-
公开(公告)号:US09805204B1
公开(公告)日:2017-10-31
申请号:US14834474
申请日:2015-08-25
申请人: Symantec Corporation
发明人: Carey S. Nachenberg
CPC分类号: G06F17/30864 , G06F17/30109 , G06F21/6236
摘要: The disclosed computer-implemented method for determining that files found on client devices comprise sensitive information may include (1) maintaining, on a server, a set of representations of files that have been classified as sensitive according to a data loss prevention policy, (2) receiving, from a client device, a message that includes a representation of a file on the client device, (3) determining that the representation of the file on the client device matches the representation of a sensitive file from the set of representations of files, (4) concluding, based on the representation of the file on the client device matching the representation of the sensitive file, that the file on the client device includes sensitive information, and (5) performing a security action in response to concluding that the file on the client device includes the sensitive information. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US09262638B2
公开(公告)日:2016-02-16
申请号:US13666788
申请日:2012-11-01
申请人: Symantec Corporation
CPC分类号: G06F21/577 , G06F21/50
摘要: A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.
摘要翻译: 信誉服务器通过网络耦合到多个客户端。 每个客户端都有一个安全模块来检测客户端的恶意软件。 安全模块根据检测到的恶意软件计算卫生分数,并将其提供给信誉服务器。 安全模块监视客户端遇到的文件,程序和网站等实体。 当客户端遇到实体时,安全模块从信誉服务器获取该实体的信誉分数。 安全模块评估信誉分数,并可选择取消涉及实体的活动。 信誉服务器根据客户的卫生评分和响应评估进行的操作,计算实体的信誉评分。 信誉服务器根据信誉评分对客户端安全模块提交的恶意软件进行优先级排序。
-
公开(公告)号:US09246931B1
公开(公告)日:2016-01-26
申请号:US14535733
申请日:2014-11-07
申请人: Symantec Corporation
CPC分类号: H04L63/1425 , G06F21/56 , G06F21/564 , G06F21/566 , G06F2221/034 , G06F2221/2101 , H04L63/145 , H04L67/22
摘要: A communication between an entity and a host is identified. Reputation information associated with a set of other entities that communicate with the host is identified. A reputation score associated with the host is generated based on the reputation information associated with a set of other entities. A reputation score associated with the entity is generated based on the reputation score associated with the host.
摘要翻译: 识别实体和主机之间的通信。 识别与与主机通信的一组其他实体相关联的信誉信息。 基于与一组其他实体相关联的信誉信息生成与主机相关联的信誉评分。 基于与主机相关联的信誉评分,生成与该实体相关联的信誉评分。
-
公开(公告)号:US20140143869A1
公开(公告)日:2014-05-22
申请号:US13682288
申请日:2012-11-20
申请人: Symantec Corporation
发明人: Shane Pereira , Carey S. Nachenberg
IPC分类号: G06F21/00
CPC分类号: G06F21/566 , G06F21/564 , H04L63/14
摘要: Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update.
摘要翻译: 客户将遥测数据发送到云服务器,其中遥测数据包括与客户端检测到的安全相关信息,如文件创建,时间戳和恶意软件。 云服务器分析遥测数据,以识别目前在客户端之间传播的恶意软件。 基于对遥测数据的分析,云服务器将云定义数据库中的恶意软件定义分为一组本地恶意软件定义和一组云恶意软件定义。 云服务器将本地恶意软件定义作为本地恶意软件定义更新提供给客户端,并从客户端回复云定义查找请求,并指示请求中标识的文件是否包含恶意软件。 如果文件是恶意的,客户端将使用本地恶意软件定义更新来修复恶意软件。
-
公开(公告)号:US08516587B1
公开(公告)日:2013-08-20
申请号:US13780663
申请日:2013-02-28
申请人: Symantec Corporation
发明人: Carey S. Nachenberg
IPC分类号: G06F15/16
CPC分类号: H04L63/145 , G06F21/565 , G06F2221/2151
摘要: Techniques for classifying unknown files taking into account temporal proximity between unknown files and files with known classifications are disclosed. In response to a classification request for a target file, client systems hosting (or hosted) instances of the target file are identified. For each system, files created around the time the target file was created on the system are identified. Within the identified files, files with known classifications are identified, and a score is determined for each such file to measure temporal proximity between the creation of the file and the creation of the target file. Local temporal proximity scores aggregate the scores for the client system. Global temporal proximity scores measures an aspect of the local temporal proximity scores for all identified client systems. The global temporal proximity scores are fed into a classifier to determine a classification, which is returned in response to the classification request.
-
公开(公告)号:US09613213B2
公开(公告)日:2017-04-04
申请号:US14341183
申请日:2014-07-25
申请人: Symantec Corporation
发明人: Shane Pereira , Carey S. Nachenberg
CPC分类号: G06F21/566 , G06F21/564 , H04L63/14
摘要: Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update.
-
公开(公告)号:US20140337979A1
公开(公告)日:2014-11-13
申请号:US14341183
申请日:2014-07-25
申请人: Symantec Corporation
发明人: Shane Pereira , Carey S. Nachenberg
IPC分类号: G06F21/56
CPC分类号: G06F21/566 , G06F21/564 , H04L63/14
摘要: Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update.
摘要翻译: 客户将遥测数据发送到云服务器,其中遥测数据包括与客户端检测到的安全相关信息,如文件创建,时间戳和恶意软件。 云服务器分析遥测数据,以识别目前在客户端之间传播的恶意软件。 基于对遥测数据的分析,云服务器将云定义数据库中的恶意软件定义分为一组本地恶意软件定义和一组云恶意软件定义。 云服务器将本地恶意软件定义作为本地恶意软件定义更新提供给客户端,并从客户端回复云定义查找请求,并指示请求中标识的文件是否包含恶意软件。 如果文件是恶意的,客户端将使用本地恶意软件定义更新来修复恶意软件。
-
公开(公告)号:US08826431B2
公开(公告)日:2014-09-02
申请号:US13682288
申请日:2012-11-20
申请人: Symantec Corporation
发明人: Shane Pereira , Carey S. Nachenberg
CPC分类号: G06F21/566 , G06F21/564 , H04L63/14
摘要: Clients send telemetry data to a cloud server, where the telemetry data includes security-related information such as file creations, timestamps and malware detected at the clients. The cloud server analyzes the telemetry data to identify malware that is currently spreading among the clients. Based on the analysis of the telemetry data, the cloud server segments malware definitions in a cloud definition database into a set of local malware definitions and a set of cloud malware definitions. The cloud server provides the set of local malware definitions to the clients as a local malware definition update, and replies to cloud definition lookup requests from clients with an indication of whether a file identified in a request contains malware. If the file is malicious, the client remediates the malware using local malware definition update.
摘要翻译: 客户将遥测数据发送到云服务器,其中遥测数据包括与客户端检测到的安全相关信息,如文件创建,时间戳和恶意软件。 云服务器分析遥测数据,以识别目前在客户端之间传播的恶意软件。 基于对遥测数据的分析,云服务器将云定义数据库中的恶意软件定义分为一组本地恶意软件定义和一组云恶意软件定义。 云服务器将本地恶意软件定义作为本地恶意软件定义更新提供给客户端,并从客户端回复云定义查找请求,并指示请求中标识的文件是否包含恶意软件。 如果文件是恶意的,客户端将使用本地恶意软件定义更新来修复恶意软件。
-
公开(公告)号:US20160255115A1
公开(公告)日:2016-09-01
申请号:US14690340
申请日:2015-04-17
申请人: Symantec Corporation
CPC分类号: H04L63/20 , H04L63/1433
摘要: The efficacy of security products and practices is quantified, based on monitored activities and conditions on multiple computers over time. A set of metrics is defined, specifying what criteria concerning computer security systems are to be quantified. Telemetry data concerning the defined metrics are collected from multiple computers, such as the customer base of a security product vendor. Security configuration information such as the deployments and settings of security systems on computing devices is monitored. This monitored information tracks what security products are deployed on which machines, and how these products are configured and used. Collected telemetry is correlated with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security incidents, operations and other types of actions occur. The determined correlations are amalgamated, amalgamated correlation information is analyzed, and the efficacy of specific security products and configurations is quantified.
摘要翻译: 基于多台电脑随时间的监控活动和条件,量化安全产品和做法的效力。 定义一组度量,指定要量化计算机安全系统的哪些标准。 关于定义的度量的遥测数据从多台计算机收集,例如安全产品供应商的客户群。 监视安全配置信息,例如计算设备上的安全系统的部署和设置。 此监视的信息跟踪哪些安全产品部署在哪些计算机上,以及如何配置和使用这些产品。 收集的遥测与监控的配置信息相关,可以确定在发生特定安全事件,操作和其他类型的操作时,什么安全产品部署和设置。 确定的相关性是合并的,合并的相关信息被分析,并且量化特定安全产品和配置的功效。
-
公开(公告)号:US09940470B2
公开(公告)日:2018-04-10
申请号:US14876403
申请日:2015-10-06
申请人: Symantec Corporation
CPC分类号: G06F21/62 , G06F9/45558 , G06F21/31 , G06F21/53 , G06F21/60 , G06F21/6218 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , H04L63/08 , H04L63/10 , H04L63/14 , H04L63/1408 , H04L67/1097
摘要: Techniques for generating a virtual private container (VPC) are disclosed. In one embodiment, the techniques may be realized as a virtual container defining a self-contained software environment, comprising one or more analytic components configured to carry out specified analytic functions on data within the container, wherein the one or more analytic components are isolated to run within the self-contained software environment of the container; an interface configured to identify and authenticate a particular user and provide analysis results generated by the one or more analytic components; and a gateway configured to receive data from one or more secure data sources external to the virtual container and associated with the particular user for use by the one or more analytic components.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.018 秒)
