公开(公告)号：US20160232358A1

公开(公告)日：2016-08-11

申请号：US14617184

申请日：2015-02-09

Applicant: Cisco Technology, Inc.

Inventor： Anthony H. Grieco ,  Adam J. O'Donnell

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: Presented herein are vulnerability assessment techniques for highlighting an organization's information technology (IT) infrastructure security vulnerabilities. For example, a vulnerability assessment system obtains application metadata for each of a plurality of executable applications observed at one or more devices forming part of an organization's IT infrastructure. The application metadata includes unique software identifiers for each of the plurality of executable applications. The vulnerability assessment system obtains global security risk metadata for executable applications observed at the one or more devices. The vulnerability assessment system maps one or more unique software identifiers in the application metadata to global security risk metadata that corresponds to applications identified by the one or more unique software identifiers, thereby generating a vulnerable application dataset.

Abstract translation: 此处介绍的是用于突出组织信息技术（IT）基础架构安全漏洞的漏洞评估技术。 例如，脆弱性评估系统获得在形成组织的IT基础设施的一部分的一个或多个设备处观察到的多个可执行应用程序中的每一个的应用程序元数据。 应用元数据包括用于多个可执行应用中的每一个的唯一软件标识符。 漏洞评估系统获得在一个或多个设备上观察到的可执行应用程序的全局安全风险元数据。 漏洞评估系统将应用程序元数据中的一个或多个唯一软件标识符映射到对应于由一个或多个唯一软件标识符标识的应用程序的全局安全风险元数据，从而生成易受攻击的应用数据集。

公开(公告)号：US09602525B2

公开(公告)日：2017-03-21

申请号：US14633805

申请日：2015-02-27

Applicant: Cisco Technology, Inc.

Inventor： Jiang Qian ,  Adam J. O'Donnell ,  Paul Frank ,  Patrick Mullen

IPC: G06F12/14 ,  H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1433 ,  H04L63/1466

Abstract: Techniques are presented herein that combine a host-based analysis of an executable file on a host computer with a network-based analysis, i.e., an analysis of domain names to detect malware generated domain names that are used by the malicious executable files to establish malicious network connections. A server receives information from a host computer about an executable file that, when executed on the host computer, initiates a network connection. The server also receives information about the network connection itself. The server analyzes the information about the executable file to determine whether the executable file has a malicious disposition. Depending on a disposition of the executable file, the server analyzes the information about the network connection and determines whether the network connection is malicious.

公开(公告)号：US20160255107A1

公开(公告)日：2016-09-01

申请号：US14633805

申请日：2015-02-27

Applicant: Cisco Technology, Inc.

Inventor： Jiang Qian ,  Adam J. O'Donnell ,  Paul Frank ,  Patrick Mullen

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/1433 ,  H04L63/1466

Abstract: Techniques are presented herein that combine a host-based analysis of an executable file on a host computer with a network-based analysis, i.e., an analysis of domain names to detect malware generated domain names that are used by the malicious executable files to establish malicious network connections. A server receives information from a host computer about an executable file that, when executed on the host computer, initiates a network connection. The server also receives information about the network connection itself. The server analyzes the information about the executable file to determine whether the executable file has a malicious disposition. Depending on a disposition of the executable file, the server analyzes the information about the network connection and determines whether the network connection is malicious.

Abstract translation: 本文介绍了将主计算机上的可执行文件的基于主机的分析与基于网络的分析相结合的技术，即域名分析，以检测由恶意可执行文件用于建立恶意软件的恶意软件生成的域名 网络连接。 服务器从主机接收关于可执行文件的信息，该可执行文件在主计算机上执行时发起网络连接。 服务器还接收有关网络连接本身的信息。 服务器分析有关可执行文件的信息，以确定可执行文件是否具有恶意的配置。 根据可执行文件的配置，服务器分析有关网络连接的信息，并确定网络连接是否恶意。

公开(公告)号：US08978137B2

公开(公告)日：2015-03-10

申请号：US13781434

申请日：2013-02-28

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell ,  Zulfikar Ramzan

IPC: G06F11/00 ,  G06F12/14 ,  G08B23/00 ,  G06F21/56

CPC classification number: G06F21/56 ,  G06F21/567 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A system for retroactively detecting malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy is found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract translation: 用于在终端用户系统上追溯地检测恶意软件的系统，而不直接在端点设备上执行昂贵的交叉引用。 客户端向服务器提供有关其上的文件的信息以及它们对这些文件的了解。 服务器跟踪这些信息，并将其与引用干净或恶意文件的新智能交叉引用。 如果发现差异（即被称为恶意文件但实际上是良性的文件，反之亦然），则服务器通知客户端，该客户端又根据该信息进行适当的操作。

公开(公告)号：US10554678B2

公开(公告)日：2020-02-04

申请号：US15659953

申请日：2017-07-26

Applicant: Cisco Technology, Inc.

Inventor： Jason V. Miller ,  Adam J. O'Donnell

IPC: H04L29/06 ,  G06F21/56

Abstract: A method includes: at a server, obtaining security intelligence data used for classifying whether a data associated with a user activity in a network is undesirable at a first time; classifying whether a first data in the network is undesirable based on the security intelligence data; receiving a request for classifying whether a second data is undesirable based on the security intelligence data; determining whether the server is overloaded with tasks; if the server is determined to be overloaded with tasks: logging the second data in a repository, and tagging the second data to re-visit classification of the second data; and when the server is no longer overloaded, classifying whether the second data is undesirable to produce a second classifying result and re-classifying whether the first data is undesirable based on updated security intelligence data obtained by the server.

公开(公告)号：US09203854B2

公开(公告)日：2015-12-01

申请号：US14505837

申请日：2014-10-03

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell

IPC: G06F11/00 ,  H04L29/06 ,  G06F21/56

CPC classification number: H04L63/1416 ,  G06F21/564

Abstract: Novel methods, components, and systems for detecting malicious software in a proactive manner are presented. More specifically, we describe methods, components, and systems that leverage machine learning techniques to detect malicious software. The disclosed invention provides a significant improvement with regard to detection capabilities compared to previous approaches.

Abstract translation: 介绍了以主动的方式检测恶意软件的新方法，组件和系统。 更具体地说，我们描述利用机器学习技术来检测恶意软件的方法，组件和系统。 与先前的方法相比，所公开的发明提供了关于检测能力的显着改进。

公开(公告)号：US09928369B2

公开(公告)日：2018-03-27

申请号：US14617184

申请日：2015-02-09

Applicant: Cisco Technology, Inc.

Inventor： Anthony H. Grieco ,  Adam J. O'Donnell

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: Presented herein are vulnerability assessment techniques for highlighting an organization's information technology (IT) infrastructure security vulnerabilities. For example, a vulnerability assessment system obtains application metadata for each of a plurality of executable applications observed at one or more devices forming part of an organization's IT infrastructure. The application metadata includes unique software identifiers for each of the plurality of executable applications. The vulnerability assessment system obtains global security risk metadata for executable applications observed at the one or more devices. The vulnerability assessment system maps one or more unique software identifiers in the application metadata to global security risk metadata that corresponds to applications identified by the one or more unique software identifiers, thereby generating a vulnerable application dataset.

公开(公告)号：US09639697B2

公开(公告)日：2017-05-02

申请号：US14610429

申请日：2015-01-30

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell ,  Zulfikar Ramzan

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/56

CPC classification number: G06F21/56 ,  G06F21/567 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

公开(公告)号：US20150205959A1

公开(公告)日：2015-07-23

申请号：US14610429

申请日：2015-01-30

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell ,  Zulfikar Ramzan

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/567 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract translation: 系统追溯地在最终用户系统上检测恶意软件，而不直接在端点设备上执行昂贵的交叉引用。 客户端向服务器提供有关其上的文件的信息以及它们对这些文件的了解。 服务器跟踪这些信息，并将其与引用干净或恶意文件的新智能交叉引用。 如果找到的差异（即被称为恶意文件但实际上是良性的文件或反之亦然），则服务器通知客户端，该客户端又根据该信息进行适当的操作。

公开(公告)号：US11558366B2

公开(公告)日：2023-01-17

申请号：US16172694

申请日：2018-10-26

Applicant: Cisco Technology, Inc.

Inventor： Aaron T. Woland ,  Adam J. O'Donnell ,  Vivek Santuka ,  Stephen M. Orr

IPC: H04L9/32 ,  H04L9/40 ,  H04W12/08

Abstract: Techniques for connecting known entities to a protected network are described. A user device with a certified application installed is authenticated with an identification repository. The authentication is accomplished using credentials associated with the certified application. The user device is also enrolled with an authentication server and the authenticated user device is connected to the protected network.