GB2554159B8 - Monitoring variations in observable events for threat detection - Google Patents
Monitoring variations in observable events for threat detection Download PDFInfo
- Publication number
- GB2554159B8 GB2554159B8 GB1711325.9A GB201711325A GB2554159B8 GB 2554159 B8 GB2554159 B8 GB 2554159B8 GB 201711325 A GB201711325 A GB 201711325A GB 2554159 B8 GB2554159 B8 GB 2554159B8
- Authority
- GB
- United Kingdom
- Prior art keywords
- threat detection
- observable events
- monitoring variations
- monitoring
- variations
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1713286.1A GB2555690B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713287.9A GB2555691B (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713290.3A GB2584585B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/570,578 US9419989B2 (en) | 2014-12-15 | 2014-12-15 | Threat detection using URL cache hits |
US14/570,188 US9571512B2 (en) | 2014-12-15 | 2014-12-15 | Threat detection using endpoint variance |
US14/569,944 US9774613B2 (en) | 2014-12-15 | 2014-12-15 | Server drift monitoring |
PCT/GB2015/053676 WO2016097686A1 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Publications (3)
Publication Number | Publication Date |
---|---|
GB2554159A GB2554159A (en) | 2018-03-28 |
GB2554159B GB2554159B (en) | 2020-02-26 |
GB2554159B8 true GB2554159B8 (en) | 2021-11-03 |
Family
ID=54979861
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB1711327.5A Pending GB201711327D0 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713286.1A Active GB2555690B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713287.9A Active GB2555691B (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1711325.9A Active GB2554159B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713290.3A Active GB2584585B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB1711327.5A Pending GB201711327D0 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713286.1A Active GB2555690B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713287.9A Active GB2555691B (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1713290.3A Active GB2584585B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Country Status (2)
Country | Link |
---|---|
GB (5) | GB201711327D0 (en) |
WO (1) | WO2016097686A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9419989B2 (en) | 2014-12-15 | 2016-08-16 | Sophos Limited | Threat detection using URL cache hits |
US9774613B2 (en) | 2014-12-15 | 2017-09-26 | Sophos Limited | Server drift monitoring |
US9571512B2 (en) | 2014-12-15 | 2017-02-14 | Sophos Limited | Threat detection using endpoint variance |
US10462173B1 (en) * | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6430615B1 (en) * | 1998-03-13 | 2002-08-06 | International Business Machines Corporation | Predictive model-based measurement acquisition employing a predictive model operating on a manager system and a managed system |
US6671811B1 (en) * | 1999-10-25 | 2003-12-30 | Visa Internation Service Association | Features generation for use in computer network intrusion detection |
US20040259640A1 (en) * | 2003-04-16 | 2004-12-23 | Gentles Thomas A. | Layered security methods and apparatus in a gaming system environment |
US20060020923A1 (en) * | 2004-06-15 | 2006-01-26 | K5 Systems Inc. | System and method for monitoring performance of arbitrary groupings of network infrastructure and applications |
US8533818B1 (en) * | 2006-06-30 | 2013-09-10 | Symantec Corporation | Profiling backup activity |
US7634479B2 (en) * | 2006-12-29 | 2009-12-15 | Trend Micro Incorporated | Pre-populating local URL rating cache |
US8312536B2 (en) * | 2006-12-29 | 2012-11-13 | Symantec Corporation | Hygiene-based computer security |
US8028061B2 (en) * | 2007-10-18 | 2011-09-27 | Trendium, Inc. | Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes |
US8566932B1 (en) * | 2009-07-31 | 2013-10-22 | Symantec Corporation | Enforcing good network hygiene using reputation-based automatic remediation |
US8800030B2 (en) * | 2009-09-15 | 2014-08-05 | Symantec Corporation | Individualized time-to-live for reputation scores of computer files |
US8229930B2 (en) * | 2010-02-01 | 2012-07-24 | Microsoft Corporation | URL reputation system |
US20130339515A1 (en) * | 2012-06-13 | 2013-12-19 | International Business Machines Corporation | Network service functionality monitor and controller |
US8984331B2 (en) * | 2012-09-06 | 2015-03-17 | Triumfant, Inc. | Systems and methods for automated memory and thread execution anomaly detection in a computer network |
GB2505533B (en) * | 2012-12-14 | 2014-07-09 | F Secure Corp | Security method and apparatus |
WO2014143000A1 (en) * | 2013-03-15 | 2014-09-18 | Mcafee, Inc. | Server-assisted anti-malware |
US10382454B2 (en) * | 2014-09-26 | 2019-08-13 | Mcafee, Llc | Data mining algorithms adopted for trusted execution environment |
US10033766B2 (en) * | 2015-06-05 | 2018-07-24 | Cisco Technology, Inc. | Policy-driven compliance |
-
2015
- 2015-12-02 WO PCT/GB2015/053676 patent/WO2016097686A1/en active Application Filing
- 2015-12-02 GB GBGB1711327.5A patent/GB201711327D0/en active Pending
- 2015-12-02 GB GB1713286.1A patent/GB2555690B8/en active Active
- 2015-12-02 GB GB1713287.9A patent/GB2555691B/en active Active
- 2015-12-02 GB GB1711325.9A patent/GB2554159B8/en active Active
- 2015-12-02 GB GB1713290.3A patent/GB2584585B8/en active Active
Also Published As
Publication number | Publication date |
---|---|
GB2555690B8 (en) | 2021-11-03 |
GB201711327D0 (en) | 2017-08-30 |
WO2016097686A1 (en) | 2016-06-23 |
GB2555691A (en) | 2018-05-09 |
GB2584585B8 (en) | 2021-11-03 |
GB2554159A (en) | 2018-03-28 |
GB201713286D0 (en) | 2017-10-04 |
GB2555691B (en) | 2020-05-06 |
GB2554159B (en) | 2020-02-26 |
GB2555690B (en) | 2020-07-15 |
GB2584585A (en) | 2020-12-16 |
GB201713290D0 (en) | 2017-10-04 |
GB2584585B (en) | 2021-03-24 |
GB201713287D0 (en) | 2017-10-04 |
GB2555690A (en) | 2018-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2533284B (en) | Performing object detection | |
EP3407317C0 (en) | Tamper detection | |
GB201413707D0 (en) | Usage monitoring system and metod | |
GB201408516D0 (en) | Neutron detection | |
GB201413708D0 (en) | Leak detection system | |
SG11201702459VA (en) | Event-specific detection methods | |
GB2554159B (en) | Monitoring variations in observable events for threat detection | |
GB201416188D0 (en) | Key usage detection | |
GB2521885B (en) | Detection device | |
GB2518472B (en) | Metal-theft detection device | |
GB201419330D0 (en) | Detection method | |
GB201405556D0 (en) | Neutron detection | |
IL251155B (en) | Impairment detection | |
GB2532838B (en) | Monitoring system with position detection | |
GB2547600B (en) | Devices and methods for detecting norovirus on surfaces | |
SG10201406350UA (en) | An event detection method | |
GB201416459D0 (en) | Detection method | |
GB2529306B (en) | Electricity detection device | |
GB201707731D0 (en) | Detection system | |
SG11201610262TA (en) | Object detection system | |
GB201402174D0 (en) | Detection method | |
GB201516218D0 (en) | Detection system | |
GB201508766D0 (en) | Detection system | |
GB201404343D0 (en) | Tamper detection | |
GB201416158D0 (en) | Detection device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
S117 | Correction of errors in patents and applications (sect. 117/patents act 1977) |
Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 |
|
S117 | Correction of errors in patents and applications (sect. 117/patents act 1977) |
Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 26 OCTOBER 2021 |