GB2563340A8 - Labeling computing objects for improved threat detection - Google Patents
Labeling computing objects for improved threat detectionInfo
- Publication number
- GB2563340A8 GB2563340A8 GB1811133.6A GB201811133A GB2563340A8 GB 2563340 A8 GB2563340 A8 GB 2563340A8 GB 201811133 A GB201811133 A GB 201811133A GB 2563340 A8 GB2563340 A8 GB 2563340A8
- Authority
- GB
- United Kingdom
- Prior art keywords
- descriptor
- threat detection
- context
- computing objects
- action
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
Threat detection in a network, involving processing a first object on an endpoint, the first object from a location external to the endpoint; in response to a first observed action, colouring the object with a descriptor of a context for the first observed action by persistently associating the descriptor with the first object, the context including at least one attribute identifying the first object as exposed to external data; inheriting the descriptor at a second object when the second object is the target of an action by the first object ; applying a rule dependent on the descriptor in response to a second observed action of the second object to detect a reportable event based in part on an exposure of the second object to the external data; and transmitting information including a description of the reportable event and the second object along with the descriptor of the context to a threat management facility.
Applications Claiming Priority (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/485,774 US9537841B2 (en) | 2014-09-14 | 2014-09-14 | Key management for compromised enterprise endpoints |
US14/485,790 US9967264B2 (en) | 2014-09-14 | 2014-09-14 | Threat detection using a time-based cache of reputation information on an enterprise endpoint |
US14/485,769 US9965627B2 (en) | 2014-09-14 | 2014-09-14 | Labeling objects on an endpoint for encryption management |
US14/485,771 US9992228B2 (en) | 2014-09-14 | 2014-09-14 | Using indications of compromise for reputation based network security |
US14/485,765 US10965711B2 (en) | 2014-09-14 | 2014-09-14 | Data behavioral tracking |
US14/485,782 US10122687B2 (en) | 2014-09-14 | 2014-09-14 | Firewall techniques for colored objects on endpoints |
US14/485,762 US9967283B2 (en) | 2014-09-14 | 2014-09-14 | Normalized indications of compromise |
US14/485,759 US9967282B2 (en) | 2014-09-14 | 2014-09-14 | Labeling computing objects for improved threat detection |
GB1804873.6A GB2558811B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Publications (4)
Publication Number | Publication Date |
---|---|
GB201811133D0 GB201811133D0 (en) | 2018-08-22 |
GB2563340A GB2563340A (en) | 2018-12-12 |
GB2563340A8 true GB2563340A8 (en) | 2019-03-27 |
GB2563340B GB2563340B (en) | 2019-07-03 |
Family
ID=55458378
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1705948.6A Active GB2545621B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1815249.6A Active GB2564589B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1715899.9A Active GB2552632B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804902.3A Active GB2558812B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1811133.6A Active GB2563340B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820350.5A Active GB2565735B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1811123.7A Active GB2560861B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804873.6A Active GB2558811B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820349.7A Active GB2565734B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Family Applications Before (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1705948.6A Active GB2545621B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1815249.6A Active GB2564589B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1715899.9A Active GB2552632B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804902.3A Active GB2558812B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Family Applications After (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1820350.5A Active GB2565735B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1811123.7A Active GB2560861B8 (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1804873.6A Active GB2558811B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
GB1820349.7A Active GB2565734B (en) | 2014-09-14 | 2015-09-14 | Labeling computing objects for improved threat detection |
Country Status (2)
Country | Link |
---|---|
GB (9) | GB2545621B8 (en) |
WO (1) | WO2016038397A1 (en) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9992228B2 (en) | 2014-09-14 | 2018-06-05 | Sophos Limited | Using indications of compromise for reputation based network security |
US9537841B2 (en) | 2014-09-14 | 2017-01-03 | Sophos Limited | Key management for compromised enterprise endpoints |
US9967283B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Normalized indications of compromise |
US10122687B2 (en) | 2014-09-14 | 2018-11-06 | Sophos Limited | Firewall techniques for colored objects on endpoints |
US9967264B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Threat detection using a time-based cache of reputation information on an enterprise endpoint |
US10965711B2 (en) | 2014-09-14 | 2021-03-30 | Sophos Limited | Data behavioral tracking |
US9965627B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Labeling objects on an endpoint for encryption management |
US9967282B2 (en) | 2014-09-14 | 2018-05-08 | Sophos Limited | Labeling computing objects for improved threat detection |
US10628597B2 (en) | 2016-04-14 | 2020-04-21 | Sophos Limited | Just-in-time encryption |
US10686827B2 (en) | 2016-04-14 | 2020-06-16 | Sophos Limited | Intermediate encryption for exposed content |
US10791097B2 (en) | 2016-04-14 | 2020-09-29 | Sophos Limited | Portable encryption format |
US9984248B2 (en) | 2016-02-12 | 2018-05-29 | Sophos Limited | Behavioral-based control of access to encrypted content by a process |
US10263966B2 (en) | 2016-04-14 | 2019-04-16 | Sophos Limited | Perimeter enforcement of encryption rules |
US10650154B2 (en) | 2016-02-12 | 2020-05-12 | Sophos Limited | Process-level control of encrypted content |
GB2552438B8 (en) * | 2016-02-12 | 2021-12-08 | Sophos Ltd | Encryption techniques |
US10681078B2 (en) | 2016-06-10 | 2020-06-09 | Sophos Limited | Key throttling to mitigate unauthorized file access |
US10938781B2 (en) | 2016-04-22 | 2021-03-02 | Sophos Limited | Secure labeling of network flows |
US11102238B2 (en) | 2016-04-22 | 2021-08-24 | Sophos Limited | Detecting triggering events for distributed denial of service attacks |
US10986109B2 (en) | 2016-04-22 | 2021-04-20 | Sophos Limited | Local proxy detection |
US11277416B2 (en) * | 2016-04-22 | 2022-03-15 | Sophos Limited | Labeling network flows according to source applications |
US11165797B2 (en) | 2016-04-22 | 2021-11-02 | Sophos Limited | Detecting endpoint compromise based on network usage history |
GB2551983B (en) | 2016-06-30 | 2020-03-04 | Sophos Ltd | Perimeter encryption |
US10848501B2 (en) * | 2016-12-30 | 2020-11-24 | Microsoft Technology Licensing, Llc | Real time pivoting on data to model governance properties |
US11483326B2 (en) | 2019-08-30 | 2022-10-25 | Palo Alto Networks, Inc. | Context informed abnormal endpoint behavior detection |
CN114430335A (en) * | 2021-12-16 | 2022-05-03 | 奇安信科技集团股份有限公司 | Web fingerprint matching method and device |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7921284B1 (en) * | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US7552472B2 (en) * | 2002-12-19 | 2009-06-23 | International Business Machines Corporation | Developing and assuring policy documents through a process of refinement and classification |
US7324108B2 (en) * | 2003-03-12 | 2008-01-29 | International Business Machines Corporation | Monitoring events in a computer network |
US20080141376A1 (en) * | 2006-10-24 | 2008-06-12 | Pc Tools Technology Pty Ltd. | Determining maliciousness of software |
US9367680B2 (en) * | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
US8607340B2 (en) * | 2009-07-21 | 2013-12-10 | Sophos Limited | Host intrusion prevention system using software and user behavior analysis |
US9038168B2 (en) * | 2009-11-20 | 2015-05-19 | Microsoft Technology Licensing, Llc | Controlling resource access based on resource properties |
US9407603B2 (en) * | 2010-06-25 | 2016-08-02 | Salesforce.Com, Inc. | Methods and systems for providing context-based outbound processing application firewalls |
US8875286B2 (en) * | 2010-12-01 | 2014-10-28 | Cisco Technology, Inc. | Method and apparatus for detecting malicious software using machine learning techniques |
US8042186B1 (en) * | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
US9106680B2 (en) * | 2011-06-27 | 2015-08-11 | Mcafee, Inc. | System and method for protocol fingerprinting and reputation correlation |
US8931043B2 (en) * | 2012-04-10 | 2015-01-06 | Mcafee Inc. | System and method for determining and using local reputations of users and hosts to protect information in a network environment |
US9092616B2 (en) * | 2012-05-01 | 2015-07-28 | Taasera, Inc. | Systems and methods for threat identification and remediation |
IL219597A0 (en) * | 2012-05-03 | 2012-10-31 | Syndrome X Ltd | Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention |
US8832848B1 (en) * | 2012-07-26 | 2014-09-09 | Symantec Corporation | Systems and methods for content-aware access control |
US9104864B2 (en) * | 2012-10-24 | 2015-08-11 | Sophos Limited | Threat detection through the accumulated detection of threat characteristics |
US9355172B2 (en) * | 2013-01-10 | 2016-05-31 | Accenture Global Services Limited | Data trend analysis |
US9104865B2 (en) * | 2013-08-29 | 2015-08-11 | International Business Machines Corporation | Threat condition management |
US9578052B2 (en) * | 2013-10-24 | 2017-02-21 | Mcafee, Inc. | Agent assisted malicious application blocking in a network environment |
-
2015
- 2015-09-14 GB GB1705948.6A patent/GB2545621B8/en active Active
- 2015-09-14 GB GB1815249.6A patent/GB2564589B/en active Active
- 2015-09-14 WO PCT/GB2015/052656 patent/WO2016038397A1/en active Application Filing
- 2015-09-14 GB GB1715899.9A patent/GB2552632B8/en active Active
- 2015-09-14 GB GB1804902.3A patent/GB2558812B/en active Active
- 2015-09-14 GB GB1811133.6A patent/GB2563340B/en active Active
- 2015-09-14 GB GB1820350.5A patent/GB2565735B/en active Active
- 2015-09-14 GB GB1811123.7A patent/GB2560861B8/en active Active
- 2015-09-14 GB GB1804873.6A patent/GB2558811B/en active Active
- 2015-09-14 GB GB1820349.7A patent/GB2565734B/en active Active
Also Published As
Publication number | Publication date |
---|---|
GB2565735A (en) | 2019-02-20 |
GB201820350D0 (en) | 2019-01-30 |
GB201815249D0 (en) | 2018-10-31 |
GB2565734A (en) | 2019-02-20 |
GB2558811A (en) | 2018-07-18 |
WO2016038397A1 (en) | 2016-03-17 |
GB2552632B (en) | 2018-05-09 |
GB2545621B8 (en) | 2021-11-03 |
GB2545621A (en) | 2017-06-21 |
GB2558811B (en) | 2019-03-27 |
GB2563340B (en) | 2019-07-03 |
GB2545621B (en) | 2018-03-28 |
GB2558812A8 (en) | 2018-09-05 |
GB2560861B8 (en) | 2019-02-06 |
GB201804873D0 (en) | 2018-05-09 |
GB201705948D0 (en) | 2017-05-31 |
GB201715899D0 (en) | 2017-11-15 |
GB2558812A (en) | 2018-07-18 |
GB2558812B (en) | 2019-03-27 |
GB2564589B (en) | 2019-07-03 |
GB201804902D0 (en) | 2018-05-09 |
GB2560861A8 (en) | 2019-02-06 |
GB201820349D0 (en) | 2019-01-30 |
GB2552632A (en) | 2018-01-31 |
GB2565735B (en) | 2019-05-29 |
GB2560861B (en) | 2018-12-26 |
GB2552632B8 (en) | 2021-11-03 |
GB2565734B (en) | 2019-05-29 |
GB201811123D0 (en) | 2018-08-22 |
GB2560861A (en) | 2018-09-26 |
GB201811133D0 (en) | 2018-08-22 |
GB2564589A (en) | 2019-01-16 |
GB2563340A (en) | 2018-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2563340A8 (en) | Labeling computing objects for improved threat detection | |
PH12020550701A1 (en) | Asset management method and apparatus, and electronic device | |
WO2015112275A3 (en) | Determing data associated with proximate computing devices | |
PH12019501311A1 (en) | Blockchain-based commodity claim method and apparatus, and electronic device | |
RU2017134371A (en) | MANAGEMENT OF OBLIGATIONS AND REQUESTS REMOVED FROM COMMUNICATION AND CONTENT | |
SG10201901732UA (en) | Sensitive information processing method, device, server and security determination system | |
MX2018008104A (en) | Identifying entities using a deep-learning model. | |
PH12016500350A1 (en) | Image processing apparatus and image processing method | |
GB2499519B (en) | User presence detection and event discovery | |
EP4242892A3 (en) | Code pointer authentication for hardware flow control | |
BR112017017222A2 (en) | environmental scenario condition detection | |
WO2015127472A3 (en) | Systems and methods for malware detection and mitigation | |
GB201204006D0 (en) | Point of interest database maintenance system | |
IL226747B (en) | System and method for malware detection learning | |
MX2018002741A (en) | Method and apparatus for determining volumetric data of a predetermined anatomical feature. | |
MX2016013222A (en) | Fault handling method, device and system based on network function virtualization. | |
MX2015011167A (en) | Apparatus and method for processing multiple open apis. | |
WO2018075388A3 (en) | Improved logistical management system | |
MX343875B (en) | Method and system for determining image similarity. | |
SG11201804033RA (en) | Information recommendation method and apparatus | |
NO20171576A1 (en) | Enhancing oilfield operations with cognitive computing | |
SG10201810036QA (en) | Processing queries containing a union-type operation | |
IN2013CH06086A (en) | ||
MY186664A (en) | Multimedia file management method, electronic device, and graphical user interface | |
PH12016500612A1 (en) | Relevance based visual media item modification |