GB2614426B - Enterprise network threat detection - Google Patents

Enterprise network threat detection Download PDF

Info

Publication number
GB2614426B
GB2614426B GB2216902.3A GB202216902A GB2614426B GB 2614426 B GB2614426 B GB 2614426B GB 202216902 A GB202216902 A GB 202216902A GB 2614426 B GB2614426 B GB 2614426B
Authority
GB
United Kingdom
Prior art keywords
enterprise network
threat detection
network threat
detection
enterprise
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB2216902.3A
Other versions
GB2614426A (en
GB202216902D0 (en
Inventor
Ladnai Beata
David Harris Mark
G P Smith Andrew
J Thomas Andrew
Humphries Russell
D Ray Kenneth
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/128,953 external-priority patent/US11552962B2/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Publication of GB202216902D0 publication Critical patent/GB202216902D0/en
Publication of GB2614426A publication Critical patent/GB2614426A/en
Application granted granted Critical
Publication of GB2614426B publication Critical patent/GB2614426B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/01Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • G06N5/046Forward inferencing; Production systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06395Quality analysis or management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Artificial Intelligence (AREA)
  • Educational Administration (AREA)
  • Computational Linguistics (AREA)
  • Development Economics (AREA)
  • Game Theory and Decision Science (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computer And Data Communications (AREA)
  • Alarm Systems (AREA)
GB2216902.3A 2018-08-31 2019-08-13 Enterprise network threat detection Active GB2614426B (en)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US201862726174P 2018-08-31 2018-08-31
US16/128,953 US11552962B2 (en) 2018-08-31 2018-09-12 Computer assisted identification of intermediate level threats
US16/129,183 US10938839B2 (en) 2018-08-31 2018-09-12 Threat detection with business impact scoring
US16/129,113 US11297073B2 (en) 2018-08-31 2018-09-12 Forensic query of local event streams in an enterprise network
US16/129,143 US10972485B2 (en) 2018-08-31 2018-09-12 Enterprise network threat detection
US16/128,984 US10938838B2 (en) 2018-08-31 2018-09-12 Computer augmented threat evaluation
US16/129,087 US20200076833A1 (en) 2018-08-31 2018-09-12 Dynamic filtering of endpoint event streams
US201962874758P 2019-07-16 2019-07-16
GB2103617.3A GB2592132B (en) 2018-08-31 2019-08-13 Enterprise network threat detection

Publications (3)

Publication Number Publication Date
GB202216902D0 GB202216902D0 (en) 2022-12-28
GB2614426A GB2614426A (en) 2023-07-05
GB2614426B true GB2614426B (en) 2023-10-11

Family

ID=69643045

Family Applications (2)

Application Number Title Priority Date Filing Date
GB2103617.3A Active GB2592132B (en) 2018-08-31 2019-08-13 Enterprise network threat detection
GB2216902.3A Active GB2614426B (en) 2018-08-31 2019-08-13 Enterprise network threat detection

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB2103617.3A Active GB2592132B (en) 2018-08-31 2019-08-13 Enterprise network threat detection

Country Status (2)

Country Link
GB (2) GB2592132B (en)
WO (1) WO2020046575A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11966502B2 (en) 2020-03-17 2024-04-23 Forensifile, Llc Digital file forensic accounting and management system
CN113537262B (en) * 2020-04-20 2024-05-28 深信服科技股份有限公司 Data analysis method, device, equipment and readable storage medium
CN111786950B (en) * 2020-05-28 2023-10-27 中国平安财产保险股份有限公司 Network security monitoring method, device, equipment and medium based on situation awareness
US20230229782A1 (en) * 2022-01-19 2023-07-20 Dell Products L.P. Automatically performing varied security scans on distributed files using machine learning techniques

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160173510A1 (en) * 2014-12-15 2016-06-16 Sophos Limited Threat detection using url cache hits
US20170063903A1 (en) * 2015-08-31 2017-03-02 Splunk Inc. Event views in data intake stage of machine data processing platform
US9727726B1 (en) * 2013-12-19 2017-08-08 Amazon Technologies, Inc. Intrusion detection using bus snooping
US20170346835A1 (en) * 2014-12-15 2017-11-30 Sophos Limited Server drift monitoring
US20180091535A1 (en) * 2016-09-23 2018-03-29 Sap Se Snapshot of a forensic investigation for enterprise threat detection
US9934378B1 (en) * 2015-04-21 2018-04-03 Symantec Corporation Systems and methods for filtering log files

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014152469A1 (en) * 2013-03-18 2014-09-25 The Trustees Of Columbia University In The City Of New York Unsupervised anomaly-based malware detection using hardware features
US9690938B1 (en) * 2015-08-05 2017-06-27 Invincea, Inc. Methods and apparatus for machine learning based malware detection
CN106682495B (en) * 2016-11-11 2020-01-10 腾讯科技(深圳)有限公司 Safety protection method and safety protection device
US10360380B2 (en) * 2017-01-19 2019-07-23 Cylance Inc. Advanced malware classification
US10205735B2 (en) * 2017-01-30 2019-02-12 Splunk Inc. Graph-based network security threat detection across time and entities
RU2659737C1 (en) * 2017-08-10 2018-07-03 Акционерное общество "Лаборатория Касперского" System and method of managing computing resources for detecting malicious files
US11288385B2 (en) * 2018-04-13 2022-03-29 Sophos Limited Chain of custody for enterprise documents

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9727726B1 (en) * 2013-12-19 2017-08-08 Amazon Technologies, Inc. Intrusion detection using bus snooping
US20160173510A1 (en) * 2014-12-15 2016-06-16 Sophos Limited Threat detection using url cache hits
US20170346835A1 (en) * 2014-12-15 2017-11-30 Sophos Limited Server drift monitoring
US9934378B1 (en) * 2015-04-21 2018-04-03 Symantec Corporation Systems and methods for filtering log files
US20170063903A1 (en) * 2015-08-31 2017-03-02 Splunk Inc. Event views in data intake stage of machine data processing platform
US20180091535A1 (en) * 2016-09-23 2018-03-29 Sap Se Snapshot of a forensic investigation for enterprise threat detection

Also Published As

Publication number Publication date
GB202103617D0 (en) 2021-04-28
WO2020046575A1 (en) 2020-03-05
GB2614426A (en) 2023-07-05
GB2592132A (en) 2021-08-18
GB202216902D0 (en) 2022-12-28
GB2592132B (en) 2023-01-04

Similar Documents

Publication Publication Date Title
GB2614460B (en) Network security
EP3593508A4 (en) Identifying malicious network devices
EP3731489B8 (en) Improved network anomaly detection
SG11202100815XA (en) Cyber defence system
EP3368997A4 (en) Network aware distributed business transaction anomaly detection
GB2587749B (en) Cyber defence system
GB202018989D0 (en) Malware detection
GB2592132B (en) Enterprise network threat detection
EP3281116A4 (en) Systems and methods for generating network threat intelligence
GB2573651B (en) Network vulnerability assessment
GB2575052B (en) Phishing detection
GB201801767D0 (en) Network testing
EP3756324A4 (en) Network security
EP3378208A4 (en) Handling network threats
GB2584120B (en) Network security
GB202209120D0 (en) Identifying threats
GB2574093B (en) Malware barrier
GB2568091B (en) Threat detection system
GB2569568B (en) Threat detection system
GB2583931B (en) Network vulnerability detection
GB2572155B (en) Threat detection system
GB201802257D0 (en) Network
GB201819711D0 (en) Multi factor network anomaly detection
GB2580317B (en) Threat forecasting
GB2611724B (en) Phishing detection