activities, etc. and correlate in a multi-stage evaluation framework in order to allow simple queries from components and clients of a compliance and security environment to be converted into rich analyses on available data. Various signals may be collected from tenant environment and correlated at multiple levels based on their content and context. Queries from components such as a threat intelligence manager, a data explorer module, or even clients of the system may be executed on the correlated data by focusing and/or filtering the queries based on the context, effectively converting a simple query to a comprehensive analysis. The platform may have intelligence to decide which type of data to run a query on based on the request and allow data investigations performing a chain-linked investigation that can go multiple levels deep.
-
-
-
-
搜索结果
5 条记录 (耗时 0.018 秒)
