公开(公告)号：US10931707B2

公开(公告)日：2021-02-23

申请号：US15416026

申请日：2017-01-26

Applicant: Verint Systems Ltd.

Inventor： Vadim Pogulievsky

IPC: H04L29/06

Abstract: Automatic forensic investigation techniques to more effectively differentiate false positives from true positives. An incident is automatically investigated by a processor that communicates instructions to a device on a network and analyzes information received from the device in response to the instructions. In response to analyzing, the processor raises or lowers its level of confidence in the incident. If the processor's level of confidence in the incident is sufficiently high, the processor generates an output that indicates that the security of the network has been compromised. Otherwise, the processor ascertains that the incident is a false positive and may modify a criteria for alert generation.

公开(公告)号：US11888879B2

公开(公告)日：2024-01-30

申请号：US17531723

申请日：2021-11-20

Applicant: VERINT SYSTEMS LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L9/40 ,  H04L61/4511

CPC classification number: H04L63/1425 ,  H04L63/145 ,  H04L61/4511

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.

公开(公告)号：US11212302B2

公开(公告)日：2021-12-28

申请号：US15392367

申请日：2016-12-28

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L29/06 ,  H04L29/12

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.

公开(公告)号：US20220368713A1

公开(公告)日：2022-11-17

申请号：US17531723

申请日：2021-11-20

Applicant: VERINT SYSTEMS LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L9/40

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.

公开(公告)号：US20170223047A1

公开(公告)日：2017-08-03

申请号：US15416026

申请日：2017-01-26

Applicant: Verint Systems Ltd.

Inventor： Vadim Pogulievsky

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/1408 ,  H04L63/145 ,  H04L63/20

Abstract: Automatic forensic investigation techniques to more effectively differentiate false positives from true positives. An incident is automatically investigated by a processor that communicates instructions to a device on a network and analyzes information received from the device in response to the instructions. In response to analyzing, the processor raises or lowers its level of confidence in the incident. If the processor's level of confidence in the incident is sufficiently high, the processor generates an output that indicates that the security of the network has been compromised. Otherwise, the processor ascertains that the incident is a false positive and may modify a criteria for alert generation.

公开(公告)号：US20220006832A1

公开(公告)日：2022-01-06

申请号：US17180799

申请日：2021-02-21

Applicant: VERINT SYSTEMS LTD.

Inventor： Vadim Pogulievsky

IPC: H04L29/06

Abstract: Automatic forensic investigation techniques to more effectively differentiate false positives from true positives. An incident is automatically investigated by a processor that communicates instructions to a device on a network and analyzes information received from the device in response to the instructions. In response to analyzing, the processor raises or lowers its level of confidence in the incident. If the processor's level of confidence in the incident is sufficiently high, the processor generates an output that indicates that the security of the network has been compromised. Otherwise, the processor ascertains that the incident is a false positive and may modify a criteria for alert generation.

公开(公告)号：US20170195352A1

公开(公告)日：2017-07-06

申请号：US15392367

申请日：2016-12-28

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L61/1511 ,  H04L63/145

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.