-
1.发明申请
公开(公告)号:WO2023076919A1
公开(公告)日:2023-05-04
申请号:PCT/US2022/078681
申请日:2022-10-26
申请人: PROOFPOINT, INC.
摘要: A computer method detect internal user behavior threats by recording user activity data at endpoints on a computer network associated with a tenant, generating a sampled activity matrix for each user, grouping users from the tenant into clusters based on similarity, assigning a user activity weight to each activity-set, creating a ranked list of the user activity-sets for all users within the tenant, computing a user behavior vector for each respective one of the users in the tenant, and comparing the user behavior vector for a particular one of the users in the tenant to other users in the tenant to determine whether the user behavior vector indicates that the user behavior deviates beyond a threshold amount from the other users in the tenant, and, if so, creating an internal user behavior threat notification that may, for example, prompt a real world response.
-
公开(公告)号:WO2021055924A1
公开(公告)日:2021-03-25
申请号:PCT/US2020/051739
申请日:2020-09-21
申请人: PROOFPOINT, INC. , OBSERVEIT LTD
摘要: A computer network includes user endpoint devices geographically distributed relative to one another such that at least one of the endpoint devices is subject to a different set of data protection or privacy restrictions than other endpoint devices and data processing facilities coupled to the user endpoint devices over a network. The data processing facilities are in different geographical regions or sovereignties. A computer-based endpoint agent is in each of the endpoint devices. Each endpoint agent is configured to collect telemetry data relating to user activity at its associated endpoint device and transmit the collected telemetry data to a selected one of the data processing facilities, according to an applicable realm definition, in compliance with the data protection or privacy restrictions that apply to the agent's endpoint device.
-
3.发明申请
公开(公告)号:WO2023076925A1
公开(公告)日:2023-05-04
申请号:PCT/US2022/078687
申请日:2022-10-26
申请人: PROOFPOINT, INC.
IPC分类号: H04L67/50 , H04L9/40 , H04L43/045
摘要: A computer method includes recording user activity data at endpoints on a computer network, generating a sampled activity matrix representing occurrences of activity-sets performed by the user over multiple time windows, computing a user activity weight for each activity-set based on a variance over the time windows, computing a historical user activity score and a contextual user activity score, computing a user behavior vector and user behavior score, using the user behavior scores to detect a deviation beyond a threshold amount from a baseline behavior for the user; creating an internal user behavior threat notification in response to detecting a deviation beyond the threshold amount and, optionally, taking real world steps, as a human, to react to the threat notification.
-
公开(公告)号:WO2021055989A1
公开(公告)日:2021-03-25
申请号:PCT/US2020/051939
申请日:2020-09-22
申请人: PROOFPOINT, INC. , OBSERVEIT LTD
发明人: KREMER, Alexander , PIVNIK, Tamir
摘要: A distributed system provides access by a principal to a resource associated with sensitive data. Micro-services in communication with an authorization engine each include a resource provider that receives a resource action request from the principal to access the resource, determines a context for the request, and transmits the context to the authorization engine in an authorization request. The authorization engine receives the authorization request, resolves the authorization request context against a plurality of pre-defined resource conditions, and responds to the resource provider with an authorization response of allow, deny, or allow-with-conditions. The context for the request includes metadata regarding attributes of the principal, and each of the resource conditions includes a logical expression operating upon the attributes.
-
5.发明申请
公开(公告)号:WO2021055935A1
公开(公告)日:2021-03-25
申请号:PCT/US2020/051781
申请日:2020-09-21
申请人: PROOFPOINT, INC. , OBSERVEIT LTD
IPC分类号: G06F9/44 , G06F9/455 , G06F11/28 , G06F15/173 , G06F15/177
摘要: A system controls access to data for customer of a multi-tenant software as a service (SaaS) system. A multi-tenant SaaS system cloud includes a metadata store. A customer- controlled storage realm includes a customer-controlled key management system (KMS) and a data store for storing encrypted customer data objects. An agent at a user endpoint identifies customer data for storage in the customer data store, transmits metadata and telemetry information related to the customer data to a SaaS application interface (API), and provides a storage reference for a SaaS metadata store. The agent is pre-configured with credentials from the KMS for storing customer data objects in the data store. The customer-controlled storage realm is not in direct communication with the SaaS system cloud.
-
公开(公告)号:WO2021055986A1
公开(公告)日:2021-03-25
申请号:PCT/US2020/051908
申请日:2020-09-22
申请人: PROOFPOINT, INC. , OBSERVEIT LTD
发明人: MESHULAM, Yigal , PIVNIK, Tamir , COHEN, David , KREMER, Alexander , CHOUDHARY, Mayank , TIKOTZKI, Tal , MCKEE, Mike , BARAK, Nir , YAFFEE, Tal
摘要: A computer-based method includes monitoring user activities at an endpoint device on a computer network, determining if one of the user activities at the endpoint device presents a potential threat to network security, creating an alert of the potential threat, and providing, with the alert, a redacted version of a screenshot from the endpoint device. One or more open windows that appeared on the screen of the endpoint device are obscured or removed in the redacted version of the screenshot of the endpoint device.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.013 秒)
