GB2555690B8 - Monitoring variations in observable events for threat detection - Google Patents

Monitoring variations in observable events for threat detection Download PDF

Info

Publication number
GB2555690B8
GB2555690B8 GB1713286.1A GB201713286A GB2555690B8 GB 2555690 B8 GB2555690 B8 GB 2555690B8 GB 201713286 A GB201713286 A GB 201713286A GB 2555690 B8 GB2555690 B8 GB 2555690B8
Authority
GB
United Kingdom
Prior art keywords
threat detection
observable events
monitoring variations
monitoring
variations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1713286.1A
Other versions
GB201713286D0 (en
GB2555690A (en
GB2555690B (en
Inventor
D Ray Kenneth
D Harris Mark
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/569,944 external-priority patent/US9774613B2/en
Priority claimed from US14/570,578 external-priority patent/US9419989B2/en
Priority claimed from US14/570,188 external-priority patent/US9571512B2/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Publication of GB201713286D0 publication Critical patent/GB201713286D0/en
Publication of GB2555690A publication Critical patent/GB2555690A/en
Application granted granted Critical
Publication of GB2555690B publication Critical patent/GB2555690B/en
Publication of GB2555690B8 publication Critical patent/GB2555690B8/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
GB1713286.1A 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection Active GB2555690B8 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14/569,944 US9774613B2 (en) 2014-12-15 2014-12-15 Server drift monitoring
US14/570,578 US9419989B2 (en) 2014-12-15 2014-12-15 Threat detection using URL cache hits
US14/570,188 US9571512B2 (en) 2014-12-15 2014-12-15 Threat detection using endpoint variance
GB1711325.9A GB2554159B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Publications (4)

Publication Number Publication Date
GB201713286D0 GB201713286D0 (en) 2017-10-04
GB2555690A GB2555690A (en) 2018-05-09
GB2555690B GB2555690B (en) 2020-07-15
GB2555690B8 true GB2555690B8 (en) 2021-11-03

Family

ID=54979861

Family Applications (5)

Application Number Title Priority Date Filing Date
GB1713287.9A Active GB2555691B (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1711325.9A Active GB2554159B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1713286.1A Active GB2555690B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GBGB1711327.5A Pending GB201711327D0 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1713290.3A Active GB2584585B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Family Applications Before (2)

Application Number Title Priority Date Filing Date
GB1713287.9A Active GB2555691B (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1711325.9A Active GB2554159B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Family Applications After (2)

Application Number Title Priority Date Filing Date
GBGB1711327.5A Pending GB201711327D0 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1713290.3A Active GB2584585B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Country Status (2)

Country Link
GB (5) GB2555691B (en)
WO (1) WO2016097686A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9419989B2 (en) 2014-12-15 2016-08-16 Sophos Limited Threat detection using URL cache hits
US9571512B2 (en) 2014-12-15 2017-02-14 Sophos Limited Threat detection using endpoint variance
US9774613B2 (en) 2014-12-15 2017-09-26 Sophos Limited Server drift monitoring
US10462173B1 (en) * 2016-06-30 2019-10-29 Fireeye, Inc. Malware detection verification and enhancement by coordinating endpoint and malware detection systems

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6430615B1 (en) * 1998-03-13 2002-08-06 International Business Machines Corporation Predictive model-based measurement acquisition employing a predictive model operating on a manager system and a managed system
US6671811B1 (en) * 1999-10-25 2003-12-30 Visa Internation Service Association Features generation for use in computer network intrusion detection
US20040259640A1 (en) * 2003-04-16 2004-12-23 Gentles Thomas A. Layered security methods and apparatus in a gaming system environment
US20050278703A1 (en) * 2004-06-15 2005-12-15 K5 Systems Inc. Method for using statistical analysis to monitor and analyze performance of new network infrastructure or software applications for deployment thereof
US8533818B1 (en) * 2006-06-30 2013-09-10 Symantec Corporation Profiling backup activity
US8312536B2 (en) * 2006-12-29 2012-11-13 Symantec Corporation Hygiene-based computer security
US7634479B2 (en) * 2006-12-29 2009-12-15 Trend Micro Incorporated Pre-populating local URL rating cache
US8028061B2 (en) * 2007-10-18 2011-09-27 Trendium, Inc. Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes
US8566932B1 (en) * 2009-07-31 2013-10-22 Symantec Corporation Enforcing good network hygiene using reputation-based automatic remediation
US8800030B2 (en) * 2009-09-15 2014-08-05 Symantec Corporation Individualized time-to-live for reputation scores of computer files
US8229930B2 (en) * 2010-02-01 2012-07-24 Microsoft Corporation URL reputation system
US20130339515A1 (en) * 2012-06-13 2013-12-19 International Business Machines Corporation Network service functionality monitor and controller
US8984331B2 (en) * 2012-09-06 2015-03-17 Triumfant, Inc. Systems and methods for automated memory and thread execution anomaly detection in a computer network
GB2505533B (en) * 2012-12-14 2014-07-09 F Secure Corp Security method and apparatus
WO2014143000A1 (en) * 2013-03-15 2014-09-18 Mcafee, Inc. Server-assisted anti-malware
US10382454B2 (en) * 2014-09-26 2019-08-13 Mcafee, Llc Data mining algorithms adopted for trusted execution environment
US10033766B2 (en) * 2015-06-05 2018-07-24 Cisco Technology, Inc. Policy-driven compliance

Also Published As

Publication number Publication date
GB201713286D0 (en) 2017-10-04
GB2554159B (en) 2020-02-26
GB2584585B (en) 2021-03-24
GB2584585B8 (en) 2021-11-03
GB2555691B (en) 2020-05-06
GB201713290D0 (en) 2017-10-04
WO2016097686A1 (en) 2016-06-23
GB2555691A (en) 2018-05-09
GB2554159A (en) 2018-03-28
GB2584585A (en) 2020-12-16
GB2554159B8 (en) 2021-11-03
GB201711327D0 (en) 2017-08-30
GB2555690A (en) 2018-05-09
GB2555690B (en) 2020-07-15
GB201713287D0 (en) 2017-10-04

Similar Documents

Publication Publication Date Title
GB2533284B (en) Performing object detection
EP3407317C0 (en) Tamper detection
GB201408100D0 (en) Detection method
GB201413707D0 (en) Usage monitoring system and metod
GB201408516D0 (en) Neutron detection
GB201413708D0 (en) Leak detection system
SG11201702459VA (en) Event-specific detection methods
GB2554159B8 (en) Monitoring variations in observable events for threat detection
GB2521885B (en) Detection device
GB2518472B (en) Metal-theft detection device
GB201411568D0 (en) Detection
GB201405556D0 (en) Neutron detection
IL251155B (en) Impairment detection
GB2532838B (en) Monitoring system with position detection
GB2547600B (en) Devices and methods for detecting norovirus on surfaces
SG10201406350UA (en) An event detection method
GB2529306B (en) Electricity detection device
GB201707731D0 (en) Detection system
SG11201610262TA (en) Object detection system
GB201416459D0 (en) Detection method
GB201402174D0 (en) Detection method
GB201516218D0 (en) Detection system
GB201508766D0 (en) Detection system
GB201404343D0 (en) Tamper detection
GB201416158D0 (en) Detection device

Legal Events

Date Code Title Description
S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021

S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 26 OCTOBER 2021