公开(公告)号：US20200351307A1

公开(公告)日：2020-11-05

申请号：US16929404

申请日：2020-07-15

Applicant: SECUREWORKS CORP.

Inventor： Timothy Vidas ,  Jon Ramsey ,  Aaron Hackworth ,  Robert Danford ,  William Urbanski

IPC: H04L29/06 ,  G06N7/00 ,  G06N3/08 ,  G06F21/52 ,  G06F21/62

Abstract: Methods and systems for building security applications can be provided. Data policies for accessing security data can be set, and a module pipeline including one or more modules selected from a plurality of modules can be generated. The modules can include at least one module operable to apply a predictive security application or model for detection or identification of security threats. Module execution policies governing execution of the one or more modules in the module pipeline also can be set. Upon receipt of a request to initiate execution of the module pipeline, it can be determined if the execution thereof would violate the data policies or the module execution policies. If so, execution of the module pipeline can be blocked, otherwise the module pipeline can be executed to process the portion of the security data.

公开(公告)号：US20190141079A1

公开(公告)日：2019-05-09

申请号：US15804109

申请日：2017-11-06

Applicant: SECUREWORKS CORP.

Inventor： Timothy Vidas ,  Jon Ramsey ,  Aaron Hackworth ,  Robert Danford ,  William Urbanski

IPC: H04L29/06 ,  G06F21/52 ,  G06N3/08 ,  G06N7/00

Abstract: Methods and systems for developing and distributing applications and data for building security applications can be provided. A plurality of data policies can be set for access and/or filtering security data based on selected parameters. One or more modules can be generated for processing the security data, with each of the modules governed by one or more module policies. Upon receipt of a request to initiate execution of the one or more modules to access and process a selected portion or filtered set of the security data, it can be determined if the request violates the data policies and/or the module policies applicable for processing the selected portion or filtered set of the security data, and if the data policies and/or the module policies are not violated, the one or more modules can be executed to process the selected portion or filtered set of the security data.

公开(公告)号：US10735470B2

公开(公告)日：2020-08-04

申请号：US15804109

申请日：2017-11-06

Applicant: SECUREWORKS CORP.

Inventor： Timothy Vidas ,  Jon Ramsey ,  Aaron Hackworth ,  Robert Danford ,  William Urbanski

IPC: H04L29/06 ,  G06N7/00 ,  G06N3/08 ,  G06F21/52 ,  G06F21/62

Abstract: Methods and systems for developing and distributing applications and data for building security applications can be provided. A plurality of data policies can be set for access and/or filtering security data based on selected parameters. One or more modules can be generated for processing the security data, with each of the modules governed by one or more module policies. Upon receipt of a request to initiate execution of the one or more modules to access and process a selected portion or filtered set of the security data, it can be determined if the request violates the data policies and/or the module policies applicable for processing the selected portion or filtered set of the security data, and if the data policies and/or the module policies are not violated, the one or more modules can be executed to process the selected portion or filtered set of the security data.

公开(公告)号：US20170244762A1

公开(公告)日：2017-08-24

申请号：US15436215

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas ,  Oliver J. Palmer ,  Jon Ramsey ,  Matt J. McCormack

IPC: H04L29/06 ,  G06F9/445

CPC classification number: H04L63/1441 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/145 ,  H04L63/1466 ,  H04L63/20 ,  H04L63/308

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

公开(公告)号：US20170244754A1

公开(公告)日：2017-08-24

申请号：US15436301

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas

IPC: H04L29/06

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

公开(公告)号：US20170244750A1

公开(公告)日：2017-08-24

申请号：US15436277

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas ,  Oliver J. Palmer ,  Jon Ramsey ,  Matt J. McCormack

IPC: H04L29/06 ,  G06F9/445

CPC classification number: H04L63/308 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1466 ,  H04L63/20

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

公开(公告)号：US20170244734A1

公开(公告)日：2017-08-24

申请号：US15436286

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/707

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

公开(公告)号：US10713360B2

公开(公告)日：2020-07-14

申请号：US15436286

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas

IPC: G06F21/56 ,  H04L29/06 ,  G06F9/54 ,  G06F21/55 ,  H04L12/24 ,  H04L12/707 ,  G06F9/4401 ,  H04L29/12

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

公开(公告)号：US10678919B2

公开(公告)日：2020-06-09

申请号：US15436295

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas

IPC: G06F21/56 ,  H04L29/06 ,  G06F9/54 ,  G06F21/55 ,  H04L12/24 ,  H04L12/707 ,  G06F9/4401 ,  H04L29/12

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

公开(公告)号：US20170243004A1

公开(公告)日：2017-08-24

申请号：US15436295

申请日：2017-02-17

Applicant: SecureWorks Corp.

Inventor： Ross R. Kinder ,  Aaron Hackworth ,  Matthew K. Geiger ,  Kevin R. Moore ,  Timothy M. Vidas

IPC: G06F21/55 ,  H04L29/06 ,  G06F21/56

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.