-
公开(公告)号:US20230032104A1
公开(公告)日:2023-02-02
申请号:US17711431
申请日:2022-04-01
IPC分类号: H04L9/40 , H04L67/01 , H04L67/147
摘要: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.
-
2.发明授权公开(公告)号:US11245730B2
公开(公告)日:2022-02-08
申请号:US16678813
申请日:2019-11-08
发明人: Michael James Bailey
IPC分类号: H04L29/06
摘要: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.
-
公开(公告)号:US12069096B2
公开(公告)日:2024-08-20
申请号:US17389695
申请日:2021-07-30
IPC分类号: H04L9/40 , H04L67/01 , H04L67/147
CPC分类号: H04L63/20 , H04L63/102 , H04L67/01 , H04L67/147
摘要: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.
-
4.发明公开公开(公告)号:US20230367564A1
公开(公告)日:2023-11-16
申请号:US17740804
申请日:2022-05-10
IPC分类号: G06F8/41
CPC分类号: G06F8/41
摘要: An endpoint protection system implementing a new blocking strategy allows a user to specify an arbitrary number of protection rules through a user interface. In user mode, the protection rules are compiled into a single expression tree, which is then compiled into byte code. In kernel mode, the byte code is dynamically loaded in memory (e.g., kernel space) and the assembler validates the byte code and performs a plurality of security checks, then ultimately assembles the byte code into machine code that is native to the processor. Because complex detection/protection logic is compiled in user mode, the invention allows for highly expressive and powerful protection rules. Further, because complex detection/protection logic is not manually written in kernel mode, but validated then evaluated via simple machine code instructions in the privileged mode, the invention is safer and will not slow down the entire operating system.
-
公开(公告)号:US20230070650A1
公开(公告)日:2023-03-09
申请号:US17903783
申请日:2022-09-06
摘要: Systems and methods for event threat prioritization are provided. In some embodiments, an event priority engine receives event data detected by event agents executing on devices. The events are prioritized and ranked according to threat scores for events generated according to threat indicators which are fed event data and threat data. In some embodiments, security systems may take the approach of prioritizing events based on the endpoints from which they originate using attributes associated with those endpoints. In this way, events can be prioritized at least in part based on the damage to the enterprise that may occur if those events were to compromise security, not just the likelihood of those events actually resulting in a security breach.
-
6.发明公开公开(公告)号:US20240223616A1
公开(公告)日:2024-07-04
申请号:US18441626
申请日:2024-02-14
发明人: Michael James Bailey
IPC分类号: H04L9/40
CPC分类号: H04L63/20 , H04L63/14 , H04L63/145
摘要: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.
-
7.发明申请公开(公告)号:US20220150282A1
公开(公告)日:2022-05-12
申请号:US17584520
申请日:2022-01-26
发明人: Michael James Bailey
IPC分类号: H04L9/40
摘要: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.
-
公开(公告)号:US20220094703A1
公开(公告)日:2022-03-24
申请号:US17483676
申请日:2021-09-23
IPC分类号: H04L29/06
摘要: An endpoint agent is enhanced with a kernel-level event tracing facility, an event manager having telemetry filters, a persistence manager, and a detection engine. The endpoint agent receives an instruction from a controller system to enable a selection of filters, including a custom-built telemetry filter for the kernel-level event tracing facility which feeds events to the event manager as they are occurring. The event manager determines which enabled telemetry filters are applicable to the events, apply them to identify events of interest, and provide those events to the detection engine which, in turn, applies detection filters to the events of interest to detect possible threats to the endpoint. The telemetry filters are evaluated in memory as the events are occurring. To increase the speed of processing, expression trees representing the telemetry filters can be compiled into machine code just in time of execution. The machine code executes extremely fast natively.
-
9.发明授权公开(公告)号:US11949719B2
公开(公告)日:2024-04-02
申请号:US17584520
申请日:2022-01-26
发明人: Michael James Bailey
IPC分类号: H04L9/40
CPC分类号: H04L63/20 , H04L63/14 , H04L63/145
摘要: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.
-
公开(公告)号:US20220038503A1
公开(公告)日:2022-02-03
申请号:US17389695
申请日:2021-07-30
摘要: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.018 秒)
