-
公开(公告)号:US20100241974A1
公开(公告)日:2010-09-23
申请号:US12408453
申请日:2009-03-20
申请人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
CPC分类号: G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
摘要翻译: 描述了系统,方法和计算机程序产品,用于基于与相应的信息技术资产相关联的行为模型来控制关于信息技术资产的恶意活动检测。 与行为模型相关的保护规则和相应的敏感性被保护服务应用于检测信息技术资产的恶意活动。
-
公开(公告)号:US08490187B2
公开(公告)日:2013-07-16
申请号:US12408453
申请日:2009-03-20
申请人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
CPC分类号: G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
-
公开(公告)号:US08959568B2
公开(公告)日:2015-02-17
申请号:US11724061
申请日:2007-03-14
申请人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号: G06F11/00
CPC分类号: H04L63/20 , G06F21/552 , G06F21/577 , H04L41/0803 , H04L41/0893 , H04L63/1425
摘要: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.
摘要翻译: 企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 其暂定性质体现在其两个组成部分:用于表达对评估的信心程度的忠实领域,以及评估有效的估计时间段的实时生存领域。 端点可以将安全评估发布到安全评估通道上,并订阅其他端点发布的安全评估子集。 通过订阅所有安全性评估,记录安全性评估以及记录端点响应安全威胁所采取的本地操作,专用端点与作为集中审核点执行的通道相连。
-
公开(公告)号:US08955105B2
公开(公告)日:2015-02-10
申请号:US11724060
申请日:2007-03-14
申请人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号: G06F11/00
摘要: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.
摘要翻译: 企业范围的共享安排使用称为安全评估的语义抽象来在名为端点的安全产品之间共享安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 端点使用包含通用评估共享代理和公共评估生成代理的架构。 共同评估共享代理被安排用于订阅安全性评估,向安全评估发布安全评估,保持对通道上配置更改的意识(例如,添加或删除新端点时),并实施安全功能,如授权,验证 和加密。 常见的评估生成引擎处理与安全评估相关联的端点行为,包括基于已过期的评估的评估生成,取消,跟踪和回滚操作。 公共评估产生引擎生成并发送指示采取哪些本地动作的消息。
-
公开(公告)号:US20080229414A1
公开(公告)日:2008-09-18
申请号:US11724060
申请日:2007-03-14
申请人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号: G06F15/00
摘要: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.
摘要翻译: 企业范围的共享安排使用称为安全评估的语义抽象来在名为端点的安全产品之间共享安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 端点使用包含通用评估共享代理和公共评估生成代理的架构。 共同评估共享代理被安排用于订阅安全性评估,向安全评估发布安全评估,保持对通道上配置更改的意识(例如,添加或删除新端点时),并实施安全功能,如授权,验证 和加密。 常见的评估生成引擎处理与安全评估相关联的端点行为,包括基于已过期的评估的评估生成,取消,跟踪和回滚操作。 公共评估产生引擎生成并发送指示采取哪些本地动作的消息。
-
6.发明授权公开(公告)号:US08413247B2
公开(公告)日:2013-04-02
申请号:US11717978
申请日:2007-03-14
申请人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号: G06F21/00
CPC分类号: H04L63/1433 , G06F21/552
摘要: Endpoints in an enterprise security environment are configured to adaptively switch from their normal data collection mode to a long-term, detailed data collection mode where advanced analyses are applied to the collected detailed data. Such adaptive data collection and analysis is triggered upon the receipt of a security assessment of a particular type, where a security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information (i.e., data in some context) that is collected about an object of interest. A specialized endpoint is coupled to the security assessment channel and performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to detected security incidents in the environment. The specialized endpoint is arranged to perform various analyses and processes on historical security assessments.
摘要翻译: 企业安全环境中的端点被配置为自适应地从其正常的数据收集模式切换到长期的,详细的数据收集模式,其中对所收集的详细数据应用高级分析。 这种自适应数据收集和分析是在接收到特定类型的安全评估时触发的,其中安全性评估被定义为由更广泛的语境意义的端点对收集到的信息(即某些上下文中的数据)的暂时分配 关于感兴趣的对象。 专用端点耦合到安全评估通道,并通过订阅所有安全评估,记录安全性评估以及记录端点响应于环境中检测到的安全事件而采取的本地操作,作为集中审核点执行。 安排专门的终端,对历史安全评估进行各种分析和处理。
-
公开(公告)号:US20080229422A1
公开(公告)日:2008-09-18
申请号:US11724061
申请日:2007-03-14
申请人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号: G06F11/00
CPC分类号: H04L63/20 , G06F21/552 , G06F21/577 , H04L41/0803 , H04L41/0893 , H04L63/1425
摘要: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.
摘要翻译: 企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 其暂定性质体现在其两个组成部分:用于表达对评估的信心程度的忠实领域,以及评估有效的估计时间段的实时生存领域。 端点可以将安全评估发布到安全评估通道上,并订阅其他端点发布的安全评估子集。 通过订阅所有安全性评估,记录安全性评估以及记录端点响应安全威胁所采取的本地操作,专用端点与作为集中审核点执行的通道相连。
-
8.发明申请公开(公告)号:US20080229421A1
公开(公告)日:2008-09-18
申请号:US11717978
申请日:2007-03-14
申请人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人: Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/552
摘要: Endpoints in an enterprise security environment are configured to adaptively switch from their normal data collection mode to a long-term, detailed data collection mode where advanced analyses are applied to the collected detailed data. Such adaptive data collection and analysis is triggered upon the receipt of a security assessment of a particular type, where a security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information (i.e., data in some context) that is collected about an object of interest. A specialized endpoint is coupled to the security assessment channel and performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to detected security incidents in the environment. The specialized endpoint is arranged to perform various analyses and processes on historical security assessments.
摘要翻译: 企业安全环境中的端点被配置为自适应地从其正常的数据收集模式切换到长期的,详细的数据收集模式,其中对所收集的详细数据应用高级分析。 这种自适应数据收集和分析是在接收到特定类型的安全评估时触发的,其中安全性评估被定义为由更广泛的语境意义的端点对收集到的信息(即某些上下文中的数据)的暂时分配 关于感兴趣的对象。 专用端点耦合到安全评估通道,并通过订阅所有安全评估,记录安全性评估以及记录端点响应于环境中检测到的安全事件而采取的本地操作,作为集中审核点执行。 安排专门的终端,对历史安全评估进行各种分析和处理。
-
公开(公告)号:US06505190B1
公开(公告)日:2003-01-07
申请号:US09606431
申请日:2000-06-28
申请人: Dov Harel , Yair Helman , Uri Barash
发明人: Dov Harel , Yair Helman , Uri Barash
IPC分类号: G06F1730
CPC分类号: G06F17/30699 , G06F17/30693 , Y10S707/99932
摘要: A system and method track changes to a document and analyze the changes to the document against a set of predefined queries without re-analyzing the entire document. Hence, after a document has been processed in the system (i.e., had its terms matched against the set of predefined queries), only a small subset of the document needs to be reprocessed and analyzed after changes (i.e., edits) are made. The analysis of the small subset is accomplished by maintaining an incremental-results data set for each document. The incremental-results data set is much smaller than the actual document, only comprising a set of unique words found in a document. After a document is changed, only the words deleted or added to the changed portion are used to update the incremental-results data set.
摘要翻译: 系统和方法跟踪文档的更改,并根据一组预定义查询分析文档的更改,而无需重新分析整个文档。 因此,在系统中处理了文档(即,其术语与预定义查询集合匹配)之后,在进行改变(即,编辑)之后,仅需要对文档的一小部分进行再处理和分析。 通过维护每个文档的增量结果数据集来实现小子集的分析。 增量结果数据集远小于实际文档,只包含文档中找到的一组唯一字。 更改文档后,仅使用删除或添加到更改的部分的单词来更新增量结果数据集。
-
公开(公告)号:US20130174274A1
公开(公告)日:2013-07-04
申请号:US13341865
申请日:2011-12-30
申请人: Arie Friedman , Hadas Bitran , Uri Barash , Marc Davis , Oded Nahir
发明人: Arie Friedman , Hadas Bitran , Uri Barash , Marc Davis , Oded Nahir
IPC分类号: G06F21/24
CPC分类号: G06F21/604 , G06F21/6263 , G06Q30/0251
摘要: An online service may maintain or create data for a user, and a user may be allowed to exert control over how the data are used. In one example, there may be several categories of data, and the user may be able to specify who may use the data, and the purpose for which the data may be used. Additionally, a user may be able to see how many of his “friends” (or other contacts) have extended trust to a particular entity, which may aid the user in making a decision about whether to extend trust to that entity. User interfaces may be provided to allow users to specify how their data are to be used.
摘要翻译: 在线服务可以维护或创建用户的数据,并且可以允许用户对如何使用数据进行控制。 在一个示例中,可以存在几类数据,并且用户可能能够指定谁可以使用数据,以及可以使用数据的目的。 此外,用户可能能够看到他的“朋友”(或其他联系人)中有多少已经将信任扩展到特定实体,这可以帮助用户作出关于是否向该实体扩展信任的决定。 可以提供用户界面以允许用户指定如何使用它们的数据。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.026 秒)
