[go: nahoru, domu]

GB2558811B - Labeling computing objects for improved threat detection - Google Patents

Labeling computing objects for improved threat detection

Info

Publication number
GB2558811B
GB2558811B GB1804873.6A GB201804873A GB2558811B GB 2558811 B GB2558811 B GB 2558811B GB 201804873 A GB201804873 A GB 201804873A GB 2558811 B GB2558811 B GB 2558811B
Authority
GB
United Kingdom
Prior art keywords
threat detection
computing objects
improved threat
labeling
labeling computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1804873.6A
Other versions
GB201804873D0 (en
GB2558811A (en
Inventor
J Thomas Andrew
D Harris Mark
Neil Reed Simon
Robert Tyndale Watkiss Neil
D Ray Kenneth
W Cook Robert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/485,769 external-priority patent/US9965627B2/en
Priority claimed from US14/485,765 external-priority patent/US10965711B2/en
Priority claimed from US14/485,762 external-priority patent/US9967283B2/en
Priority claimed from US14/485,782 external-priority patent/US10122687B2/en
Priority claimed from US14/485,774 external-priority patent/US9537841B2/en
Priority claimed from US14/485,759 external-priority patent/US9967282B2/en
Priority claimed from US14/485,790 external-priority patent/US9967264B2/en
Priority claimed from US14/485,771 external-priority patent/US9992228B2/en
Priority to GB1820350.5A priority Critical patent/GB2565735B/en
Priority to GB1811123.7A priority patent/GB2560861B8/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Priority to GB1820349.7A priority patent/GB2565734B/en
Priority to GB1811133.6A priority patent/GB2563340B/en
Publication of GB201804873D0 publication Critical patent/GB201804873D0/en
Publication of GB2558811A publication Critical patent/GB2558811A/en
Publication of GB2558811B publication Critical patent/GB2558811B/en
Application granted granted Critical
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Bioethics (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • User Interface Of Digital Computer (AREA)
  • Devices Affording Protection Of Roads Or Walls For Sound Insulation (AREA)
  • Storage Device Security (AREA)
  • Burglar Alarm Systems (AREA)
  • Alarm Systems (AREA)
GB1804873.6A 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection Active GB2558811B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
GB1811133.6A GB2563340B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820349.7A GB2565734B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820350.5A GB2565735B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811123.7A GB2560861B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US14/485,769 US9965627B2 (en) 2014-09-14 2014-09-14 Labeling objects on an endpoint for encryption management
US14/485,771 US9992228B2 (en) 2014-09-14 2014-09-14 Using indications of compromise for reputation based network security
US14/485,790 US9967264B2 (en) 2014-09-14 2014-09-14 Threat detection using a time-based cache of reputation information on an enterprise endpoint
US14/485,759 US9967282B2 (en) 2014-09-14 2014-09-14 Labeling computing objects for improved threat detection
US14/485,774 US9537841B2 (en) 2014-09-14 2014-09-14 Key management for compromised enterprise endpoints
US14/485,782 US10122687B2 (en) 2014-09-14 2014-09-14 Firewall techniques for colored objects on endpoints
US14/485,762 US9967283B2 (en) 2014-09-14 2014-09-14 Normalized indications of compromise
US14/485,765 US10965711B2 (en) 2014-09-14 2014-09-14 Data behavioral tracking
GB1715899.9A GB2552632B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Publications (3)

Publication Number Publication Date
GB201804873D0 GB201804873D0 (en) 2018-05-09
GB2558811A GB2558811A (en) 2018-07-18
GB2558811B true GB2558811B (en) 2019-03-27

Family

ID=55458378

Family Applications (9)

Application Number Title Priority Date Filing Date
GB1811133.6A Active GB2563340B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1715899.9A Active GB2552632B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1815249.6A Active GB2564589B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1804873.6A Active GB2558811B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1705948.6A Active GB2545621B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820349.7A Active GB2565734B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811123.7A Active GB2560861B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820350.5A Active GB2565735B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1804902.3A Active GB2558812B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Family Applications Before (3)

Application Number Title Priority Date Filing Date
GB1811133.6A Active GB2563340B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1715899.9A Active GB2552632B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1815249.6A Active GB2564589B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Family Applications After (5)

Application Number Title Priority Date Filing Date
GB1705948.6A Active GB2545621B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820349.7A Active GB2565734B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811123.7A Active GB2560861B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820350.5A Active GB2565735B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1804902.3A Active GB2558812B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Country Status (2)

Country Link
GB (9) GB2563340B (en)
WO (1) WO2016038397A1 (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9537841B2 (en) 2014-09-14 2017-01-03 Sophos Limited Key management for compromised enterprise endpoints
US9967282B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling computing objects for improved threat detection
US9992228B2 (en) 2014-09-14 2018-06-05 Sophos Limited Using indications of compromise for reputation based network security
US9967283B2 (en) 2014-09-14 2018-05-08 Sophos Limited Normalized indications of compromise
US9967264B2 (en) 2014-09-14 2018-05-08 Sophos Limited Threat detection using a time-based cache of reputation information on an enterprise endpoint
US10122687B2 (en) 2014-09-14 2018-11-06 Sophos Limited Firewall techniques for colored objects on endpoints
US10965711B2 (en) 2014-09-14 2021-03-30 Sophos Limited Data behavioral tracking
US9965627B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling objects on an endpoint for encryption management
WO2017138976A1 (en) * 2016-02-12 2017-08-17 Sophos Limited Encryption techniques
US10681078B2 (en) 2016-06-10 2020-06-09 Sophos Limited Key throttling to mitigate unauthorized file access
US10628597B2 (en) 2016-04-14 2020-04-21 Sophos Limited Just-in-time encryption
US10650154B2 (en) 2016-02-12 2020-05-12 Sophos Limited Process-level control of encrypted content
US10791097B2 (en) 2016-04-14 2020-09-29 Sophos Limited Portable encryption format
US10263966B2 (en) 2016-04-14 2019-04-16 Sophos Limited Perimeter enforcement of encryption rules
US9984248B2 (en) 2016-02-12 2018-05-29 Sophos Limited Behavioral-based control of access to encrypted content by a process
US10686827B2 (en) 2016-04-14 2020-06-16 Sophos Limited Intermediate encryption for exposed content
US11277416B2 (en) 2016-04-22 2022-03-15 Sophos Limited Labeling network flows according to source applications
US10986109B2 (en) 2016-04-22 2021-04-20 Sophos Limited Local proxy detection
US11102238B2 (en) 2016-04-22 2021-08-24 Sophos Limited Detecting triggering events for distributed denial of service attacks
US10938781B2 (en) 2016-04-22 2021-03-02 Sophos Limited Secure labeling of network flows
US11165797B2 (en) 2016-04-22 2021-11-02 Sophos Limited Detecting endpoint compromise based on network usage history
US12021831B2 (en) 2016-06-10 2024-06-25 Sophos Limited Network security
GB2551983B (en) 2016-06-30 2020-03-04 Sophos Ltd Perimeter encryption
US10848501B2 (en) * 2016-12-30 2020-11-24 Microsoft Technology Licensing, Llc Real time pivoting on data to model governance properties
US10911479B2 (en) * 2018-08-06 2021-02-02 Microsoft Technology Licensing, Llc Real-time mitigations for unfamiliar threat scenarios
US11483326B2 (en) 2019-08-30 2022-10-25 Palo Alto Networks, Inc. Context informed abnormal endpoint behavior detection
CN114430335B (en) * 2021-12-16 2024-08-20 奇安信科技集团股份有限公司 Web fingerprint matching method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040201612A1 (en) * 2003-03-12 2004-10-14 International Business Machines Corporation Monitoring events in a computer network
EP2755146A1 (en) * 2013-01-10 2014-07-16 Accenture Global Services Limited Identification of significant terms in data
US20150067865A1 (en) * 2013-08-29 2015-03-05 International Business Machines Corporation Threat Condition Management

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7921284B1 (en) * 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7552472B2 (en) * 2002-12-19 2009-06-23 International Business Machines Corporation Developing and assuring policy documents through a process of refinement and classification
US20080141376A1 (en) * 2006-10-24 2008-06-12 Pc Tools Technology Pty Ltd. Determining maliciousness of software
US9367680B2 (en) * 2008-10-21 2016-06-14 Lookout, Inc. System and method for mobile communication device application advisement
US8607340B2 (en) * 2009-07-21 2013-12-10 Sophos Limited Host intrusion prevention system using software and user behavior analysis
US9038168B2 (en) * 2009-11-20 2015-05-19 Microsoft Technology Licensing, Llc Controlling resource access based on resource properties
US9407603B2 (en) * 2010-06-25 2016-08-02 Salesforce.Com, Inc. Methods and systems for providing context-based outbound processing application firewalls
US8875286B2 (en) * 2010-12-01 2014-10-28 Cisco Technology, Inc. Method and apparatus for detecting malicious software using machine learning techniques
US8042186B1 (en) * 2011-04-28 2011-10-18 Kaspersky Lab Zao System and method for detection of complex malware
US9106680B2 (en) * 2011-06-27 2015-08-11 Mcafee, Inc. System and method for protocol fingerprinting and reputation correlation
US8931043B2 (en) * 2012-04-10 2015-01-06 Mcafee Inc. System and method for determining and using local reputations of users and hosts to protect information in a network environment
US8850588B2 (en) * 2012-05-01 2014-09-30 Taasera, Inc. Systems and methods for providing mobile security based on dynamic attestation
IL219597A0 (en) * 2012-05-03 2012-10-31 Syndrome X Ltd Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention
US8832848B1 (en) * 2012-07-26 2014-09-09 Symantec Corporation Systems and methods for content-aware access control
US9104864B2 (en) * 2012-10-24 2015-08-11 Sophos Limited Threat detection through the accumulated detection of threat characteristics
CN105580023B (en) * 2013-10-24 2019-08-16 迈克菲股份有限公司 The malicious application of agency's auxiliary in network environment prevents

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040201612A1 (en) * 2003-03-12 2004-10-14 International Business Machines Corporation Monitoring events in a computer network
EP2755146A1 (en) * 2013-01-10 2014-07-16 Accenture Global Services Limited Identification of significant terms in data
US20150067865A1 (en) * 2013-08-29 2015-03-05 International Business Machines Corporation Threat Condition Management

Also Published As

Publication number Publication date
GB2560861B (en) 2018-12-26
GB201820350D0 (en) 2019-01-30
GB2565734A (en) 2019-02-20
GB201804902D0 (en) 2018-05-09
GB201804873D0 (en) 2018-05-09
GB2558812B (en) 2019-03-27
GB201811133D0 (en) 2018-08-22
GB2545621B8 (en) 2021-11-03
GB2545621A (en) 2017-06-21
GB2558811A (en) 2018-07-18
GB2563340B (en) 2019-07-03
GB2558812A8 (en) 2018-09-05
GB2560861A (en) 2018-09-26
GB201815249D0 (en) 2018-10-31
GB2565734B (en) 2019-05-29
GB2560861B8 (en) 2019-02-06
GB2560861A8 (en) 2019-02-06
GB2552632A (en) 2018-01-31
GB2552632B8 (en) 2021-11-03
GB2565735A (en) 2019-02-20
GB2563340A8 (en) 2019-03-27
GB2552632B (en) 2018-05-09
GB2545621B (en) 2018-03-28
GB201820349D0 (en) 2019-01-30
GB2564589A (en) 2019-01-16
GB201715899D0 (en) 2017-11-15
GB201811123D0 (en) 2018-08-22
GB2563340A (en) 2018-12-12
GB2565735B (en) 2019-05-29
GB2564589B (en) 2019-07-03
GB2558812A (en) 2018-07-18
GB201705948D0 (en) 2017-05-31
WO2016038397A1 (en) 2016-03-17

Similar Documents

Publication Publication Date Title
GB2560861B (en) Labeling computing objects for improved threat detection
GB2533284B (en) Performing object detection
EP3104192A4 (en) Object detection device
IL246866A0 (en) Tagging security-relevant system objects
EP3407317C0 (en) Tamper detection
GB201408516D0 (en) Neutron detection
GB201413708D0 (en) Leak detection system
GB201418499D0 (en) Malware detection method
ZA201500063B (en) A detection system
GB201513698D0 (en) Object detection
EP3203261A4 (en) Object detection device
GB201411568D0 (en) Detection
GB201405556D0 (en) Neutron detection
GB2534372B (en) Cloud Feature Detection
GB201502226D0 (en) AH-7921 detection
GB2528429B (en) Border detection
GB201707731D0 (en) Detection system
SG11201610262TA (en) Object detection system
GB201516218D0 (en) Detection system
GB2532935B (en) Proximity detection system
GB201508766D0 (en) Detection system
GB201415372D0 (en) Object detection
GB201404343D0 (en) Tamper detection