CN101632085B - 企业安全评估共享 - Google Patents

企业安全评估共享 Download PDF

Info

Publication number
CN101632085B
CN101632085B CN200880008153.3A CN200880008153A CN101632085B CN 101632085 B CN101632085 B CN 101632085B CN 200880008153 A CN200880008153 A CN 200880008153A CN 101632085 B CN101632085 B CN 101632085B
Authority
CN
China
Prior art keywords
end points
assessment
security
safety assessment
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200880008153.3A
Other languages
English (en)
Other versions
CN101632085A (zh
Inventor
E·胡迪斯
Y·黑尔曼
J·马尔卡
U·巴拉什
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN101632085A publication Critical patent/CN101632085A/zh
Application granted granted Critical
Publication of CN101632085B publication Critical patent/CN101632085B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements

Abstract

企业范围共享安排使用被称为安全评估的语义抽象来在被称为端点的不同安全产品之间共享安全相关信息。安全评估被定义为端点将较宽泛的上下文含义向所收集的关于感兴趣对象的信息的试验性指派。其试验性特性反映在其两个分量中:用于表达对评估的置信度水平的保真度字段,以及对应于所估计的评估有效时间段的生存时间字段。端点可将安全评估发布到安全评估信道上,以及订阅由其他端点发布的安全评估的子集。一专用端点耦合到该信道,该专用端点通过订阅所有安全评估、记录安全评估、并且还记录由各端点响应于安全威胁而采取的本地动作来作为集中式审核点来执行。

Description

企业安全评估共享
背景
在例如企业办公室的企业计算环境中,多个个人计算机、工作站服务器等,以及诸如大容量存储子系统、内部网络接口和外部网络接口等其他设备通常互相连接以提供其中可生成,从外部源访问并在各个用户之间共享信息的集成环境。通常,用户可执行各种操作,包括定单接收、制造、送货、记帐、库存控制、文档准备和管理、电子邮件、web浏览、以及其中创建、访问和共享数据是有益的其他操作。
当前,通常使用各种不同的安全产品来为企业提供安全性,这些产品各自一般被安排成监视企业范围数据的仅仅一部分。即,安全产品被安排为单独的本地“岛”,其中每一个产品监视、评估企业中的数据的不同部分并对其采取动作。例如,企业可利用诸如保护该企业中的主机计算机的产品、边缘防火墙产品、网络侵入检测系统(“NIDS”)产品、网络接入保护(“NAP”)产品以及其他分立安全产品等安全产品的组合来为该企业的各不同部分提供安全性。
虽然这些安全产品在许多应用中通常都令人满意地执行,但对安全事故的检测经常遭受由于只监视部分企业安全数据而导致的不合需要地高的假肯定和假否定出现水平。也难以提供跨所有企业安全产品岛的公共管理。使得企业范围安全数据相关的现有尝试具有高管理和维护成本并且有缩放方面的问题。将需要更有效的企业安全管理来使得单个企业范围视图能够允许安全管理员定义并强制实施用于自动响应安全事故的清楚、简单且统一的企业范围策略。
提供本背景来介绍以下概述和详细描述的简要上下文。本背景不旨在帮助确定所要求保护的主题的范围,也不旨在被看作将所要求保护的主题限于解决以上所提出的问题或缺点中的任一个或全部的实现。
概述
提供被称为“ESAS,即,企业安全评估共享”的企业范围共享安排,其中创建被称为安全评估的语义抽象以允许在企业安全环境中被称为端点的不同安全产品之间共享安全相关信息。安全评估被定义为端点将较宽泛的上下文含义向所收集的关于该环境中诸如计算机、用户、服务(例如,网站)、数据或作为整体的企业等感兴趣对象的信息(即,某些上下文中的数据)的试验性指派。安全评估利用对于端点的简明词汇来声明环境中的对象落入诸如“已受损”或“正被攻击”等特定评估类别以及所检测到的事故的严重性(例如,低、中、高、关键)。
安全评估是试验性的,因为它遭受某种不确定性并且在有限时间段内有效。安全评估的试验性特性反映在其两个分量中:保真度字段,其表达端点对其上下文含义指派的置信度水平,以及生存时间(“TTL”)字段,其反映端点对安全评估预期有效的时间段的估计。由此,例如,安全评估可由端点用来根据该端点对一个或多个安全事故的现有理解来声明特定机器已受损,严重性等级为关键、保真度为中且具有30分钟的TTL。可以在任何给定企业安全环境中使用各种类型的安全评估,从而具有例如评估类别和其他类型的各种组合。
端点可具有将安全评估发布到在环境中操作的安全评估信道上,以及订阅由其他端点发布的可用安全评估的子集的功能。存在于环境中的活动的安全评估(即,具有指示评估仍然有效的TTL的安全评估)用于提供安全上下文,该安全上下文给予这一启用ESAS的端点查看其自己的本地可用信息的新的方式。即,该安全上下文允许启用ESAS的端点组合或相关来自从各种不同源接收到的且跨对象类型的安全评估的证据以显著提高其对潜在安全事故的检测的质量。该启用ESAS的端点然后根据一组响应策略来作出关于对于每一种类型的安全评估(无论是从另一端点接收到的还是由该端点本身内部生成的)什么本地动作或响应是适当的决定。事故判定是高效且经济的,因为安全上下文使得能够以安全评估的形式来对企业范围信息进行分布式处理,而没有在整个企业中共享大量原始数据(其中大多数都由于缺乏任何上下文而是完全无关的)的负担。启用ESAS的端点还被安排成在提示本地动作的安全评估到期时(即,在该安全评估超过TTL字段中所指定的生存时间时)回退该本地动作。
在一说明性示例中,被称为ESAS中央服务器的专用端点耦合到安全评估信道,该专用端点通过订阅所有安全评估、记录安全评估、并且还记录由各端点响应于环境中的安全事故而采取的本地动作来作为集中式审核点来执行。该ESAS中央服务器向管理员提供作为整体的企业以及每一个启用ESAS的端点的历史和当前状态的综合视图。利用安全评估使得管理员能够紧凑且高效地配置对跨整个企业检测到的事故的响应策略。安全评估用作用于定义企业范围安全响应策略的自然锚或起始点。由此启用简化且一致的管理界面来为跨整个企业的每一种类型的安全评估定义所需响应。
本发明的ESAS共享安排提供了多个优点。通过采用具有简明词汇的安全评估,显著地降低了企业中的总体数据复杂性并且在各端点之间只共享有意义的信息。使用安全评估还消除了在中央存储位置收集大量原始数据的需求,并由此使得能够在非常经济的基础上构建高度可缩放的企业安全解决方案。另外,可容易地用按需可扩展性来部署新端点。安全评估可以在该新端点和现有端点之间共享而无需重新配置现有端点中的响应策略中的任一个。新端点使用现有端点已经理解的语义抽象来担当新的安全评估源即可。利用安全评估还使得能够使用非常紧凑且清楚的方法来建立企业范围安全策略,而无需理解每一个端点可在企业中生成的所有可能的安全事件并然后试图描述对于每一个事件的响应动作。
提供本概述是为了以简化的形式介绍将在以下详细描述中进一步描述的一些概念。该概述不旨在标识所要求保护的主题的关键特征或必要特征,也不旨在用于帮助确定所要求保护的主题的范围。
附图简述
图1示出其中可实现本发明的企业安全评估共享的说明性企业安全环境;
图2示出其中提供信道以使得能够在多个端点之间共享安全评估的说明性企业安全评估共享安排;
图3示出作为安全评估的基础的说明性术语分层结构;
图4示出两个说明性端点以及通过利用本发明的安全评估安排来实现的复杂性降低;
图5示出启用对安全评估的共享的端点中所设置的功能的说明性示例;
图6是第一说明性情形的图示,其中多个启用ESAS的端点耦合到安全评估信道并且在一个端点处检测到的事故触发多个其他端点处的响应;
图7是第二说明性情形的图示,其中触发由还执行跨对象映射的接收启用ESAS的端点来生成新的高保真评估的低保真安全评估通过安全评估信道来发送;
图8是示出补救技术的针对性使用的第三说明性情形的图示;
图9示出由使得诸如管理员等用户能够管理和定义企业中的启用ESAS的端点的响应策略的图形用户界面(“GUI”)提供的说明性屏幕;
图10示出由被安排成补充图9所示的GUI屏幕或用作对该GUI屏幕的替换的GUI提供的说明性屏幕;以及
图11示出其中本发明的ESAS特征集提供企业安全管理层功能的说明性企业安全安排。
详细描述
对现有企业安全解决方案的分析指示仍然存在解决顾客需求的大量机会。例如,每一个单独的安全产品往往具有对诸如通过恶意软件或恶意用户的动作而产生的安全事故的高假肯定和假否定检测率。出现这一低保真检测是因为来自单一类型的源的数据(即,企业范围数据的子集)一般不提供对安全事故作出准确评估所需的上下文。
对自动动作或响应的使用由于该低保真检测而是极少见的,因为对所检测到的事故的有效性的置信度很低。另外,对检测到的事故的典型响应往往是非常粗暴的,例如,用户或机器可能从网络断开。因为这些粗暴的动作通常对企业中的商业活动施加大量成本,所以通常不执行基于低保真检测的这些动作的自动化。
在检测到感兴趣的事故时,现有安全产品通常执行调查以确定该检测的有效性(即,事故是真还是假)以及作为响应要采取什么动作。在调查上耗费大量资源以审阅所收集的可能与所检测到的事故相关的详细数据。因为始终收集所有数据是不可行的,所以安全产品通过应用由管理员定义的策略来仅收集可用数据的子集。这些策略通常是静态的并且通常基于收集系统的存储容量并且未必按照事故数据或数据源的相关性来定义。
在检测到事故时,对策略的应用通常导致对触发该检测的数据的审阅。当该数据被认为不足以生成高保真响应时,通常收集甚至更多的数据。例如,可监视进出被怀疑的已受损机器的所有数据通信。在许多情况下,收集大量数据但从不使用这些数据,并且这些数据具有仅作为噪声的统计重要性。因此,许多现有安全产品收集通常过多的噪声,但未收集足够的相关数据。
供改进的另一领域是整个企业中的响应的管理和协调。现有企业安全产品固有地提供对在每一个单独的岛中检测到的事故的本地化响应。因为这些安全产品都是孤立的,所以可能的响应选项被限于企业中该特定安全产品所操作的那部分。即,动作和响应能够针对所检测到的单独事故来在一个安全产品岛中定义,但不存在描述当在企业的另一部分中或在全局的基础上应用时可能更有效的所需动作的能力。当前不存在用于启用对针对安全事故的响应策略的企业范围定义和强制实施的单个管理点。也不存在每一个岛可用于进行通信以由此通知其他岛发生了某件事情或者需要采取动作的统一响应信道和语言/协议。缺乏管理和协调的响应导致对于跨企业中的岛的数据的手动集成和相关招致大量成本。
现在转向各附图,其中相同的附图标记指示相同的元素,图1示出了其中可部署被称为端点的各种安全产品105-1,2...N的说明性企业安全环境100。要强调的是,图1所示的端点105的数量和类型仅仅是说明性的,并且取决于企业安全评估共享的具体应用的要求,可增加或减少具体端点数量,且可利用不同类型的安全产品/端点。例如,除了图1所示且在以下描述的安全产品之外,web应用程序保护产品、SEM/SIM(安全事件管理/安全事故管理)产品、操作健康监视和配置管理产品(例如,微软
Figure G2008800081533D00051
软件更新服务、微软操作管理器)、或者身份管理产品(例如,微软现用目录)也可在某些应用中使用。
在企业安全环境100中,部署主机安全端点1051以保护、评估和监视企业100中的多个主机计算机108。主机安全端点1051的商用示例是微软Forefront Client(前线客户机安全),其为企业的台式计算机、膝上型计算机和服务器操作系统提供统一的恶意软件保护。
边缘防火墙1052是被安排成保护企业环境100以免遭基于因特网的威胁同时向用户提供通过周界网络112的对应用程序和数据的远程访问的安全产品。边缘防火墙1052可具体化为例如,微软Internet Security and
Figure G2008800081533D00061
(因特网安全和加速,“ISA”)服务器。
NAP安全端点1053通过确保正在发生的对由管理员定义的健康策略的遵从来执行健康策略确认。通常,对于由NAP安全端点1053监视的、不符合系统健康要求的计算机(例如,台式计算机和漫游膝上型计算机115)限制访问。
NIDS安全端点1054分析内部网络119上的企业100内的通信。NIDS安全端点1054用于通过监视内部网络119上的网络通信来检测诸如服务拒绝攻击端口扫描等恶意活动。
业务线安全端点105N保护各个业务线应用程序122。业务线应用程序122包括例如,诸如微软等在企业100中使用的电子邮件应用程序。安全端点105N通常监视电子邮件以提供反病毒和反垃圾邮件保护。
企业100中的安全端点105中的每一个一般都被安排为单独的岛,如图1中的虚线矩形所示。因此,每一个安全端点105都被安排成监视企业100中的可用数据的子集并响应于所检测到的事故来执行本地化动作。另外,每一个端点通常都包括本地管理功能135-1,2...N。如上所述,各单独的本地管理功能一般不集成以提供单个管理点。
图2示出了说明性ESAS安排200,其中提供信道205以使得能够使用在每一个端点处共同利用的语言/协议来在多个端点之间共享被称为“安全评估”的语义抽象。安全评估信道205方便由端点用来将安全评估源(发布者)连接到安全评估的消费者(订阅者)的发布/订阅模型。如图所示,安全评估信道205上的发布者和订阅者两者都是端点105。
端点105通过被安排成简化与安全评估信道205的交互的语义抽象层来与实际传输机构和发布/订阅模型的管理隔离开。该抽象层包括描述端点订阅的安全评估类型的表以及描述端点发布的安全评估类型的表(如下所述,通常并非所有端点都订阅所有安全评估类型)。另外,该抽象层提供用于读取接收到的安全评估的API(应用程序编程接口)以及用于生成安全评估的API。
专用端点,即ESAS中央服务器216耦合到安全评估信道205,并且作为对于ESAS安排200的集中式审核点来执行。因此,ESAS中央服务器216订阅所有安全评估并且永久地记录这些安全评估。ESAS中央服务器216还接收并记录来自端点的、指示端点所采取的本地动作的消息。该ESAS中央服务器216由此向管理员提供安全评估监视功能,该功能给出了作为整体的企业以及每一个启用ESAS的端点的历史和当前状态的综合视图。
图3示出了作为安全评估的基础的说明性术语分层结构300。安全评估被定义为安全含义或类别向信息的试验性指派。如此处所使用的信息被定义为具有某些上下文的数据。数据被定义为缺少上下文的离散项目。这些定义可通过示例来进一步描述。如图3所示,数据片段305是事件日志中诸如失败的登录等事件。信息310是具备上下文的数据,该上下文在该示例中是该失败的登录是在同一机器,即命名为膝上型计算机2的膝上型计算机上的10分钟之内的第六次这样的失败。在该示例中,安全评估316指示膝上型计算机2以特定方式进行分类,即,该膝上型计算机被评估为具有类别“已受损”、高“严重性”,并且其中这一评估具有低“保真度”(这些术语将在以下更详细地定义和讨论)。
可对企业安全环境中诸如用户或设备等任何感兴趣的对象执行安全评估。在该说明性示例中,评估包括四种主要对象类型:1)主机-关于企业中的计算机的评估;2)用户-关于企业中的用户或账户的评估;3)服务-关于诸如具有恶意名声的网站的URL(统一资源定位符)等提供给企业的服务的评估;4)企业-关于作为整体的企业或者该企业的诸如部门、子网、站点或分支等明确定义的子集的评估;以及5)数据-关于存在于企业中的或由企业中的对象来访问的业务相关数据(例如,在文档中发现的业务数据、电子邮件、数据库中的业务数据等)的评估。
要强调的是,这些对象类型仅仅是说明性的,并且可按特定情形所需使用其他对象类型。在企业安全评估共享的大多数应用中,端点只发布和订阅所有可用安全评估类型的子集,因为特定端点一般将会对企业环境中的特定对象感兴趣。另外,虽然某些端点将会既是发布者又是订阅者,但并不要求每一个端点支持这两个功能。出于这些原因,此处所使用的发布/订阅模型被称为是松耦合的。
以下的表1示出了一组说明性评估类别及其到特定对象类型的映射,该组评估类别可被包含在典型的安全评估中:
 对象类型   评估类别   描述
 主机   易受攻击的机器   机器具有易受攻击的配置或者遗漏了某些补丁。
  已受损机器   端点检测到机器可能受到恶意软件/用户的损害的某些证据。
  正被攻击的机器   检测到攻击尝试但没有成功的证据
  感兴趣的机器   端点对机器有一般怀疑但不具有指出什么出错的能力
 用户   已受损用户   端点检测到用户/账户可能已受损的某些证据。
  正被攻击的用户   检测到攻击尝试但没有成功的证据
  恶意用户   端点或管理员检测到用户是恶意用户并主动(即,故意)执行非法动作。
  感兴趣的用户   端点对用户/账户有一般怀疑但不具有指出什么出错的能力。
 企业   正被攻击的企业   端点检测到企业正被攻击但没有企业的有效部分已受损的证据。
  已受损企业   端点检测到企业的有效部分已受损(机器/用户)。
 服务(例如,网站)   恶意   URL(统一资源定位符)具有恶意名声。
 数据   已受损   端点检测到企业中的某些业务相关数据已受损的某些证据。
  被破坏   端点检测到企业中的某些业务相关数据已被破坏的某些证据。
表1
在本发明的说明性ESAS安排中,通常利用四个严重性等级:低、中、高和关键。通常利用三个保真度等级:低、中和高。注意,对于严重性和保真度两者的等级数可被安排成取决于评估类别而不同。例如,对于评估类别“易受攻击的机器”可能使用三个严重性等级,而对于评估类别“已受损机器”使用四个严重性等级。该对要利用的等级数的特定选择将取决于本发明的企业安全评估共享的具体应用的要求。
安全评估使用在作出该评估时可用的信息并且依赖于驻留在产生该评估的端点中的特定安全专家经验和知识。安全评估是试验性的,因为对任何特定事件的置信度永远不会是绝对的,并且还因为评估由于其依赖于在产生该评估时存在的信息而在本质上是临时的。在将来某一时刻,其他信息将会是可用的,因此安全评估可能变化。
安全评估的试验性特性反映在每一个评估中所包括的两个字段,即保真度和生存时间(“TTL”)中。保真度字段为端点提供表达其对较宽泛的上下文含义向正在分析的信息的指派的置信度水平。TTL字段使得端点能够反映对安全评估预期有效的时间段的最佳估计。或另选地,TTL字段提供对将来的安全评估更新的最佳估计。当TTL到期时,基于所订阅的安全评估来采取动作的端点预期在该评估的TTL到期时回退这些动作。由此,该TTL提供安全阀功能,该功能用于防止用户或机器由于假肯定或在企业中的某处丢失消息而不恰当地受制于受限访问。然而,如果这一受限访问的确是适当的,则或者可生成新的安全评估以继续该限制,或者延长TTL。
安全评估被设计成启用使用紧凑词汇的精确语义(即,由安全评估中所使用的类别赋予的含义)。如图4所示,企业中的端点105中的两个记录关于其各自感兴趣的领域内所发生的事件的数据。主机事件日志405和防火墙事件日志412由此包含大量数据。通常,这些数据在各自端点中使用相关规则420和425来处理以标识感兴趣的事件。通常众多的相关规则定义本地化的发起者或响应于所检测到的事件而采取的动作。
通过比较,附图标记432所指示的安全评估只包含相对较少的数据。由于安全评估用于将宽泛的上下文指派给信息,因此它们提供对于以下问题的答案:谁创建了评估?何时?为什么?持续多久?以及,对哪一个对象应用评估?由此,为了利用安全评估,端点只需理解相比于由于应用相关规则而产生的无数信息消息的极少数感兴趣的评估类型。因此,由每一个端点收集的数据的复杂性通过将信息映射到一个或多个评估类型来降低。使用安全评估由此使得能够向订阅端点提供相关信息而无需跨企业共享大量数据或信息。
以下的表2提供了可被包括在典型的安全评估中的一组说明性字段。
  字段   描述
  事故ID   表示为其创建安全评估的事故的唯一标识符。因为可能存在绑定到同一事故(例如,检测、响应、批准、取消)的若干评估,所以该字段还使用相关值
  实例ID   表示单个安全评估消息的唯一标识符
  源   端点类型(例如,主机安全性、边缘防火墙、NAP、NIDS等)和唯一端点ID
  关于   如果评估是响应于其他安全评估而创建的,则该字段将包含所有评估的事故ID的列表
  对象类型   主机、用户、名声、企业或其他对象类型
  对象ID   对象的标识符。端点通常以不同的方式来描述相同的对象。例如,主机可由其FQDN(完全合格域名)、IP(网际协议)、MAC(媒体访问地址)或SMTP(简单邮件传输协议)地址等来标识
  类别   已受损、易受攻击、正被攻击等
  操作   已发布(检测到后)、响应、批准、取消等
  严重性   事故的严重性
  保真度   端点对其事故检测的置信度
  创建时间   GMT(格林威治标准时间)和本地时间
  TTL   以分钟计的生存时间
  描述   解释为何创建评估的人类可读格式
  数据   关于为何创建评估的私人信息。其他端点可使用该数据来获取附加相关
  响应   (可任选)包含由端点采取的一组响应的复合节点
  由   (可任选的)在用户批准/取消/创建评估的情况下,该字段将包含该用户的名称
  版本   评估的模式版本
通过使用表2中的字段,安全评估能够表达以下事件:
1.检测。端点执行某一分析以推断已发生某一异常行为(已受损机器、易受攻击的机器、已受损的用户等);
2.响应。端点由于安全评估而采取动作。端点应通知系统(具体而言,图2中的ESAS中央服务器216)何时采取动作。响应可包括例如,阻塞通信、触发扫描、重置密码、收集关于机器的更多数据以及类似动作。注意,诸如重置密码或触发扫描等某些响应是间歇性的,而其他响应是持续性的并且需要被回退以便被取消;
3.评估批准。管理员可使用到ESAS中央服务器216的接口来手动批准评估。应在这一批准之后通知各端点以使得这些端点将执行“必需的手动批准”响应;
4.取消。管理员或端点可取消现有安全评估;
5.响应回退。端点通知系统(图2中的ESAS中央服务器216)该端点已回退由于特定评估而采取的所有响应/动作;
6.诸如连接验证器、等待时间检查和错误信息等健康信息评估;
7.对调查数据的请求。这是从一端点到另一端点的、发送其在给定时间段内收集的关于对象的所有数据的请求;以及
8.对调查数据的请求完成。这是供端点确认它已执行请求的方法。对请求的响应在存储/发送数据后发送。
在企业安全评估共享的该说明性示例中,每一个端点都被安排成执行下述任务中的至少某一些。在某些安排中,每一个端点都用通过使用分立ESAS代理来执行这些任务所需的附加功能来增强。或者,该增强功能可更紧密地集成到由端点提供的核心功能中,并且单独或分立的代理可不必被包含在该端点中。这些任务包括:
1.基于关于所监视的系统的本地可用信息和安全上下文来生成新安全评估;
2.订阅来自其他端点的可用安全评估的子集;
3.处理传入安全评估以由此影响安全上下文。该处理可导致生成新安全评估;
4.根据响应策略来采取本地动作;
5.在导致本地动作的评估到期(即,相关联的TTL到期)时回退(自恢复)该本地动作。
图5示出了设置在端点中的ESAS代理505的说明性示例,该端点通过安全评估信道205来订阅来自其他端点105-1,2...N(图1)的可用评估的子集。如上所述,由ESAS代理505提供的功能可另选地直接与端点的核心功能集成。
多个安全评估506对于安全评估类型(即,主机、用户、名声和企业)中的每一个都是可用的。如附图标记511所示,在该说明性示例中,ESAS代理505订阅对象类型为“主机”且评估类别为“易受攻击”的安全评估。要强调的是,感兴趣的对象类型和评估类别的特定组合对于不同的端点可以是不同的。同样,通过使用松耦合发布/订阅模型,并不要求每一个端点都订阅每一个安全评估。
在过程框514,端点使用可具有某种相关性的相关规则522和本地可用数据527来处理接收到的安全评估。这一评估过程的输出包括生成新评估530和/或调用本地动作535。如上所述,这一本地动作在接收到的评估根据其中所包含的TTL字段而到期时经受回退541(即,自恢复)。
ESAS代理505根据以下规则来解释安全评估:
1.在生成关于特定对象的安全评估时,端点可将以下各项的任何组合考虑在内:
a)关于该对象或该端点监视的任何其他对象的所有本地可用信息;
b)该端点接收到的所有当前活动的安全评估(即,具有未到期TTL的安全评估);
c)该端点过去所采取的所有本地动作。
2.本发明的企业安全评估共享安排中的所有端点都遵循端点中的所有本地可用信息集都是互斥的原理。即,本发明的安排具有至多一个处理特定本地信息片段的端点。
3.安全评估通常被解释为关于对象的当前和将来安全状态的端点评估。
重要的是注意,如上文所定义的信息和数据这两个术语,规则2指的是信息而不是数据的排他性。两个端点在它们从数据中提取的并在稍后用于生成评估的信息是排他的情况下可处理相同或重叠的数据源。
为了示出规则3的暗示,考虑其中机器的排定的反病毒扫描检测到并移除已知恶意软件片段的以下示例。基于该检测,其他本地可用信息、接收到的当前活动评估以及端点的关于当前安全事故的嵌入知识,端点可得出以下结论中的一个:1)机器在过去受到过感染,但现在是清洁的并且未造成任何其他将来安全风险;2)该机器已被感染,并且虽然特定恶意软件已被移除,但它仍然可能或很可能造成安全风险。根据规则3,端点应在后一种情况下生成关于该机器的安全评估但不应在前一种情况下生成安全评估。
图6是第一说明性情形的图示,其中多个启用ESAS的端点耦合到安全评估信道205,并且在一个端点处检测到的事故触发多个其他端点处的响应。该说明性情形分三个阶段描述。如附图标记610所指示的,边缘防火墙1052首先标识可能已受损的客户机,例如这是因为该客户机创建太多的到周界网络112(图1)的连接以使得对于该行为的最有可能的解释是安全性损害的存在。其次,如附图标记620所指示的,该边缘防火墙1052通过安全信道205来将具有高严重性和高保真度的、指示特定客户机“已受损”的安全评估发送到订阅端点。
再次,接收该安全评估的订阅端点105-1,3...N和ESAS中央服务器216通过应用其自己的相关规则和本地可用数据来应用其特定安全专家经验以触发适当的动作。如图6中的附图标记630所共同指示的,主机安全端点1051执行按需扫描。NAP端点1053撤消所标识的已受损客户机的IP安全证书并实现端口关闭。业务线安全端点105N基于所接收到的安全评估来临时挂起到该已受损客户机的即时消息传递(“IM”)通信。ESAS中央服务器216引发对安全分析员(例如,管理员)的警告并且还记录所有安全评估和所调用的动作。
上述第一说明性情形提供其中检测到嫌疑事故的端点生成具有高严重性和高保真度的安全评估(即,该端点对其有效地检测到严重事故具有高置信度)的情况。通过比较,图7是第二说明性情形的图示,其中触发由还执行跨对象映射的接收端点来生成新的高保真评估的低保真安全评估通过安全评估信道205来发送。
该第二说明性情形也分三个阶段描述。如附图标记710所指示的,边缘防火墙1052首先检测到到周界网络112(图1)的大量客户机连接。然而,与图6所示且在所附文本中描述的第一说明性情形不同,客户机所建立的连接数量不是太多从而导致该边缘防火墙1052无法绝对肯定该客户机已受损。在现有企业安全系统中,当端点看见这一数据时,它通常仅丢弃该数据并且不采取动作,因为没有足够的证据来保证诸如断开机器等典型的粗暴响应。通过比较,在当前情形中,在第二阶段中边缘防火墙1052通过安全评估信道205来发送具有中严重性和低保真度的、指示该特定客户机已受损的安全评估715,如附图标记720所指示的。
在此,对于由边缘防火墙1052生成的安全评估715中所引用的特定对象的订阅端点包括主机安全端点1051和ESAS中央服务器216。虽然这一低保真数据在现有安全产品中一般不触发将要在端点处采取的动作,但根据本发明的企业安全评估共享,主机安全端点1051鉴于从边缘防火墙1052接收到的安全评估来不同地考虑其自己的本地数据。在这种情况下,使用由主机安全端点1051处的按需扫描产生的本地数据和来自边缘防火墙1052的安全评估中所包含的信息来生成新的评估725和728。由此,主机安全端点1051具有这样的信息:该信息本身不保证生成新安全评估,但如在这种情况下一样,在用来自另一端点的甚至低保真评估来加强时,有足够的证据证明创建各自具有高保真度的新安全评估725和728是正确的。
主机安全端点1051将该新安全评估725和728置于安全评估信道205上。该新安全评估725和728由订阅端点通过安全评估信道205来接收,该订阅端点在该说明性情形中包括对于安全评估725的边缘防火墙1052以及对于安全评估728的业务线端点105N
注意,业务线端点105N并不是由边缘防火墙1052产生的原始安全评估715的订阅者,因为引用对象类型是机器并且业务线端点105N由于其保护电子邮件的角色而通常关心用户。然而,在该第二说明性情形中,主机安全端点1051在其生成新安全评估728时从主机对象类型映射到用户对象类型。这一跨对象映射能力在许多情况下都可能是有益的,如可以构想,诸如恶意软件或恶意活动等可能损害主机计算机的数据秘密性或完整性的高严重性事故也可能损害用户。可生成将高严重性事故从主机对象类型跨对象地映射到具有特定保真度的用户对象类型的安全评估。类似地,在其中恶意软件或恶意活动实际上已经导致主机计算机上的数据完整性丢失的关键严重性事故的情况下,可生成具有甚至更高保真度的对于用户对象类型的安全评估。
在阶段三,新安全评估725和728触发接收端点处的各种相应动作,如由附图标记730所共同指示的。具体而言,边缘防火墙1052阻塞除了软件更新和/或关键任务访问之外的已受损客户机的所有访问。业务线端点105N临时挂起传出电子邮件。并且,如同第一说明性情形,ESAS中央服务器216继续记录所有评估和动作。如上所述,这些限制仅在与新安全评估725和728相关联的TTL保持有效的时间段期间强制实施。当这些新安全评估到期时,回退各自端点所采取的动作,除非延长TTL或者接收到调用限制动作的新安全评估。
图8是示出补救技术的针对性使用的第三说明性情形的图示。该第三说明性情形分三个阶段描述。如附图标记810所指示的,边缘防火墙1052首先检测到到周界网络112(图1)的大量客户机连接。其次,如附图标记820所指示的,该边缘防火墙1052通过安全信道205来将具有高严重性和高保真度的、指示特定客户机“已受损”的安全评估815发送到订阅端点。该订阅端点包括主机安全端点1051、NAP端点1053和ESAS中央服务器216。
主机安全端点1051审阅所接收到的安全评估并使用相关规则和任何相关的本地可用数据来应用其特定安全专家经验。在该说明性示例中,主机安全端点1051作为响应生成新安全评估825,其包含业务线安全端点105N所订阅的用户对象类型。
在该情形的第三阶段中,各端点所采用的补救技术在其对企业100(图1)中的业务操作的潜在影响方面被认为是昂贵的。例如,如附图标记830所指示的,业务线安全端点105N实现需要临时挂起传出电子邮件的响应策略。另外,主机安全端点1051执行按需扫描并且如果未得到结果,则执行深度扫描。虽然这些补救技术在解决恶意软件、恶意用户和其他问题时可能是非常有效的,但这些技术通常给企业造成了巨大的花费。例如,传出电子邮件被挂起的用户将会是较不多产的,并且深度扫描通常需要会将机器从服务中移除一段时间的一次或多次重启。
本发明的ESAS安全有利地使得能够以有针对性的方式,而不是仅仅以对于某些机器和/或用户可能未被证明是正确的通用方式或全盘应用这些虽然昂贵但有效的补救技术。该环境中只有使用预定义准则来被认为是有嫌疑的对象才将经受这些特定补救技术。
图9示出了由使得诸如管理员等用户能够管理和定义企业100(图1)中的端点的响应策略的图形用户界面(“GUI”)提供的说明性屏幕900。在某些应用中,该GUI被主存在ESAS中央服务器216(图2)上。有利的是,具体化为安全评估的语义抽象层使得能够使用非常紧凑且清楚的方法来建立企业范围安全策略。即,响应策略可通过将安全评估用作定义的起始点,而不关心企业中的哪一个端点创建了该安全评估或者该端点如何得出该安全评估中所反映的结论来配置。安全评估与其紧凑分类由此用作对于企业范围安全响应策略的自然锚。在没有本发明的ESAS安排来简化响应策略的配置的情况下,用户将需要考虑每一个端点可能生成的每一个事件和/或警告,并且然后定义对每一个这样的事件做什么。
屏幕900是使用对应于多个不同端点的字段903-1,2...N来示出企业范围响应策略的配置的说明性示例,该配置针对如附图标记906所指示的、定义对于该响应策略配置的起始点(即,“锚”点)的具有关键严重性的评估类别已受损机器的情况。要强调的是,对于其他评估类别、对象类型、严重性等级等将利用其他用户界面屏幕以使得允许用户为多个不同起始点定义可能在特定企业安全环境中使用的响应策略。在该特定示例中,响应策略取决于所设置的严重性等级为“关键”的特定安全评估的保真度来设置。字段903包括多个相应的子字段,这些子字段被安排成使用例如典型的GUI中所采用的文本输入框、下拉菜单等来反映用户定义的输入。
如子字段910所指示的,对于具有关键严重性的指示已受损机器的安全评估,边缘防火墙1052(图1)被配置成在安全评估具有低保真度时增加审核量(即,移至与普通审核级别相比增加所收集的数据量的深度审核级别)。子字段913示出对于具有中保真度的评估,边缘防火墙1052提高审核级别并且还将对所怀疑的已受损机器的因特网访问仅限于通常包括已知不是恶意的站点的“白名单”URL。在保真度为高时,如子字段916所示,完全阻塞对因特网的访问。
字段9032示出对应于主机安全端点1051(图1)的响应策略配置。对于具有低保真度并且指示已受损机器且严重性为关键的安全评估,主机安全端点1051将审核量增加至深度审核级别,如子字段920所指示的。子字段923指示对于中和高保真度的情况,主机安全端点1051增加其审核,并且还增加执行对其主机的深度扫描(其中“深度”扫描可能需要计算机重启一次或多次)。
字段903N示出对应于业务线安全端点105N(图1)的响应策略配置。对于具有低保真度并且指示已受损机器且严重性为关键的安全评估,业务线安全端点105N将审核量增加至深度审核级别,如子字段926所指示的。子字段932指示对于具有中保真度的安全评估,业务线安全端点105N将其数据收集增加至深度审核,并且还限制对于电子邮件的文件附件。子字段935指示对于具有高保真度的安全评估,业务线安全端点105N阻塞所有即时消息传递(“IM”)通信。
字段941示出对应于图2中的ESAS中央服务器216的响应策略配置。对于具有高保真度的安全评估,如子字段943所指示的,ESAS中央服务器216执行对于受影响的机器的端口关闭并生成相关联的用户账户已被挂起的警告。如同以上所讨论的子字段,子字段943通常被安排成接受用户定义的输入。
图10示出了由使得诸如管理员等用户能够管理和定义企业100(图1)中的端点的响应策略的GUI提供的说明性屏幕1000。该屏幕和GUI可用于补充图9所示并且在所附文本中描述的安排,或者可用作替换安排。屏幕1000提供对应于各种保真度等级和所有严重性等级的评估类别“已受损机器”的响应策略配置的单个视图。在该说明性示例中,具有任意严重性等级的评估类别为“已受损”的安全评估类型1006用作对于所示响应策略配置的锚。要强调的是,可构想用于与其他对象类型和评估类别一起使用的类似屏幕。如同图9所示且在所附文本中描述的安排,图10所示的安排提供了用于整个企业中的端点的响应策略的非常紧凑的管理界面。
图11示出了说明性企业安全安排1100,其中本发明的ESAS特征集,包括安全评估共享、ESAS中央服务器的安全评估监视(如图2所附文本中所描述的)以及用于企业范围响应策略配置的紧凑分类(如图9和10所附文本中所描述的,用作企业安全管理层1105。即,附图标记1108所指示的ESAS特征集在企业环境中的所有端点之间共享,并且不限于作为单个企业安全产品岛的一部分。由通过安全评估信道205(图2)来共享的安全评估形成的语义抽象层使得能够利用单个且一致的管理界面以由此创建针对企业安全的更集成的方法。
尽管用对结构特征和/或方法动作专用的语言描述了本主题,但可以理解,所附权利要求书中定义的主题不必限于上述具体特征或动作。相反,上述具体特征和动作是作为实现权利要求的示例形式公开的。

Claims (11)

1.一种使用安全相关信息共享模型的方法,所述安全相关信息共享模型可用于在企业安全环境中的多个端点之间共享安全相关信息,所述方法包括以下步骤:
使用对于端点可用的安全相关信息的语义抽象来描述所述环境中的对象,所述语义抽象是被安排成由端点使用预定义分类向所述安全相关信息提供上下文指派的安全评估,所述语义抽象i)按类型来进行分类,并且ii)由所述端点来共同利用,每个所述端点被配置为接收由其它端点发布的语义抽象,并且每个所述端点被进一步配置为响应于所接收到的语义抽象使用信息来生成新的语义抽象,所述信息对于执行所述生成的端点来说是本地可用的;以及
使用发布端点用于发布订阅端点根据订阅来接收的语义抽象的发布和订阅模型,所述订阅基于语义抽象类型。
2.如权利要求1所述的方法,其特征在于,所述对象类型包括主机、用户、服务、数据或企业中的至少一个。
3.如权利要求1所述的方法,其特征在于,所述评估类别包括易受攻击、已受损、正被攻击、感兴趣、已破坏或恶意中的至少一个。
4.如权利要求1所述的方法,其特征在于,所述评估类别中的特定评估类别被映射到所述对象类型中的特定对象类型。
5.如权利要求1所述的方法,其特征在于,所述安全评估包括多个字段,所述多个字段中的至少一个是被安排成表达端点对所述安全评估的置信度的保真度字段。
6.如权利要求1所述的方法,其特征在于,所述安全评估包括多个字段,所述多个字段中的至少一个是被安排成表达端点对所述安全评估预期有效的时间段的估计的生存时间字段。
7.如权利要求1所述的方法,其特征在于,所述多个端点中的至少一个端点包括安全解决方案对象,所述对象选自安全产品、安全解决方案、管理产品、管理解决方案、安全服务或管理服务中的一个。
8.一种用于使得端点能够共享企业安全环境中的安全相关数据的方法,所述方法包括以下步骤:
生成用于描述事件的安全评估,其中所述生成至少部分地基于关于由所述端点监视的系统的本地可用信息,所述安全评估被安排成为所述事件提供上下文含义并且用所述安全评估在其上有效的时间间隔来定义;
根据对由所述企业安全环境中的其他端点生成的可用安全评估的子集的订阅来接收当前安全评估;
响应于所接收的当前安全评估生成更新的安全评估;以及
在每一个安全评估的基础上根据响应策略来采取响应。
9.如权利要求8所述的方法,其特征在于,所述响应包括本地动作。
10.如权利要求8所述的方法,其特征在于,所述本地可用信息还包括由所述端点采取的一个或多个过去的本地动作。
11.如权利要求8所述的方法,其特征在于,包括一旦所接收到的安全评估不再有效就回退所述本地动作的进一步的步骤。
CN200880008153.3A 2007-03-14 2008-03-14 企业安全评估共享 Active CN101632085B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US11/724,061 US8959568B2 (en) 2007-03-14 2007-03-14 Enterprise security assessment sharing
US11/724,061 2007-03-14
PCT/US2008/057164 WO2008113059A1 (en) 2007-03-14 2008-03-14 Enterprise security assessment sharing

Publications (2)

Publication Number Publication Date
CN101632085A CN101632085A (zh) 2010-01-20
CN101632085B true CN101632085B (zh) 2012-12-12

Family

ID=39760115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200880008153.3A Active CN101632085B (zh) 2007-03-14 2008-03-14 企业安全评估共享

Country Status (5)

Country Link
US (1) US8959568B2 (zh)
EP (1) EP2135188B1 (zh)
JP (1) JP5363346B2 (zh)
CN (1) CN101632085B (zh)
WO (1) WO2008113059A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106416183A (zh) * 2014-05-12 2017-02-15 思科技术公司 使用分布式分类器的投票策略优化

Families Citing this family (257)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0513375D0 (en) 2005-06-30 2005-08-03 Retento Ltd Computer security
US8515912B2 (en) 2010-07-15 2013-08-20 Palantir Technologies, Inc. Sharing and deconflicting data changes in a multimaster database system
US8688749B1 (en) 2011-03-31 2014-04-01 Palantir Technologies, Inc. Cross-ontology multi-master replication
US20080229419A1 (en) * 2007-03-16 2008-09-18 Microsoft Corporation Automated identification of firewall malware scanner deficiencies
US8739289B2 (en) 2008-04-04 2014-05-27 Microsoft Corporation Hardware interface for enabling direct access and security assessment sharing
US20100011432A1 (en) * 2008-07-08 2010-01-14 Microsoft Corporation Automatically distributed network protection
US8954897B2 (en) 2008-08-28 2015-02-10 Microsoft Corporation Protecting a virtual guest machine from attacks by an infected host
US9495538B2 (en) * 2008-09-25 2016-11-15 Symantec Corporation Graduated enforcement of restrictions according to an application's reputation
US20100287231A1 (en) * 2008-11-11 2010-11-11 Esignet, Inc. Method and apparatus for certifying hyperlinks
US8881266B2 (en) * 2008-11-13 2014-11-04 Palo Alto Research Center Incorporated Enterprise password reset
US7640589B1 (en) * 2009-06-19 2009-12-29 Kaspersky Lab, Zao Detection and minimization of false positives in anti-malware processing
US8752142B2 (en) 2009-07-17 2014-06-10 American Express Travel Related Services Company, Inc. Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback
US8800030B2 (en) 2009-09-15 2014-08-05 Symantec Corporation Individualized time-to-live for reputation scores of computer files
US9756076B2 (en) * 2009-12-17 2017-09-05 American Express Travel Related Services Company, Inc. Dynamically reacting policies and protections for securing mobile financial transactions
US8621636B2 (en) 2009-12-17 2013-12-31 American Express Travel Related Services Company, Inc. Systems, methods, and computer program products for collecting and reporting sensor data in a communication network
US8650129B2 (en) 2010-01-20 2014-02-11 American Express Travel Related Services Company, Inc. Dynamically reacting policies and protections for securing mobile financial transaction data in transit
JP5525282B2 (ja) * 2010-02-25 2014-06-18 株式会社日立ソリューションズ セキュリティ統合運用管理システム
US9544143B2 (en) 2010-03-03 2017-01-10 Duo Security, Inc. System and method of notifying mobile devices to complete transactions
US9532222B2 (en) 2010-03-03 2016-12-27 Duo Security, Inc. System and method of notifying mobile devices to complete transactions after additional agent verification
US8924296B2 (en) 2010-06-22 2014-12-30 American Express Travel Related Services Company, Inc. Dynamic pairing system for securing a trusted communication channel
US8850539B2 (en) 2010-06-22 2014-09-30 American Express Travel Related Services Company, Inc. Adaptive policies and protections for securing financial transaction data at rest
US10360625B2 (en) 2010-06-22 2019-07-23 American Express Travel Related Services Company, Inc. Dynamically adaptive policy management for securing mobile financial transactions
US20120016999A1 (en) * 2010-07-14 2012-01-19 Sap Ag Context for Sharing Data Objects
US9240965B2 (en) 2010-08-31 2016-01-19 Sap Se Methods and systems for business interaction monitoring for networked business process
US8438272B2 (en) 2010-08-31 2013-05-07 Sap Ag Methods and systems for managing quality of services for network participants in a networked business process
US8560636B2 (en) 2010-08-31 2013-10-15 Sap Ag Methods and systems for providing a virtual network process context for network participant processes in a networked business process
KR101425107B1 (ko) * 2010-10-29 2014-08-01 한국전자통신연구원 네트워크 도메인간 보안정보 공유 장치 및 방법
US10574630B2 (en) * 2011-02-15 2020-02-25 Webroot Inc. Methods and apparatus for malware threat research
US9122877B2 (en) 2011-03-21 2015-09-01 Mcafee, Inc. System and method for malware and network reputation correlation
US9118702B2 (en) * 2011-05-31 2015-08-25 Bce Inc. System and method for generating and refining cyber threat intelligence data
US9547693B1 (en) 2011-06-23 2017-01-17 Palantir Technologies Inc. Periodic database search manager for multiple data sources
US9106680B2 (en) 2011-06-27 2015-08-11 Mcafee, Inc. System and method for protocol fingerprinting and reputation correlation
US9467463B2 (en) 2011-09-02 2016-10-11 Duo Security, Inc. System and method for assessing vulnerability of a mobile device
US8782004B2 (en) 2012-01-23 2014-07-15 Palantir Technologies, Inc. Cross-ACL multi-master replication
US8931043B2 (en) * 2012-04-10 2015-01-06 Mcafee Inc. System and method for determining and using local reputations of users and hosts to protect information in a network environment
CN102768635B (zh) * 2012-06-07 2015-02-11 北京奇虎科技有限公司 一种计算机健康指数显示设备和方法
US9081975B2 (en) 2012-10-22 2015-07-14 Palantir Technologies, Inc. Sharing information between nexuses that use different classification schemes for information access control
US9501761B2 (en) 2012-11-05 2016-11-22 Palantir Technologies, Inc. System and method for sharing investigation results
US9106681B2 (en) 2012-12-17 2015-08-11 Hewlett-Packard Development Company, L.P. Reputation of network address
WO2014120181A1 (en) * 2013-01-31 2014-08-07 Hewlett-Packard Development Company, L.P. Targeted security alerts
US10275778B1 (en) 2013-03-15 2019-04-30 Palantir Technologies Inc. Systems and user interfaces for dynamic and interactive investigation based on automatic malfeasance clustering of related data in various data structures
US9501202B2 (en) 2013-03-15 2016-11-22 Palantir Technologies, Inc. Computer graphical user interface with genomic workflow
US8818892B1 (en) 2013-03-15 2014-08-26 Palantir Technologies, Inc. Prioritizing data clusters with customizable scoring strategies
US9965937B2 (en) 2013-03-15 2018-05-08 Palantir Technologies Inc. External malware data item clustering and analysis
US8886601B1 (en) 2013-06-20 2014-11-11 Palantir Technologies, Inc. System and method for incrementally replicating investigative analysis data
US8752178B2 (en) * 2013-07-31 2014-06-10 Splunk Inc. Blacklisting and whitelisting of security-related events
US9335897B2 (en) 2013-08-08 2016-05-10 Palantir Technologies Inc. Long click display of a context menu
WO2015048599A1 (en) * 2013-09-28 2015-04-02 Mcafee Inc. Location services on a data exchange layer
US9116975B2 (en) 2013-10-18 2015-08-25 Palantir Technologies Inc. Systems and user interfaces for dynamic and interactive simultaneous querying of multiple data stores
US9569070B1 (en) 2013-11-11 2017-02-14 Palantir Technologies, Inc. Assisting in deconflicting concurrency conflicts
US10579647B1 (en) 2013-12-16 2020-03-03 Palantir Technologies Inc. Methods and systems for analyzing entity performance
US10356032B2 (en) 2013-12-26 2019-07-16 Palantir Technologies Inc. System and method for detecting confidential information emails
US9338013B2 (en) 2013-12-30 2016-05-10 Palantir Technologies Inc. Verifiable redactable audit log
US8832832B1 (en) 2014-01-03 2014-09-09 Palantir Technologies Inc. IP reputation
US9560081B1 (en) 2016-06-24 2017-01-31 Varmour Networks, Inc. Data network microsegmentation
US20150235334A1 (en) * 2014-02-20 2015-08-20 Palantir Technologies Inc. Healthcare fraud sharing system
US9009827B1 (en) 2014-02-20 2015-04-14 Palantir Technologies Inc. Security sharing system
US9836580B2 (en) 2014-03-21 2017-12-05 Palantir Technologies Inc. Provider portal
US9762603B2 (en) * 2014-05-10 2017-09-12 Informatica Llc Assessment type-variable enterprise security impact analysis
US9619557B2 (en) 2014-06-30 2017-04-11 Palantir Technologies, Inc. Systems and methods for key phrase characterization of documents
US9535974B1 (en) 2014-06-30 2017-01-03 Palantir Technologies Inc. Systems and methods for identifying key phrase clusters within documents
US10572496B1 (en) 2014-07-03 2020-02-25 Palantir Technologies Inc. Distributed workflow system and database with access controls for city resiliency
US9021260B1 (en) 2014-07-03 2015-04-28 Palantir Technologies Inc. Malware data item analysis
US9785773B2 (en) 2014-07-03 2017-10-10 Palantir Technologies Inc. Malware data item analysis
US9202249B1 (en) 2014-07-03 2015-12-01 Palantir Technologies Inc. Data item clustering and analysis
US9256664B2 (en) 2014-07-03 2016-02-09 Palantir Technologies Inc. System and method for news events detection and visualization
EP3172690A4 (en) 2014-07-22 2018-03-07 Hewlett-Packard Development Company, L.P. Conditional security indicator sharing
US9419992B2 (en) 2014-08-13 2016-08-16 Palantir Technologies Inc. Unwanted tunneling alert system
US9043894B1 (en) 2014-11-06 2015-05-26 Palantir Technologies Inc. Malicious software detection in a computing system
US9348920B1 (en) 2014-12-22 2016-05-24 Palantir Technologies Inc. Concept indexing among database of documents using machine learning techniques
US10552994B2 (en) 2014-12-22 2020-02-04 Palantir Technologies Inc. Systems and interactive user interfaces for dynamic retrieval, analysis, and triage of data items
US9367872B1 (en) 2014-12-22 2016-06-14 Palantir Technologies Inc. Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures
US10362133B1 (en) 2014-12-22 2019-07-23 Palantir Technologies Inc. Communication data processing architecture
US9817563B1 (en) 2014-12-29 2017-11-14 Palantir Technologies Inc. System and method of generating data points from one or more data stores of data items for chart creation and manipulation
US9467455B2 (en) 2014-12-29 2016-10-11 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9648036B2 (en) 2014-12-29 2017-05-09 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US10372879B2 (en) 2014-12-31 2019-08-06 Palantir Technologies Inc. Medical claims lead summary report generation
US11302426B1 (en) 2015-01-02 2022-04-12 Palantir Technologies Inc. Unified data interface and system
US9609026B2 (en) 2015-03-13 2017-03-28 Varmour Networks, Inc. Segmented networks that implement scanning
US10178070B2 (en) * 2015-03-13 2019-01-08 Varmour Networks, Inc. Methods and systems for providing security to distributed microservices
US9467476B1 (en) 2015-03-13 2016-10-11 Varmour Networks, Inc. Context aware microsegmentation
US10103953B1 (en) 2015-05-12 2018-10-16 Palantir Technologies Inc. Methods and systems for analyzing entity performance
ES2758755T3 (es) 2015-06-01 2020-05-06 Duo Security Inc Método para aplicar normas de salud de punto final
US10628834B1 (en) 2015-06-16 2020-04-21 Palantir Technologies Inc. Fraud lead detection system for efficiently processing database-stored data and automatically generating natural language explanatory information of system results for display in interactive user interfaces
US9407652B1 (en) 2015-06-26 2016-08-02 Palantir Technologies Inc. Network anomaly detection
US9418337B1 (en) 2015-07-21 2016-08-16 Palantir Technologies Inc. Systems and models for data analytics
US9454785B1 (en) 2015-07-30 2016-09-27 Palantir Technologies Inc. Systems and user interfaces for holistic, data-driven investigation of bad actor behavior based on clustering and scoring of related data
US9456000B1 (en) 2015-08-06 2016-09-27 Palantir Technologies Inc. Systems, methods, user interfaces, and computer-readable media for investigating potential malicious communications
US10489391B1 (en) 2015-08-17 2019-11-26 Palantir Technologies Inc. Systems and methods for grouping and enriching data items accessed from one or more databases for presentation in a user interface
US10102369B2 (en) 2015-08-19 2018-10-16 Palantir Technologies Inc. Checkout system executable code monitoring, and user account compromise determination system
US9537880B1 (en) 2015-08-19 2017-01-03 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US10425447B2 (en) * 2015-08-28 2019-09-24 International Business Machines Corporation Incident response bus for data security incidents
CN106533717B (zh) * 2015-09-10 2019-08-23 同方威视技术股份有限公司 安检终端设备、安检网络系统和安检数据传输方法
US10044745B1 (en) 2015-10-12 2018-08-07 Palantir Technologies, Inc. Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US9800606B1 (en) * 2015-11-25 2017-10-24 Symantec Corporation Systems and methods for evaluating network security
US9888039B2 (en) 2015-12-28 2018-02-06 Palantir Technologies Inc. Network-based permissioning system
US9916465B1 (en) 2015-12-29 2018-03-13 Palantir Technologies Inc. Systems and methods for automatic and customizable data minimization of electronic data stores
US10621198B1 (en) 2015-12-30 2020-04-14 Palantir Technologies Inc. System and method for secure database replication
US11244367B2 (en) 2016-04-01 2022-02-08 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US20220164840A1 (en) 2016-04-01 2022-05-26 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US11004125B2 (en) 2016-04-01 2021-05-11 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US10498711B1 (en) 2016-05-20 2019-12-03 Palantir Technologies Inc. Providing a booting key to a remote system
US10592648B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Consent receipt management systems and related methods
US11151233B2 (en) 2016-06-10 2021-10-19 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10503926B2 (en) 2016-06-10 2019-12-10 OneTrust, LLC Consent receipt management systems and related methods
US11544667B2 (en) 2016-06-10 2023-01-03 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11336697B2 (en) 2016-06-10 2022-05-17 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10169609B1 (en) 2016-06-10 2019-01-01 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11227247B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11520928B2 (en) 2016-06-10 2022-12-06 OneTrust, LLC Data processing systems for generating personal data receipts and related methods
US11366909B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10909265B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Application privacy scanning systems and related methods
US11057356B2 (en) 2016-06-10 2021-07-06 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US11301796B2 (en) 2016-06-10 2022-04-12 OneTrust, LLC Data processing systems and methods for customizing privacy training
US10796260B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Privacy management systems and methods
US11562097B2 (en) 2016-06-10 2023-01-24 OneTrust, LLC Data processing systems for central consent repository and related methods
US11188615B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Data processing consent capture systems and related methods
US10467432B2 (en) 2016-06-10 2019-11-05 OneTrust, LLC Data processing systems for use in automatically generating, populating, and submitting data subject access requests
US11025675B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11222139B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems and methods for automatic discovery and assessment of mobile software development kits
US11157600B2 (en) 2016-06-10 2021-10-26 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11188862B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Privacy management systems and methods
US11636171B2 (en) 2016-06-10 2023-04-25 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11341447B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Privacy management systems and methods
US11087260B2 (en) 2016-06-10 2021-08-10 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11354435B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US11222309B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10685140B2 (en) 2016-06-10 2020-06-16 OneTrust, LLC Consent receipt management systems and related methods
US11675929B2 (en) 2016-06-10 2023-06-13 OneTrust, LLC Data processing consent sharing systems and related methods
US10949565B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10909488B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US10878127B2 (en) 2016-06-10 2020-12-29 OneTrust, LLC Data subject access request processing systems and related methods
US10565161B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for processing data subject access requests
US11438386B2 (en) 2016-06-10 2022-09-06 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10592692B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Data processing systems for central consent repository and related methods
US11038925B2 (en) 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10318761B2 (en) 2016-06-10 2019-06-11 OneTrust, LLC Data processing systems and methods for auditing data request compliance
US10803200B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US11403377B2 (en) 2016-06-10 2022-08-02 OneTrust, LLC Privacy management systems and methods
US10284604B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US10997318B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US11727141B2 (en) 2016-06-10 2023-08-15 OneTrust, LLC Data processing systems and methods for synching privacy-related user consent across multiple computing devices
US11144622B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Privacy management systems and methods
US11343284B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11138242B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11146566B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10853501B2 (en) 2016-06-10 2020-12-01 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11418492B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US11328092B2 (en) 2016-06-10 2022-05-10 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US10606916B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11481710B2 (en) 2016-06-10 2022-10-25 OneTrust, LLC Privacy management systems and methods
US10607028B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US10873606B2 (en) * 2016-06-10 2020-12-22 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11416590B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11210420B2 (en) 2016-06-10 2021-12-28 OneTrust, LLC Data subject access request processing systems and related methods
US11416109B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US10678945B2 (en) 2016-06-10 2020-06-09 OneTrust, LLC Consent receipt management systems and related methods
US10997315B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11354434B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11410106B2 (en) 2016-06-10 2022-08-09 OneTrust, LLC Privacy management systems and methods
US11134086B2 (en) 2016-06-10 2021-09-28 OneTrust, LLC Consent conversion optimization systems and related methods
US11222142B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for validating authorization for personal data collection, storage, and processing
US11295316B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US11586700B2 (en) 2016-06-10 2023-02-21 OneTrust, LLC Data processing systems and methods for automatically blocking the use of tracking tools
US10510031B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US11416798B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11294939B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11416589B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11138299B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10885485B2 (en) 2016-06-10 2021-01-05 OneTrust, LLC Privacy management systems and methods
US11228620B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10565236B1 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11277448B2 (en) 2016-06-10 2022-03-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11023842B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11074367B2 (en) 2016-06-10 2021-07-27 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US11475136B2 (en) 2016-06-10 2022-10-18 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US11238390B2 (en) 2016-06-10 2022-02-01 OneTrust, LLC Privacy management systems and methods
US11392720B2 (en) 2016-06-10 2022-07-19 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US10896394B2 (en) 2016-06-10 2021-01-19 OneTrust, LLC Privacy management systems and methods
US11625502B2 (en) 2016-06-10 2023-04-11 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US11651106B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11366786B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing systems for processing data subject access requests
US10740487B2 (en) 2016-06-10 2020-08-11 OneTrust, LLC Data processing systems and methods for populating and maintaining a centralized database of personal data
US11651104B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Consent receipt management systems and related methods
US11100444B2 (en) 2016-06-10 2021-08-24 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US10839102B2 (en) 2016-06-10 2020-11-17 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US10846433B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing consent management systems and related methods
US10944725B2 (en) 2016-06-10 2021-03-09 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US11461500B2 (en) 2016-06-10 2022-10-04 OneTrust, LLC Data processing systems for cookie compliance testing with website scanning and related methods
US10282559B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10783256B2 (en) 2016-06-10 2020-09-22 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US11200341B2 (en) 2016-06-10 2021-12-14 OneTrust, LLC Consent receipt management systems and related methods
US10084802B1 (en) 2016-06-21 2018-09-25 Palantir Technologies Inc. Supervisory control and data acquisition
US9787639B1 (en) 2016-06-24 2017-10-10 Varmour Networks, Inc. Granular segmentation using events
US10291637B1 (en) 2016-07-05 2019-05-14 Palantir Technologies Inc. Network anomaly detection and profiling
US10698927B1 (en) 2016-08-30 2020-06-30 Palantir Technologies Inc. Multiple sensor session and log information compression and correlation system
US10521590B2 (en) 2016-09-01 2019-12-31 Microsoft Technology Licensing Llc Detection dictionary system supporting anomaly detection across multiple operating environments
US10318630B1 (en) 2016-11-21 2019-06-11 Palantir Technologies Inc. Analysis of large bodies of textual data
US10620618B2 (en) 2016-12-20 2020-04-14 Palantir Technologies Inc. Systems and methods for determining relationships between defects
US10728262B1 (en) 2016-12-21 2020-07-28 Palantir Technologies Inc. Context-aware network-based malicious activity warning systems
US10262053B2 (en) 2016-12-22 2019-04-16 Palantir Technologies Inc. Systems and methods for data replication synchronization
US11373752B2 (en) 2016-12-22 2022-06-28 Palantir Technologies Inc. Detection of misuse of a benefit system
US10721262B2 (en) 2016-12-28 2020-07-21 Palantir Technologies Inc. Resource-centric network cyber attack warning system
US10754872B2 (en) 2016-12-28 2020-08-25 Palantir Technologies Inc. Automatically executing tasks and configuring access control lists in a data transformation system
US10325224B1 (en) 2017-03-23 2019-06-18 Palantir Technologies Inc. Systems and methods for selecting machine learning training data
US10606866B1 (en) 2017-03-30 2020-03-31 Palantir Technologies Inc. Framework for exposing network activities
US10068002B1 (en) 2017-04-25 2018-09-04 Palantir Technologies Inc. Systems and methods for adaptive data replication
US10235461B2 (en) 2017-05-02 2019-03-19 Palantir Technologies Inc. Automated assistance for generating relevant and valuable search results for an entity of interest
US10482382B2 (en) 2017-05-09 2019-11-19 Palantir Technologies Inc. Systems and methods for reducing manufacturing failure rates
US10430062B2 (en) 2017-05-30 2019-10-01 Palantir Technologies Inc. Systems and methods for geo-fenced dynamic dissemination
US11030494B1 (en) 2017-06-15 2021-06-08 Palantir Technologies Inc. Systems and methods for managing data spills
US10013577B1 (en) 2017-06-16 2018-07-03 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US10027551B1 (en) 2017-06-29 2018-07-17 Palantir Technologies, Inc. Access controls through node-based effective policy identifiers
US10628002B1 (en) 2017-07-10 2020-04-21 Palantir Technologies Inc. Integrated data authentication system with an interactive user interface
US10963465B1 (en) 2017-08-25 2021-03-30 Palantir Technologies Inc. Rapid importation of data including temporally tracked object recognition
US10984427B1 (en) 2017-09-13 2021-04-20 Palantir Technologies Inc. Approaches for analyzing entity relationships
US10643002B1 (en) 2017-09-28 2020-05-05 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a virtual computing environment
US10791128B2 (en) 2017-09-28 2020-09-29 Microsoft Technology Licensing, Llc Intrusion detection
US10706155B1 (en) * 2017-09-28 2020-07-07 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a computing environment
GB201716170D0 (en) 2017-10-04 2017-11-15 Palantir Technologies Inc Controlling user creation of data resources on a data processing platform
US10079832B1 (en) 2017-10-18 2018-09-18 Palantir Technologies Inc. Controlling user creation of data resources on a data processing platform
US10250401B1 (en) 2017-11-29 2019-04-02 Palantir Technologies Inc. Systems and methods for providing category-sensitive chat channels
US11133925B2 (en) 2017-12-07 2021-09-28 Palantir Technologies Inc. Selective access to encrypted logs
US10412113B2 (en) 2017-12-08 2019-09-10 Duo Security, Inc. Systems and methods for intelligently configuring computer security
US10380196B2 (en) 2017-12-08 2019-08-13 Palantir Technologies Inc. Systems and methods for using linked documents
US10915542B1 (en) 2017-12-19 2021-02-09 Palantir Technologies Inc. Contextual modification of data sharing constraints in a distributed database system that uses a multi-master replication scheme
US10142349B1 (en) 2018-02-22 2018-11-27 Palantir Technologies Inc. Verifying network-based permissioning rights
CN109993395B (zh) * 2018-01-02 2021-04-16 爱信诺征信有限公司 一种企业生存指数生成方法及系统
US10878051B1 (en) 2018-03-30 2020-12-29 Palantir Technologies Inc. Mapping device identifiers
US10255415B1 (en) 2018-04-03 2019-04-09 Palantir Technologies Inc. Controlling access to computer resources
US10949400B2 (en) 2018-05-09 2021-03-16 Palantir Technologies Inc. Systems and methods for tamper-resistant activity logging
US11244063B2 (en) 2018-06-11 2022-02-08 Palantir Technologies Inc. Row-level and column-level policy service
US11210349B1 (en) 2018-08-02 2021-12-28 Palantir Technologies Inc. Multi-database document search system architecture
US11544409B2 (en) 2018-09-07 2023-01-03 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US11144675B2 (en) 2018-09-07 2021-10-12 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US10803202B2 (en) 2018-09-07 2020-10-13 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US11388185B1 (en) * 2018-12-31 2022-07-12 IronBench, L.L.C. Methods, systems and computing platforms for evaluating and implementing regulatory and compliance standards
EP3694173B1 (en) 2019-02-08 2022-09-21 Palantir Technologies Inc. Isolating applications associated with multiple tenants within a computing platform
US11704441B2 (en) 2019-09-03 2023-07-18 Palantir Technologies Inc. Charter-based access controls for managing computer resources
US10761889B1 (en) 2019-09-18 2020-09-01 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
WO2022011142A1 (en) 2020-07-08 2022-01-13 OneTrust, LLC Systems and methods for targeted data discovery
WO2022026564A1 (en) 2020-07-28 2022-02-03 OneTrust, LLC Systems and methods for automatically blocking the use of tracking tools
WO2022032072A1 (en) 2020-08-06 2022-02-10 OneTrust, LLC Data processing systems and methods for automatically redacting unstructured data from a data subject access request
WO2022060860A1 (en) 2020-09-15 2022-03-24 OneTrust, LLC Data processing systems and methods for detecting tools for the automatic blocking of consent requests
US11526624B2 (en) 2020-09-21 2022-12-13 OneTrust, LLC Data processing systems and methods for automatically detecting target data transfers and target data processing
EP4241173A1 (en) 2020-11-06 2023-09-13 OneTrust LLC Systems and methods for identifying data processing activities based on data discovery results
US11687528B2 (en) 2021-01-25 2023-06-27 OneTrust, LLC Systems and methods for discovery, classification, and indexing of data in a native computing system
US11157614B1 (en) * 2021-01-27 2021-10-26 Malwarebytes Inc. Prevention of false positive detection of malware
WO2022170047A1 (en) 2021-02-04 2022-08-11 OneTrust, LLC Managing custom attributes for domain objects defined within microservices
US11494515B2 (en) 2021-02-08 2022-11-08 OneTrust, LLC Data processing systems and methods for anonymizing data samples in classification analysis
US20240098109A1 (en) 2021-02-10 2024-03-21 OneTrust, LLC Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system
US11775348B2 (en) 2021-02-17 2023-10-03 OneTrust, LLC Managing custom workflows for domain objects defined within microservices
WO2022178219A1 (en) 2021-02-18 2022-08-25 OneTrust, LLC Selective redaction of media content
US11533315B2 (en) 2021-03-08 2022-12-20 OneTrust, LLC Data transfer discovery and analysis systems and related methods
US11562078B2 (en) 2021-04-16 2023-01-24 OneTrust, LLC Assessing and managing computational risk involved with integrating third party computing functionality within a computing system
CN113657849B (zh) * 2021-07-28 2023-07-18 上海纽盾科技股份有限公司 等保测评信息处理方法、装置及系统
US11620142B1 (en) 2022-06-03 2023-04-04 OneTrust, LLC Generating and customizing user interfaces for demonstrating functions of interactive user environments

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1618198A (zh) * 2003-05-17 2005-05-18 微软公司 用于评价安全风险的机制
US6986060B1 (en) * 2000-05-23 2006-01-10 Oracle International Corp. Method and apparatus for sharing a security context between different sessions on a database server

Family Cites Families (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5983270A (en) * 1997-03-11 1999-11-09 Sequel Technology Corporation Method and apparatus for managing internetwork and intranetwork activity
US5948104A (en) * 1997-05-23 1999-09-07 Neuromedical Systems, Inc. System and method for automated anti-viral file update
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6530024B1 (en) * 1998-11-20 2003-03-04 Centrax Corporation Adaptive feedback security system and method
US6226372B1 (en) * 1998-12-11 2001-05-01 Securelogix Corporation Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
CA2296989C (en) * 1999-01-29 2005-10-25 Lucent Technologies Inc. A method and apparatus for managing a firewall
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US7065657B1 (en) * 1999-08-30 2006-06-20 Symantec Corporation Extensible intrusion detection system
US6990591B1 (en) * 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
AU2001255806A1 (en) * 2000-03-14 2001-09-24 Sony Electronics Inc. A method and device for forming a semantic description
US7120934B2 (en) * 2000-03-30 2006-10-10 Ishikawa Mark M System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network
US6925443B1 (en) * 2000-04-26 2005-08-02 Safeoperations, Inc. Method, system and computer program product for assessing information security
US7134141B2 (en) * 2000-06-12 2006-11-07 Hewlett-Packard Development Company, L.P. System and method for host and network based intrusion detection and response
US20030208689A1 (en) * 2000-06-16 2003-11-06 Garza Joel De La Remote computer forensic evidence collection system and process
US7162649B1 (en) * 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
US6353385B1 (en) * 2000-08-25 2002-03-05 Hyperon Incorporated Method and system for interfacing an intrusion detection system to a central alarm system
US7178166B1 (en) * 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US7168093B2 (en) * 2001-01-25 2007-01-23 Solutionary, Inc. Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures
US7325252B2 (en) * 2001-05-18 2008-01-29 Achilles Guard Inc. Network security testing
US7562388B2 (en) 2001-05-31 2009-07-14 International Business Machines Corporation Method and system for implementing security devices in a network
US7458094B2 (en) * 2001-06-06 2008-11-25 Science Applications International Corporation Intrusion prevention system
KR100424724B1 (ko) 2001-07-27 2004-03-27 김상욱 네트워크 흐름 분석에 의한 침입 탐지 장치
US7861303B2 (en) * 2001-08-01 2010-12-28 Mcafee, Inc. Malware scanning wireless service agent system and method
US20030051163A1 (en) * 2001-09-13 2003-03-13 Olivier Bidaud Distributed network architecture security system
US7093294B2 (en) * 2001-10-31 2006-08-15 International Buisiness Machines Corporation System and method for detecting and controlling a drone implanted in a network attached device such as a computer
KR100441409B1 (ko) 2001-11-12 2004-07-23 주식회사 안철수연구소 바이러스 탐지 엔진을 갖는 침입 탐지 시스템
US7028338B1 (en) * 2001-12-18 2006-04-11 Sprint Spectrum L.P. System, computer program, and method of cooperative response to threat to domain security
US7415726B2 (en) * 2001-12-28 2008-08-19 Mcafee, Inc. Controlling access to suspicious files
KR100466798B1 (ko) 2001-12-29 2005-01-17 (주)대정아이앤씨 내·외부망 통합 보안 시스템 및 방법
US7269851B2 (en) * 2002-01-07 2007-09-11 Mcafee, Inc. Managing malware protection upon a computer network
US7152105B2 (en) * 2002-01-15 2006-12-19 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7174566B2 (en) * 2002-02-01 2007-02-06 Intel Corporation Integrated network intrusion detection
US6772345B1 (en) * 2002-02-08 2004-08-03 Networks Associates Technology, Inc. Protocol-level malware scanner
KR100468232B1 (ko) * 2002-02-19 2005-01-26 한국전자통신연구원 분산된 침입탐지 에이전트와 관리자 시스템을 이용한네트워크 기반 침입자 역추적 시스템 및 그 방법
US7124438B2 (en) * 2002-03-08 2006-10-17 Ciphertrust, Inc. Systems and methods for anomaly detection in patterns of monitored communications
GB2387681A (en) * 2002-04-18 2003-10-22 Isis Innovation Intrusion detection system with inductive logic means for suggesting new general rules
US7290275B2 (en) * 2002-04-29 2007-10-30 Schlumberger Omnes, Inc. Security maturity assessment method
IL149583A0 (en) * 2002-05-09 2003-07-06 Kavado Israel Ltd Method for automatic setting and updating of a security policy
JP2004021549A (ja) 2002-06-14 2004-01-22 Hitachi Information Systems Ltd ネットワーク監視システムおよびプログラム
JP2004046742A (ja) 2002-07-15 2004-02-12 Ntt Data Corp 攻撃分析装置、センサ、攻撃分析方法及びプログラム
US7412481B2 (en) * 2002-09-16 2008-08-12 Oracle International Corporation Method and apparatus for distributed rule evaluation in a near real-time business intelligence system
US7152242B2 (en) * 2002-09-11 2006-12-19 Enterasys Networks, Inc. Modular system for detecting, filtering and providing notice about attack events associated with network security
US20060031938A1 (en) * 2002-10-22 2006-02-09 Unho Choi Integrated emergency response system in information infrastructure and operating method therefor
US7603711B2 (en) * 2002-10-31 2009-10-13 Secnap Networks Security, LLC Intrusion detection system
US20050033989A1 (en) * 2002-11-04 2005-02-10 Poletto Massimiliano Antonio Detection of scanning attacks
US7293065B2 (en) * 2002-11-20 2007-11-06 Return Path Method of electronic message delivery with penalties for unsolicited messages
US7827607B2 (en) * 2002-11-27 2010-11-02 Symantec Corporation Enhanced client compliancy using database of security sensor data
US20040111643A1 (en) * 2002-12-02 2004-06-10 Farmer Daniel G. System and method for providing an enterprise-based computer security policy
US7774831B2 (en) * 2002-12-24 2010-08-10 International Business Machines Corporation Methods and apparatus for processing markup language messages in a network
US7627891B2 (en) * 2003-02-14 2009-12-01 Preventsys, Inc. Network audit and policy assurance system
US7398272B2 (en) * 2003-03-24 2008-07-08 Bigfix, Inc. Enterprise console
GB2400932B (en) * 2003-04-25 2005-12-14 Messagelabs Ltd A method of,and system for,heuristically determining that an unknown file is harmless by using traffic heuristics
US20040255167A1 (en) * 2003-04-28 2004-12-16 Knight James Michael Method and system for remote network security management
US7451488B2 (en) * 2003-04-29 2008-11-11 Securify, Inc. Policy-based vulnerability assessment
US7712133B2 (en) * 2003-06-20 2010-05-04 Hewlett-Packard Development Company, L.P. Integrated intrusion detection system and method
US7496959B2 (en) * 2003-06-23 2009-02-24 Architecture Technology Corporation Remote collection of computer forensic evidence
US6785998B2 (en) * 2003-06-25 2004-09-07 Albert H. Seidler Vibrating fishing rod
US7107468B2 (en) * 2003-07-08 2006-09-12 California Micro Devices Peak current sharing in a multi-phase buck converter power system
US20050015626A1 (en) * 2003-07-15 2005-01-20 Chasin C. Scott System and method for identifying and filtering junk e-mail messages or spam based on URL content
US7346922B2 (en) * 2003-07-25 2008-03-18 Netclarity, Inc. Proactive network security system to protect against hackers
JP3961462B2 (ja) * 2003-07-30 2007-08-22 インターナショナル・ビジネス・マシーンズ・コーポレーション コンピュータ装置、無線lanシステム、プロファイルの更新方法、およびプログラム
US7886348B2 (en) * 2003-10-03 2011-02-08 Verizon Services Corp. Security management system for monitoring firewall operation
US20050102534A1 (en) * 2003-11-12 2005-05-12 Wong Joseph D. System and method for auditing the security of an enterprise
US20050114658A1 (en) * 2003-11-20 2005-05-26 Dye Matthew J. Remote web site security system
US7454496B2 (en) * 2003-12-10 2008-11-18 International Business Machines Corporation Method for monitoring data resources of a data processing network
US7913305B2 (en) * 2004-01-30 2011-03-22 Microsoft Corporation System and method for detecting malware in an executable code module according to the code module's exhibited behavior
US7530104B1 (en) * 2004-02-09 2009-05-05 Symantec Corporation Threat analysis
US7558848B1 (en) * 2004-02-27 2009-07-07 F5 Networks, Inc. System and method for determining integrity over a virtual private network tunnel
US7590728B2 (en) * 2004-03-10 2009-09-15 Eric White System and method for detection of aberrant network behavior by clients of a network access gateway
JP4371905B2 (ja) * 2004-05-27 2009-11-25 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法、不正アクセス検知プログラムおよび分散型サービス不能化攻撃検知装置
US20050268112A1 (en) * 2004-05-28 2005-12-01 Microsoft Corporation Managing spyware and unwanted software through auto-start extensibility points
US7526792B2 (en) * 2004-06-09 2009-04-28 Intel Corporation Integration of policy compliance enforcement and device authentication
US7748040B2 (en) * 2004-07-12 2010-06-29 Architecture Technology Corporation Attack correlation using marked information
US7434261B2 (en) * 2004-09-27 2008-10-07 Microsoft Corporation System and method of identifying the source of an attack on a computer network
US20060075494A1 (en) * 2004-10-01 2006-04-06 Bertman Justin R Method and system for analyzing data for potential malware
US20060080637A1 (en) * 2004-10-12 2006-04-13 Microsoft Corporation System and method for providing malware information for programmatic access
WO2006044798A2 (en) * 2004-10-15 2006-04-27 Protegrity Corporation Cooperative processing and escalation in a multi-node application-layer security system and method
US7793338B1 (en) * 2004-10-21 2010-09-07 Mcafee, Inc. System and method of network endpoint security
WO2006047163A2 (en) 2004-10-26 2006-05-04 Priderock, L.L.C. System and method for identifying and removing malware on a computer system
US20060123478A1 (en) * 2004-12-02 2006-06-08 Microsoft Corporation Phishing detection, prevention, and notification
US7339591B2 (en) * 2005-03-10 2008-03-04 Microsoft Corporation Method to manage graphics address remap table (GART) translations in a secure system
US8516583B2 (en) * 2005-03-31 2013-08-20 Microsoft Corporation Aggregating the knowledge base of computer systems to proactively protect a computer from malware
US7844700B2 (en) * 2005-03-31 2010-11-30 Microsoft Corporation Latency free scanning of malware at a network transit point
US10225282B2 (en) * 2005-04-14 2019-03-05 International Business Machines Corporation System, method and program product to identify a distributed denial of service attack
US7647622B1 (en) * 2005-04-22 2010-01-12 Symantec Corporation Dynamic security policy through use of empirical security events
US20060259819A1 (en) * 2005-05-12 2006-11-16 Connor Matthew A Automated Method for Self-Sustaining Computer Security
JP4523480B2 (ja) * 2005-05-12 2010-08-11 株式会社日立製作所 ログ分析システム、分析方法及びログ分析装置
JP2006333133A (ja) * 2005-05-26 2006-12-07 Sony Corp 撮像装置、撮像方法、プログラム、プログラム記録媒体並びに撮像システム
US7604072B2 (en) * 2005-06-07 2009-10-20 Baker Hughes Incorporated Method and apparatus for collecting drill bit performance data
US20060294588A1 (en) * 2005-06-24 2006-12-28 International Business Machines Corporation System, method and program for identifying and preventing malicious intrusions
US20090144826A2 (en) * 2005-06-30 2009-06-04 Webroot Software, Inc. Systems and Methods for Identifying Malware Distribution
US20070016951A1 (en) * 2005-07-13 2007-01-18 Piccard Paul L Systems and methods for identifying sources of malware
US20070094491A1 (en) * 2005-08-03 2007-04-26 Teo Lawrence C S Systems and methods for dynamically learning network environments to achieve adaptive security
US8141138B2 (en) * 2005-10-17 2012-03-20 Oracle International Corporation Auditing correlated events using a secure web single sign-on login
US7756890B2 (en) * 2005-10-28 2010-07-13 Novell, Inc. Semantic identities
US7644271B1 (en) * 2005-11-07 2010-01-05 Cisco Technology, Inc. Enforcement of security policies for kernel module loading
US7661136B1 (en) * 2005-12-13 2010-02-09 At&T Intellectual Property Ii, L.P. Detecting anomalous web proxy activity
US9794272B2 (en) * 2006-01-03 2017-10-17 Alcatel Lucent Method and apparatus for monitoring malicious traffic in communication networks
US8732824B2 (en) * 2006-01-23 2014-05-20 Microsoft Corporation Method and system for monitoring integrity of running computer system
US8453234B2 (en) * 2006-09-20 2013-05-28 Clearwire Ip Holdings Llc Centralized security management system
US8272042B2 (en) * 2006-12-01 2012-09-18 Verizon Patent And Licensing Inc. System and method for automation of information or data classification for implementation of controls
US8955105B2 (en) * 2007-03-14 2015-02-10 Microsoft Corporation Endpoint enabled for enterprise security assessment sharing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6986060B1 (en) * 2000-05-23 2006-01-10 Oracle International Corp. Method and apparatus for sharing a security context between different sessions on a database server
CN1618198A (zh) * 2003-05-17 2005-05-18 微软公司 用于评价安全风险的机制

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106416183A (zh) * 2014-05-12 2017-02-15 思科技术公司 使用分布式分类器的投票策略优化
CN106416183B (zh) * 2014-05-12 2020-07-31 思科技术公司 使用分布式分类器的投票策略优化

Also Published As

Publication number Publication date
US20080229422A1 (en) 2008-09-18
EP2135188A1 (en) 2009-12-23
EP2135188A4 (en) 2012-06-27
JP2010521749A (ja) 2010-06-24
CN101632085A (zh) 2010-01-20
EP2135188B1 (en) 2015-06-17
WO2008113059A1 (en) 2008-09-18
JP5363346B2 (ja) 2013-12-11
US8959568B2 (en) 2015-02-17

Similar Documents

Publication Publication Date Title
CN101632085B (zh) 企业安全评估共享
US8413247B2 (en) Adaptive data collection for root-cause analysis and intrusion detection
US9871817B2 (en) Social engineering simulation workflow appliance
US8689335B2 (en) Mapping between users and machines in an enterprise security assessment sharing system
US8955105B2 (en) Endpoint enabled for enterprise security assessment sharing
CN103563302B (zh) 网络资产信息管理
US9438614B2 (en) Sdi-scam
US7941851B2 (en) Architecture for identifying electronic threat patterns
US9129257B2 (en) Method and system for monitoring high risk users
US8136164B2 (en) Manual operations in an enterprise security assessment sharing system
CN106411578A (zh) 一种适应于电力行业的网站监控系统及方法
US20050114658A1 (en) Remote web site security system
US20090099988A1 (en) Active learning using a discriminative classifier and a generative model to detect and/or prevent malicious behavior
CN111600857A (zh) 数据中心账号维护系统
CN101626368A (zh) 一种防止网页被篡改的设备、方法和系统
JP2004038940A (ja) ネットワーク上の個々の装置を監視する方法及びシステム
CN105337993A (zh) 一种基于动静结合的邮件安全检测装置及方法
US11444968B1 (en) Distributed system for autonomous discovery and exploitation of an organization's computing and/or human resources to evaluate capacity and/or ability to detect, respond to, and mitigate effectiveness of intrusion attempts by, and reconnaissance efforts of, motivated, antagonistic, third parties
US10462256B2 (en) Comparison of behavioral populations for security and compliance monitoring
US8935752B1 (en) System and method for identity consolidation
Yeboah-Boateng Fuzzy similarity measures approach in benchmarking taxonomies of threats against SMEs in developing economies
CN106779818A (zh) 一种基于业务数据挖掘客户的方法和装置
FR3093258A1 (fr) Procede de protection d’un reseau prive d’ordinateurs
US20220261478A1 (en) Detecting Threats By Monitoring Encryption Key Activity
EP3254258A1 (en) Social engineering simulation workflow appliance

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150507

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150507

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.