GB2555691B - Monitoring variations in observable events for threat detection - Google Patents
Monitoring variations in observable events for threat detection Download PDFInfo
- Publication number
- GB2555691B GB2555691B GB1713287.9A GB201713287A GB2555691B GB 2555691 B GB2555691 B GB 2555691B GB 201713287 A GB201713287 A GB 201713287A GB 2555691 B GB2555691 B GB 2555691B
- Authority
- GB
- United Kingdom
- Prior art keywords
- threat detection
- observable events
- monitoring variations
- monitoring
- variations
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/570,578 US9419989B2 (en) | 2014-12-15 | 2014-12-15 | Threat detection using URL cache hits |
US14/570,188 US9571512B2 (en) | 2014-12-15 | 2014-12-15 | Threat detection using endpoint variance |
US14/569,944 US9774613B2 (en) | 2014-12-15 | 2014-12-15 | Server drift monitoring |
GB1711325.9A GB2554159B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Publications (3)
Publication Number | Publication Date |
---|---|
GB201713287D0 GB201713287D0 (en) | 2017-10-04 |
GB2555691A GB2555691A (en) | 2018-05-09 |
GB2555691B true GB2555691B (en) | 2020-05-06 |
Family
ID=54979861
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB1711327.5A Pending GB201711327D0 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713286.1A Active GB2555690B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713287.9A Active GB2555691B (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1711325.9A Active GB2554159B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713290.3A Active GB2584585B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GBGB1711327.5A Pending GB201711327D0 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713286.1A Active GB2555690B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1711325.9A Active GB2554159B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
GB1713290.3A Active GB2584585B8 (en) | 2014-12-15 | 2015-12-02 | Monitoring variations in observable events for threat detection |
Country Status (2)
Country | Link |
---|---|
GB (5) | GB201711327D0 (en) |
WO (1) | WO2016097686A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9419989B2 (en) | 2014-12-15 | 2016-08-16 | Sophos Limited | Threat detection using URL cache hits |
US9774613B2 (en) | 2014-12-15 | 2017-09-26 | Sophos Limited | Server drift monitoring |
US9571512B2 (en) | 2014-12-15 | 2017-02-14 | Sophos Limited | Threat detection using endpoint variance |
US10462173B1 (en) * | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001031420A2 (en) * | 1999-10-25 | 2001-05-03 | Visa International Service Association | Features generation for use in computer network intrusion detection |
US20020099821A1 (en) * | 1998-03-13 | 2002-07-25 | International Business Machines Corporation | Predictive model-based measurement acquisition |
US20060020924A1 (en) * | 2004-06-15 | 2006-01-26 | K5 Systems Inc. | System and method for monitoring performance of groupings of network infrastructure and applications using statistical analysis |
US20090106174A1 (en) * | 2007-10-18 | 2009-04-23 | Trendium, Inc. | Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes |
US20130339515A1 (en) * | 2012-06-13 | 2013-12-19 | International Business Machines Corporation | Network service functionality monitor and controller |
WO2016196686A1 (en) * | 2015-06-05 | 2016-12-08 | Cisco Technology, Inc. | Policy-driven compliance |
EP3198488A1 (en) * | 2014-09-26 | 2017-08-02 | McAfee, Inc. | Data mining algorithms adopted for trusted execution environment |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040259640A1 (en) * | 2003-04-16 | 2004-12-23 | Gentles Thomas A. | Layered security methods and apparatus in a gaming system environment |
US8533818B1 (en) * | 2006-06-30 | 2013-09-10 | Symantec Corporation | Profiling backup activity |
US7634479B2 (en) * | 2006-12-29 | 2009-12-15 | Trend Micro Incorporated | Pre-populating local URL rating cache |
US8312536B2 (en) * | 2006-12-29 | 2012-11-13 | Symantec Corporation | Hygiene-based computer security |
US8566932B1 (en) * | 2009-07-31 | 2013-10-22 | Symantec Corporation | Enforcing good network hygiene using reputation-based automatic remediation |
US8800030B2 (en) * | 2009-09-15 | 2014-08-05 | Symantec Corporation | Individualized time-to-live for reputation scores of computer files |
US8229930B2 (en) * | 2010-02-01 | 2012-07-24 | Microsoft Corporation | URL reputation system |
US8984331B2 (en) * | 2012-09-06 | 2015-03-17 | Triumfant, Inc. | Systems and methods for automated memory and thread execution anomaly detection in a computer network |
GB2505533B (en) * | 2012-12-14 | 2014-07-09 | F Secure Corp | Security method and apparatus |
WO2014143000A1 (en) * | 2013-03-15 | 2014-09-18 | Mcafee, Inc. | Server-assisted anti-malware |
-
2015
- 2015-12-02 WO PCT/GB2015/053676 patent/WO2016097686A1/en active Application Filing
- 2015-12-02 GB GBGB1711327.5A patent/GB201711327D0/en active Pending
- 2015-12-02 GB GB1713286.1A patent/GB2555690B8/en active Active
- 2015-12-02 GB GB1713287.9A patent/GB2555691B/en active Active
- 2015-12-02 GB GB1711325.9A patent/GB2554159B8/en active Active
- 2015-12-02 GB GB1713290.3A patent/GB2584585B8/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020099821A1 (en) * | 1998-03-13 | 2002-07-25 | International Business Machines Corporation | Predictive model-based measurement acquisition |
WO2001031420A2 (en) * | 1999-10-25 | 2001-05-03 | Visa International Service Association | Features generation for use in computer network intrusion detection |
US20060020924A1 (en) * | 2004-06-15 | 2006-01-26 | K5 Systems Inc. | System and method for monitoring performance of groupings of network infrastructure and applications using statistical analysis |
US20090106174A1 (en) * | 2007-10-18 | 2009-04-23 | Trendium, Inc. | Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes |
US20130339515A1 (en) * | 2012-06-13 | 2013-12-19 | International Business Machines Corporation | Network service functionality monitor and controller |
EP3198488A1 (en) * | 2014-09-26 | 2017-08-02 | McAfee, Inc. | Data mining algorithms adopted for trusted execution environment |
WO2016196686A1 (en) * | 2015-06-05 | 2016-12-08 | Cisco Technology, Inc. | Policy-driven compliance |
Also Published As
Publication number | Publication date |
---|---|
GB2555690B8 (en) | 2021-11-03 |
GB201711327D0 (en) | 2017-08-30 |
WO2016097686A1 (en) | 2016-06-23 |
GB2555691A (en) | 2018-05-09 |
GB2584585B8 (en) | 2021-11-03 |
GB2554159A (en) | 2018-03-28 |
GB201713286D0 (en) | 2017-10-04 |
GB2554159B (en) | 2020-02-26 |
GB2555690B (en) | 2020-07-15 |
GB2584585A (en) | 2020-12-16 |
GB2554159B8 (en) | 2021-11-03 |
GB201713290D0 (en) | 2017-10-04 |
GB2584585B (en) | 2021-03-24 |
GB201713287D0 (en) | 2017-10-04 |
GB2555690A (en) | 2018-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2533284B (en) | Performing object detection | |
EP3407317C0 (en) | Tamper detection | |
GB201413707D0 (en) | Usage monitoring system and metod | |
GB201408516D0 (en) | Neutron detection | |
GB201413708D0 (en) | Leak detection system | |
SG11201702459VA (en) | Event-specific detection methods | |
GB2555690B8 (en) | Monitoring variations in observable events for threat detection | |
GB201416188D0 (en) | Key usage detection | |
GB2521885B (en) | Detection device | |
GB2518472B (en) | Metal-theft detection device | |
GB201419330D0 (en) | Detection method | |
GB201405556D0 (en) | Neutron detection | |
IL251155A0 (en) | Impairment detection | |
GB2532838B (en) | Monitoring system with position detection | |
GB2547600B (en) | Devices and methods for detecting norovirus on surfaces | |
SG10201406350UA (en) | An event detection method | |
GB201416459D0 (en) | Detection method | |
GB2529306B (en) | Electricity detection device | |
GB201707731D0 (en) | Detection system | |
SG11201610262TA (en) | Object detection system | |
GB201402174D0 (en) | Detection method | |
GB201516218D0 (en) | Detection system | |
GB201508766D0 (en) | Detection system | |
GB201404343D0 (en) | Tamper detection | |
GB201416158D0 (en) | Detection device |