GB201705948D0 - Labelling computing objects for improved threat detection - Google Patents

Labelling computing objects for improved threat detection

Info

Publication number
GB201705948D0
GB201705948D0 GBGB1705948.6A GB201705948A GB201705948D0 GB 201705948 D0 GB201705948 D0 GB 201705948D0 GB 201705948 A GB201705948 A GB 201705948A GB 201705948 D0 GB201705948 D0 GB 201705948D0
Authority
GB
United Kingdom
Prior art keywords
labelling
threat detection
computing objects
improved threat
improved
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GBGB1705948.6A
Other versions
GB2545621B (en
GB2545621B8 (en
GB2545621A (en
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/485,759 external-priority patent/US9967282B2/en
Priority claimed from US14/485,765 external-priority patent/US10965711B2/en
Priority claimed from US14/485,774 external-priority patent/US9537841B2/en
Priority claimed from US14/485,782 external-priority patent/US10122687B2/en
Priority claimed from US14/485,790 external-priority patent/US9967264B2/en
Priority claimed from US14/485,771 external-priority patent/US9992228B2/en
Priority claimed from US14/485,769 external-priority patent/US9965627B2/en
Priority claimed from US14/485,762 external-priority patent/US9967283B2/en
Priority to GB1715899.9A priority Critical patent/GB2552632B8/en
Priority to GB1804902.3A priority patent/GB2558812B/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Publication of GB201705948D0 publication Critical patent/GB201705948D0/en
Publication of GB2545621A publication Critical patent/GB2545621A/en
Publication of GB2545621B publication Critical patent/GB2545621B/en
Application granted granted Critical
Publication of GB2545621B8 publication Critical patent/GB2545621B8/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Bioethics (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Alarm Systems (AREA)
  • User Interface Of Digital Computer (AREA)
  • Devices Affording Protection Of Roads Or Walls For Sound Insulation (AREA)
  • Storage Device Security (AREA)
  • Burglar Alarm Systems (AREA)
GB1705948.6A 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection Active GB2545621B8 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1715899.9A GB2552632B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1804902.3A GB2558812B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US14/485,790 US9967264B2 (en) 2014-09-14 2014-09-14 Threat detection using a time-based cache of reputation information on an enterprise endpoint
US14/485,774 US9537841B2 (en) 2014-09-14 2014-09-14 Key management for compromised enterprise endpoints
US14/485,782 US10122687B2 (en) 2014-09-14 2014-09-14 Firewall techniques for colored objects on endpoints
US14/485,765 US10965711B2 (en) 2014-09-14 2014-09-14 Data behavioral tracking
US14/485,759 US9967282B2 (en) 2014-09-14 2014-09-14 Labeling computing objects for improved threat detection
US14/485,762 US9967283B2 (en) 2014-09-14 2014-09-14 Normalized indications of compromise
US14/485,769 US9965627B2 (en) 2014-09-14 2014-09-14 Labeling objects on an endpoint for encryption management
US14/485,771 US9992228B2 (en) 2014-09-14 2014-09-14 Using indications of compromise for reputation based network security
PCT/GB2015/052656 WO2016038397A1 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Publications (4)

Publication Number Publication Date
GB201705948D0 true GB201705948D0 (en) 2017-05-31
GB2545621A GB2545621A (en) 2017-06-21
GB2545621B GB2545621B (en) 2018-03-28
GB2545621B8 GB2545621B8 (en) 2021-11-03

Family

ID=55458378

Family Applications (9)

Application Number Title Priority Date Filing Date
GB1804902.3A Active GB2558812B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820349.7A Active GB2565734B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811123.7A Active GB2560861B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1705948.6A Active GB2545621B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1804873.6A Active GB2558811B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811133.6A Active GB2563340B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1715899.9A Active GB2552632B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1815249.6A Active GB2564589B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820350.5A Active GB2565735B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Family Applications Before (3)

Application Number Title Priority Date Filing Date
GB1804902.3A Active GB2558812B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820349.7A Active GB2565734B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811123.7A Active GB2560861B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Family Applications After (5)

Application Number Title Priority Date Filing Date
GB1804873.6A Active GB2558811B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1811133.6A Active GB2563340B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1715899.9A Active GB2552632B8 (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1815249.6A Active GB2564589B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection
GB1820350.5A Active GB2565735B (en) 2014-09-14 2015-09-14 Labeling computing objects for improved threat detection

Country Status (2)

Country Link
GB (9) GB2558812B (en)
WO (1) WO2016038397A1 (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9967264B2 (en) 2014-09-14 2018-05-08 Sophos Limited Threat detection using a time-based cache of reputation information on an enterprise endpoint
US10122687B2 (en) 2014-09-14 2018-11-06 Sophos Limited Firewall techniques for colored objects on endpoints
US9967282B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling computing objects for improved threat detection
US9992228B2 (en) 2014-09-14 2018-06-05 Sophos Limited Using indications of compromise for reputation based network security
US10965711B2 (en) 2014-09-14 2021-03-30 Sophos Limited Data behavioral tracking
US9537841B2 (en) 2014-09-14 2017-01-03 Sophos Limited Key management for compromised enterprise endpoints
US9967283B2 (en) 2014-09-14 2018-05-08 Sophos Limited Normalized indications of compromise
US9965627B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling objects on an endpoint for encryption management
US10628597B2 (en) 2016-04-14 2020-04-21 Sophos Limited Just-in-time encryption
US10686827B2 (en) 2016-04-14 2020-06-16 Sophos Limited Intermediate encryption for exposed content
US10681078B2 (en) 2016-06-10 2020-06-09 Sophos Limited Key throttling to mitigate unauthorized file access
US10263966B2 (en) 2016-04-14 2019-04-16 Sophos Limited Perimeter enforcement of encryption rules
US9984248B2 (en) 2016-02-12 2018-05-29 Sophos Limited Behavioral-based control of access to encrypted content by a process
US10650154B2 (en) 2016-02-12 2020-05-12 Sophos Limited Process-level control of encrypted content
CA3014175A1 (en) * 2016-02-12 2017-08-17 Sophos Limited Encryption techniques
US10791097B2 (en) 2016-04-14 2020-09-29 Sophos Limited Portable encryption format
US10938781B2 (en) 2016-04-22 2021-03-02 Sophos Limited Secure labeling of network flows
US10986109B2 (en) 2016-04-22 2021-04-20 Sophos Limited Local proxy detection
US11102238B2 (en) 2016-04-22 2021-08-24 Sophos Limited Detecting triggering events for distributed denial of service attacks
US11165797B2 (en) 2016-04-22 2021-11-02 Sophos Limited Detecting endpoint compromise based on network usage history
US11277416B2 (en) * 2016-04-22 2022-03-15 Sophos Limited Labeling network flows according to source applications
US12021831B2 (en) 2016-06-10 2024-06-25 Sophos Limited Network security
GB2551983B (en) 2016-06-30 2020-03-04 Sophos Ltd Perimeter encryption
US10848501B2 (en) * 2016-12-30 2020-11-24 Microsoft Technology Licensing, Llc Real time pivoting on data to model governance properties
US10911479B2 (en) * 2018-08-06 2021-02-02 Microsoft Technology Licensing, Llc Real-time mitigations for unfamiliar threat scenarios
US11483326B2 (en) 2019-08-30 2022-10-25 Palo Alto Networks, Inc. Context informed abnormal endpoint behavior detection
CN114430335B (en) * 2021-12-16 2024-08-20 奇安信科技集团股份有限公司 Web fingerprint matching method and device

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7921284B1 (en) * 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7552472B2 (en) * 2002-12-19 2009-06-23 International Business Machines Corporation Developing and assuring policy documents through a process of refinement and classification
US7324108B2 (en) * 2003-03-12 2008-01-29 International Business Machines Corporation Monitoring events in a computer network
US20080141376A1 (en) * 2006-10-24 2008-06-12 Pc Tools Technology Pty Ltd. Determining maliciousness of software
US9367680B2 (en) * 2008-10-21 2016-06-14 Lookout, Inc. System and method for mobile communication device application advisement
US8607340B2 (en) * 2009-07-21 2013-12-10 Sophos Limited Host intrusion prevention system using software and user behavior analysis
US9038168B2 (en) * 2009-11-20 2015-05-19 Microsoft Technology Licensing, Llc Controlling resource access based on resource properties
US9407603B2 (en) * 2010-06-25 2016-08-02 Salesforce.Com, Inc. Methods and systems for providing context-based outbound processing application firewalls
US9088601B2 (en) * 2010-12-01 2015-07-21 Cisco Technology, Inc. Method and apparatus for detecting malicious software through contextual convictions, generic signatures and machine learning techniques
US8042186B1 (en) * 2011-04-28 2011-10-18 Kaspersky Lab Zao System and method for detection of complex malware
US9106680B2 (en) * 2011-06-27 2015-08-11 Mcafee, Inc. System and method for protocol fingerprinting and reputation correlation
US8931043B2 (en) * 2012-04-10 2015-01-06 Mcafee Inc. System and method for determining and using local reputations of users and hosts to protect information in a network environment
US9027125B2 (en) * 2012-05-01 2015-05-05 Taasera, Inc. Systems and methods for network flow remediation based on risk correlation
IL219597A0 (en) * 2012-05-03 2012-10-31 Syndrome X Ltd Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention
US8832848B1 (en) * 2012-07-26 2014-09-09 Symantec Corporation Systems and methods for content-aware access control
US9104864B2 (en) * 2012-10-24 2015-08-11 Sophos Limited Threat detection through the accumulated detection of threat characteristics
US9355172B2 (en) * 2013-01-10 2016-05-31 Accenture Global Services Limited Data trend analysis
US9104865B2 (en) * 2013-08-29 2015-08-11 International Business Machines Corporation Threat condition management
CN105580023B (en) * 2013-10-24 2019-08-16 迈克菲股份有限公司 The malicious application of agency's auxiliary in network environment prevents

Also Published As

Publication number Publication date
GB2560861A8 (en) 2019-02-06
GB2558811A (en) 2018-07-18
GB201811133D0 (en) 2018-08-22
GB201811123D0 (en) 2018-08-22
GB2565735B (en) 2019-05-29
WO2016038397A1 (en) 2016-03-17
GB2560861A (en) 2018-09-26
GB2563340A (en) 2018-12-12
GB2560861B8 (en) 2019-02-06
GB2558812B (en) 2019-03-27
GB2563340A8 (en) 2019-03-27
GB201815249D0 (en) 2018-10-31
GB2565735A (en) 2019-02-20
GB2558811B (en) 2019-03-27
GB2565734B (en) 2019-05-29
GB201820349D0 (en) 2019-01-30
GB2545621B (en) 2018-03-28
GB2545621B8 (en) 2021-11-03
GB2563340B (en) 2019-07-03
GB2564589B (en) 2019-07-03
GB2564589A (en) 2019-01-16
GB2552632B (en) 2018-05-09
GB201804902D0 (en) 2018-05-09
GB2565734A (en) 2019-02-20
GB2560861B (en) 2018-12-26
GB201820350D0 (en) 2019-01-30
GB2552632A (en) 2018-01-31
GB201715899D0 (en) 2017-11-15
GB201804873D0 (en) 2018-05-09
GB2552632B8 (en) 2021-11-03
GB2558812A (en) 2018-07-18
GB2545621A (en) 2017-06-21
GB2558812A8 (en) 2018-09-05

Similar Documents

Publication Publication Date Title
GB2560861B8 (en) Labeling computing objects for improved threat detection
GB2533284B (en) Performing object detection
EP3407317C0 (en) Tamper detection
IL246866A0 (en) Tagging security-relevant system objects
GB201408516D0 (en) Neutron detection
GB201413708D0 (en) Leak detection system
GB201418499D0 (en) Malware detection method
ZA201500063B (en) A detection system
GB201513698D0 (en) Object detection
GB201409182D0 (en) Capacitive detection system
GB201411568D0 (en) Detection
GB201405556D0 (en) Neutron detection
GB2534372B (en) Cloud Feature Detection
GB201502226D0 (en) AH-7921 detection
GB201707731D0 (en) Detection system
SG11201610262TA (en) Object detection system
GB201516218D0 (en) Detection system
GB2532935B (en) Proximity detection system
GB201508766D0 (en) Detection system
GB201415372D0 (en) Object detection
GB201512302D0 (en) Detection system
GB201507868D0 (en) Detection system
GB201404343D0 (en) Tamper detection

Legal Events

Date Code Title Description
S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021

S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 26 OCTOBER 2021