-
公开(公告)号:US20240311503A1
公开(公告)日:2024-09-19
申请号:US18673015
申请日:2024-05-23
申请人: Sophos Limited
IPC分类号: G06F21/62 , G06F16/13 , G06F16/28 , G06F16/93 , G06F21/64 , G06N20/00 , H04L9/32 , H04L9/40 , H04L41/00 , H04L41/22
CPC分类号: G06F21/6218 , G06F16/137 , G06F16/285 , G06F16/93 , G06F21/64 , G06N20/00 , H04L9/3265 , H04L41/20 , H04L41/22 , H04L63/08 , H04L63/0838 , H04L63/101 , H04L63/102 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/20 , H04L63/205
摘要: A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.
-
公开(公告)号:US11995205B2
公开(公告)日:2024-05-28
申请号:US18096882
申请日:2023-01-13
申请人: Sophos Limited
IPC分类号: G06F21/62 , G06F16/13 , G06F16/28 , G06F16/93 , G06F21/64 , G06N20/00 , H04L9/32 , H04L9/40 , H04L41/00 , H04L41/22
CPC分类号: G06F21/6218 , G06F16/137 , G06F16/285 , G06F16/93 , G06F21/64 , G06N20/00 , H04L9/3265 , H04L41/20 , H04L41/22 , H04L63/08 , H04L63/0838 , H04L63/101 , H04L63/102 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/20 , H04L63/205
摘要: A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.
-
公开(公告)号:US11657174B2
公开(公告)日:2023-05-23
申请号:US17356902
申请日:2021-06-24
申请人: Sophos Limited
IPC分类号: G06F21/62 , H04L9/40 , G06N20/00 , G06F16/93 , G06F16/28 , G06F16/13 , G06F21/64 , H04L9/32 , H04L41/00 , H04L41/22
CPC分类号: G06F21/6218 , G06F16/137 , G06F16/285 , G06F16/93 , G06F21/64 , G06N20/00 , H04L9/3265 , H04L41/20 , H04L41/22 , H04L63/08 , H04L63/0838 , H04L63/101 , H04L63/102 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L63/20 , H04L63/205
摘要: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.
-
公开(公告)号:US11552962B2
公开(公告)日:2023-01-10
申请号:US16128953
申请日:2018-09-12
申请人: Sophos Limited
发明人: Joshua Daniel Saxe , Andrew J. Thomas , Russell Humphries , Simon Neil Reed , Kenneth D. Ray , Joseph H. Levy
IPC分类号: H04L9/40 , G06N5/04 , G06N20/00 , G06F17/18 , G06F21/56 , G06Q10/06 , G06F16/955 , G06F11/07 , G06K9/62 , G06N7/00 , G06F21/55 , G06F9/54 , G06N5/00 , G06N5/02 , G06N20/20 , G06V10/44 , G06V20/52
摘要: An ensemble of detection techniques are used to identify code that presents intermediate levels of threat. For example, an ensemble of machine learning techniques may be used to evaluate suspiciousness based on binaries, file paths, behaviors, reputations, and so forth, and code may be sorted into safe, unsafe, intermediate, or any similar categories. By filtering and prioritizing intermediate threats with these tools, human threat intervention can advantageously be directed toward code samples and associated contexts most appropriate for non-automated responses.
-
公开(公告)号:US20200074336A1
公开(公告)日:2020-03-05
申请号:US16128953
申请日:2018-09-12
申请人: Sophos Limited
发明人: Joshua Daniel Saxe , Andrew J. Thomas , Russell Humphries , Simon Neil Reed , Kenneth D. Ray , Joseph H. Levy
摘要: An ensemble of detection techniques are used to identify code that presents intermediate levels of threat. For example, an ensemble of machine learning techniques may be used to evaluate suspiciousness based on binaries, file paths, behaviors, reputations, and so forth, and code may be sorted into safe, unsafe, intermediate, or any similar categories. By filtering and prioritizing intermediate threats with these tools, human threat intervention can advantageously be directed toward code samples and associated contexts most appropriate for non-automated responses.
-
公开(公告)号:US11562088B2
公开(公告)日:2023-01-24
申请号:US16383315
申请日:2019-04-12
申请人: Sophos Limited
IPC分类号: G06F11/00 , G06F21/62 , H04L9/40 , G06N20/00 , G06F16/93 , G06F16/28 , G06F16/13 , G06F21/64 , H04L9/32 , H04L41/00 , H04L41/22
摘要: A security platform uses a sensor-event-analysis-response methodology to iteratively adapt to a changing security environment by continuously creating and updating entity models based on observed activities and detecting patterns of events that deviate from these entity models.
-
公开(公告)号:US10721210B2
公开(公告)日:2020-07-21
申请号:US16406318
申请日:2019-05-08
申请人: Sophos Limited
摘要: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.
-
公开(公告)号:US20200074078A1
公开(公告)日:2020-03-05
申请号:US16128984
申请日:2018-09-12
申请人: Sophos Limited
发明人: Joshua Daniel Saxe , Andrew J. Thomas , Russell Humphries , Simon Neil Reed , Kenneth D. Ray , Joseph H. Levy
摘要: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.
-
公开(公告)号:US20190319980A1
公开(公告)日:2019-10-17
申请号:US16383315
申请日:2019-04-12
申请人: Sophos Limited
IPC分类号: H04L29/06
摘要: A security platform uses a sensor-event-analysis-response methodology to iteratively adapt to a changing security environment by continuously creating and updating entity models based on observed activities and detecting patterns of events that deviate from these entity models.
-
公开(公告)号:US20190319961A1
公开(公告)日:2019-10-17
申请号:US16383407
申请日:2019-04-12
申请人: Sophos Limited
IPC分类号: H04L29/06
摘要: Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.047 秒)
