GB2558811B - Labeling computing objects for improved threat detection - Google Patents
Labeling computing objects for improved threat detectionInfo
- Publication number
- GB2558811B GB2558811B GB1804873.6A GB201804873A GB2558811B GB 2558811 B GB2558811 B GB 2558811B GB 201804873 A GB201804873 A GB 201804873A GB 2558811 B GB2558811 B GB 2558811B
- Authority
- GB
- United Kingdom
- Prior art keywords
- threat detection
- computing objects
- improved threat
- labeling
- labeling computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Bioethics (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- User Interface Of Digital Computer (AREA)
- Devices Affording Protection Of Roads Or Walls For Sound Insulation (AREA)
- Storage Device Security (AREA)
- Burglar Alarm Systems (AREA)
- Alarm Systems (AREA)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1811133.6A GB2563340B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820349.7A GB2565734B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820350.5A GB2565735B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1811123.7A GB2560861B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Applications Claiming Priority (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/485,769 US9965627B2 (en) | 2014-09-14 | 2014-09-14 | Labeling objects on an endpoint for encryption management |
US14/485,771 US9992228B2 (en) | 2014-09-14 | 2014-09-14 | Using indications of compromise for reputation based network security |
US14/485,790 US9967264B2 (en) | 2014-09-14 | 2014-09-14 | Threat detection using a time-based cache of reputation information on an enterprise endpoint |
US14/485,759 US9967282B2 (en) | 2014-09-14 | 2014-09-14 | Labeling computing objects for improved threat detection |
US14/485,774 US9537841B2 (en) | 2014-09-14 | 2014-09-14 | Key management for compromised enterprise endpoints |
US14/485,782 US10122687B2 (en) | 2014-09-14 | 2014-09-14 | Firewall techniques for colored objects on endpoints |
US14/485,762 US9967283B2 (en) | 2014-09-14 | 2014-09-14 | Normalized indications of compromise |
US14/485,765 US10965711B2 (en) | 2014-09-14 | 2014-09-14 | Data behavioral tracking |
GB1715899.9A GB2552632B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Publications (3)
Publication Number | Publication Date |
---|---|
GB201804873D0 GB201804873D0 (en) | 2018-05-09 |
GB2558811A GB2558811A (en) | 2018-07-18 |
GB2558811B true GB2558811B (en) | 2019-03-27 |
Family
ID=55458378
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1811133.6A Active GB2563340B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1715899.9A Active GB2552632B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1815249.6A Active GB2564589B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804873.6A Active GB2558811B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1705948.6A Active GB2545621B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820349.7A Active GB2565734B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1811123.7A Active GB2560861B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820350.5A Active GB2565735B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804902.3A Active GB2558812B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1811133.6A Active GB2563340B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1715899.9A Active GB2552632B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1815249.6A Active GB2564589B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Family Applications After (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1705948.6A Active GB2545621B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820349.7A Active GB2565734B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1811123.7A Active GB2560861B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820350.5A Active GB2565735B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804902.3A Active GB2558812B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Country Status (2)
Country | Link |
---|---|
GB (9) | GB2563340B (en) |
WO (1) | WO2016038397A1 (en) |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9537841B2 (en) | 2014-09-14 | 2017-01-03 | Sophos Limited | Key management for compromised enterprise endpoints |
US9967282B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Labeling computing objects for improved threat detection |
US9992228B2 (en) | 2014-09-14 | 2018-06-05 | Sophos Limited | Using indications of compromise for reputation based network security |
US9967283B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Normalized indications of compromise |
US9967264B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Threat detection using a time-based cache of reputation information on an enterprise endpoint |
US10122687B2 (en) | 2014-09-14 | 2018-11-06 | Sophos Limited | Firewall techniques for colored objects on endpoints |
US10965711B2 (en) | 2014-09-14 | 2021-03-30 | Sophos Limited | Data behavioral tracking |
US9965627B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Labeling objects on an endpoint for encryption management |
WO2017138976A1 (en) * | 2016-02-12 | 2017-08-17 | Sophos Limited | Encryption techniques |
US10681078B2 (en) | 2016-06-10 | 2020-06-09 | Sophos Limited | Key throttling to mitigate unauthorized file access |
US10628597B2 (en) | 2016-04-14 | 2020-04-21 | Sophos Limited | Just-in-time encryption |
US10650154B2 (en) | 2016-02-12 | 2020-05-12 | Sophos Limited | Process-level control of encrypted content |
US10791097B2 (en) | 2016-04-14 | 2020-09-29 | Sophos Limited | Portable encryption format |
US10263966B2 (en) | 2016-04-14 | 2019-04-16 | Sophos Limited | Perimeter enforcement of encryption rules |
US9984248B2 (en) | 2016-02-12 | 2018-05-29 | Sophos Limited | Behavioral-based control of access to encrypted content by a process |
US10686827B2 (en) | 2016-04-14 | 2020-06-16 | Sophos Limited | Intermediate encryption for exposed content |
US11277416B2 (en) | 2016-04-22 | 2022-03-15 | Sophos Limited | Labeling network flows according to source applications |
US10986109B2 (en) | 2016-04-22 | 2021-04-20 | Sophos Limited | Local proxy detection |
US11102238B2 (en) | 2016-04-22 | 2021-08-24 | Sophos Limited | Detecting triggering events for distributed denial of service attacks |
US10938781B2 (en) | 2016-04-22 | 2021-03-02 | Sophos Limited | Secure labeling of network flows |
US11165797B2 (en) | 2016-04-22 | 2021-11-02 | Sophos Limited | Detecting endpoint compromise based on network usage history |
US12021831B2 (en) | 2016-06-10 | 2024-06-25 | Sophos Limited | Network security |
GB2551983B (en) | 2016-06-30 | 2020-03-04 | Sophos Ltd | Perimeter encryption |
US10848501B2 (en) * | 2016-12-30 | 2020-11-24 | Microsoft Technology Licensing, Llc | Real time pivoting on data to model governance properties |
US10911479B2 (en) * | 2018-08-06 | 2021-02-02 | Microsoft Technology Licensing, Llc | Real-time mitigations for unfamiliar threat scenarios |
US11483326B2 (en) | 2019-08-30 | 2022-10-25 | Palo Alto Networks, Inc. | Context informed abnormal endpoint behavior detection |
CN114430335B (en) * | 2021-12-16 | 2024-08-20 | 奇安信科技集团股份有限公司 | Web fingerprint matching method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040201612A1 (en) * | 2003-03-12 | 2004-10-14 | International Business Machines Corporation | Monitoring events in a computer network |
EP2755146A1 (en) * | 2013-01-10 | 2014-07-16 | Accenture Global Services Limited | Identification of significant terms in data |
US20150067865A1 (en) * | 2013-08-29 | 2015-03-05 | International Business Machines Corporation | Threat Condition Management |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7921284B1 (en) * | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US7552472B2 (en) * | 2002-12-19 | 2009-06-23 | International Business Machines Corporation | Developing and assuring policy documents through a process of refinement and classification |
US20080141376A1 (en) * | 2006-10-24 | 2008-06-12 | Pc Tools Technology Pty Ltd. | Determining maliciousness of software |
US9367680B2 (en) * | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
US8607340B2 (en) * | 2009-07-21 | 2013-12-10 | Sophos Limited | Host intrusion prevention system using software and user behavior analysis |
US9038168B2 (en) * | 2009-11-20 | 2015-05-19 | Microsoft Technology Licensing, Llc | Controlling resource access based on resource properties |
US9407603B2 (en) * | 2010-06-25 | 2016-08-02 | Salesforce.Com, Inc. | Methods and systems for providing context-based outbound processing application firewalls |
US8875286B2 (en) * | 2010-12-01 | 2014-10-28 | Cisco Technology, Inc. | Method and apparatus for detecting malicious software using machine learning techniques |
US8042186B1 (en) * | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
US9106680B2 (en) * | 2011-06-27 | 2015-08-11 | Mcafee, Inc. | System and method for protocol fingerprinting and reputation correlation |
US8931043B2 (en) * | 2012-04-10 | 2015-01-06 | Mcafee Inc. | System and method for determining and using local reputations of users and hosts to protect information in a network environment |
US8850588B2 (en) * | 2012-05-01 | 2014-09-30 | Taasera, Inc. | Systems and methods for providing mobile security based on dynamic attestation |
IL219597A0 (en) * | 2012-05-03 | 2012-10-31 | Syndrome X Ltd | Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention |
US8832848B1 (en) * | 2012-07-26 | 2014-09-09 | Symantec Corporation | Systems and methods for content-aware access control |
US9104864B2 (en) * | 2012-10-24 | 2015-08-11 | Sophos Limited | Threat detection through the accumulated detection of threat characteristics |
CN105580023B (en) * | 2013-10-24 | 2019-08-16 | 迈克菲股份有限公司 | The malicious application of agency's auxiliary in network environment prevents |
-
2015
- 2015-09-14 GB GB1811133.6A patent/GB2563340B/en active Active
- 2015-09-14 GB GB1715899.9A patent/GB2552632B8/en active Active
- 2015-09-14 GB GB1815249.6A patent/GB2564589B/en active Active
- 2015-09-14 GB GB1804873.6A patent/GB2558811B/en active Active
- 2015-09-14 GB GB1705948.6A patent/GB2545621B8/en active Active
- 2015-09-14 GB GB1820349.7A patent/GB2565734B/en active Active
- 2015-09-14 GB GB1811123.7A patent/GB2560861B8/en active Active
- 2015-09-14 GB GB1820350.5A patent/GB2565735B/en active Active
- 2015-09-14 GB GB1804902.3A patent/GB2558812B/en active Active
- 2015-09-14 WO PCT/GB2015/052656 patent/WO2016038397A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040201612A1 (en) * | 2003-03-12 | 2004-10-14 | International Business Machines Corporation | Monitoring events in a computer network |
EP2755146A1 (en) * | 2013-01-10 | 2014-07-16 | Accenture Global Services Limited | Identification of significant terms in data |
US20150067865A1 (en) * | 2013-08-29 | 2015-03-05 | International Business Machines Corporation | Threat Condition Management |
Also Published As
Publication number | Publication date |
---|---|
GB2560861B (en) | 2018-12-26 |
GB201820350D0 (en) | 2019-01-30 |
GB2565734A (en) | 2019-02-20 |
GB201804902D0 (en) | 2018-05-09 |
GB201804873D0 (en) | 2018-05-09 |
GB2558812B (en) | 2019-03-27 |
GB201811133D0 (en) | 2018-08-22 |
GB2545621B8 (en) | 2021-11-03 |
GB2545621A (en) | 2017-06-21 |
GB2558811A (en) | 2018-07-18 |
GB2563340B (en) | 2019-07-03 |
GB2558812A8 (en) | 2018-09-05 |
GB2560861A (en) | 2018-09-26 |
GB201815249D0 (en) | 2018-10-31 |
GB2565734B (en) | 2019-05-29 |
GB2560861B8 (en) | 2019-02-06 |
GB2560861A8 (en) | 2019-02-06 |
GB2552632A (en) | 2018-01-31 |
GB2552632B8 (en) | 2021-11-03 |
GB2565735A (en) | 2019-02-20 |
GB2563340A8 (en) | 2019-03-27 |
GB2552632B (en) | 2018-05-09 |
GB2545621B (en) | 2018-03-28 |
GB201820349D0 (en) | 2019-01-30 |
GB2564589A (en) | 2019-01-16 |
GB201715899D0 (en) | 2017-11-15 |
GB201811123D0 (en) | 2018-08-22 |
GB2563340A (en) | 2018-12-12 |
GB2565735B (en) | 2019-05-29 |
GB2564589B (en) | 2019-07-03 |
GB2558812A (en) | 2018-07-18 |
GB201705948D0 (en) | 2017-05-31 |
WO2016038397A1 (en) | 2016-03-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2560861B (en) | Labeling computing objects for improved threat detection | |
GB2533284B (en) | Performing object detection | |
EP3104192A4 (en) | Object detection device | |
IL246866A0 (en) | Tagging security-relevant system objects | |
EP3407317C0 (en) | Tamper detection | |
GB201408516D0 (en) | Neutron detection | |
GB201413708D0 (en) | Leak detection system | |
GB201418499D0 (en) | Malware detection method | |
ZA201500063B (en) | A detection system | |
GB201513698D0 (en) | Object detection | |
EP3203261A4 (en) | Object detection device | |
GB201411568D0 (en) | Detection | |
GB201405556D0 (en) | Neutron detection | |
GB2534372B (en) | Cloud Feature Detection | |
GB201502226D0 (en) | AH-7921 detection | |
GB2528429B (en) | Border detection | |
GB201707731D0 (en) | Detection system | |
SG11201610262TA (en) | Object detection system | |
GB201516218D0 (en) | Detection system | |
GB2532935B (en) | Proximity detection system | |
GB201508766D0 (en) | Detection system | |
GB201415372D0 (en) | Object detection | |
GB201404343D0 (en) | Tamper detection |