公开(公告)号：WO2018132425A1

公开(公告)日：2018-07-19

申请号：PCT/US2018/013093

申请日：2018-01-10

Applicant: CYLANCE INC.

Inventor： KASHYAP, Rahul, Chander ,  KOTOV, Vadim, Dmitriyevich ,  OSWALD, Samuel, John ,  STRONG, Homer, Valentine

IPC: G06F21/56 ,  H04L29/06

Abstract: A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.

公开(公告)号：WO2018200458A1

公开(公告)日：2018-11-01

申请号：PCT/US2018/029051

申请日：2018-04-24

Applicant: CYLANCE INC.

Inventor： STRONG, Homer, Valentine ,  PERMEH, Ryan ,  OSWALD, Samuel, John

IPC: G06F21/55

Abstract: An endpoint computer system monitors data relating to a plurality of events occurring within an operating environment of the endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer system. The endpoint computer system can store artifacts used in connection with the plurality of events in a vault maintained on such endpoint computer system. The endpoint computer system, in response to a trigger, identifies and retrieves metadata characterizing artifacts associated with the trigger from the vault. Such identified and retrieved metadata is then provided by the endpoint computer system to a remote server.

公开(公告)号：WO2018200451A1

公开(公告)日：2018-11-01

申请号：PCT/US2018/029041

申请日：2018-04-24

Applicant: CYLANCE INC.

Inventor： STRONG, Homer, Valentine ,  PERMEH, Ryan ,  OSWALD, Samuel, John

IPC: G06F21/55

Abstract: Each of a plurality of endpoint computer systems monitors data relating to a plurality of events occurring within an operating environment of the corresponding endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer systems Thereafter, for each endpoint computer system, artifacts used in connection with the events are stored in a vault maintained on such endpoint computer system. A query is later received by at least a subset of the plurality of endpoint computer systems from a server. Such endpoint computer systems, in response, identify and retrieve artifacts within the corresponding vaults response to the query. Results responsive to the query including or characterizing the identified artifacts is then provided by the endpoint computer systems receiving the query to the server.

公开(公告)号：WO2017147300A1

公开(公告)日：2017-08-31

申请号：PCT/US2017/019142

申请日：2017-02-23

Applicant: CYLANCE INC.

Inventor： PERMEH, Ryan ,  WOLFF, Matthew ,  OSWALD, Samuel, John ,  ZHAO, Xuan ,  CULLEY, Mark ,  POLSON, Steve

IPC: G06F21/55 ,  G06F21/64

CPC classification number: G06F21/56 ,  G06F21/552 ,  G06F21/554 ,  G06F21/64 ,  G06F2221/2101 ,  G06N5/04 ,  G06N99/005 ,  H04L9/30

Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.

Abstract translation: 端点计算机系统可以收集与在端点计算机系统的操作环境内发生的多个事件有关的数据，并且可以将收获的数据添加到保持在端点计算机系统上的本地数据存储。 查询响应可以生成，例如通过识别和检索来自本地数据存储的响应数据。 响应数据与端点计算机系统上的人工产物和/或多个事件中的事件有关。 在一些示例中，本地数据存储可以是审计日志和/或可以包括一个或多个防篡改特征。 描述系统，方法和计算机程序产品。