GB2584585B8 - Monitoring variations in observable events for threat detection - Google Patents

Monitoring variations in observable events for threat detection Download PDF

Info

Publication number
GB2584585B8
GB2584585B8 GB1713290.3A GB201713290A GB2584585B8 GB 2584585 B8 GB2584585 B8 GB 2584585B8 GB 201713290 A GB201713290 A GB 201713290A GB 2584585 B8 GB2584585 B8 GB 2584585B8
Authority
GB
United Kingdom
Prior art keywords
threat detection
observable events
monitoring variations
monitoring
variations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1713290.3A
Other versions
GB2584585A (en
GB201713290D0 (en
GB2584585B (en
Inventor
D Ray Kenneth
D Harris Mark
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/570,578 external-priority patent/US9419989B2/en
Priority claimed from US14/570,188 external-priority patent/US9571512B2/en
Priority claimed from US14/569,944 external-priority patent/US9774613B2/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Publication of GB201713290D0 publication Critical patent/GB201713290D0/en
Publication of GB2584585A publication Critical patent/GB2584585A/en
Application granted granted Critical
Publication of GB2584585B publication Critical patent/GB2584585B/en
Publication of GB2584585B8 publication Critical patent/GB2584585B8/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)
GB1713290.3A 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection Active GB2584585B8 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14/570,578 US9419989B2 (en) 2014-12-15 2014-12-15 Threat detection using URL cache hits
US14/570,188 US9571512B2 (en) 2014-12-15 2014-12-15 Threat detection using endpoint variance
US14/569,944 US9774613B2 (en) 2014-12-15 2014-12-15 Server drift monitoring
GB1711325.9A GB2554159B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Publications (4)

Publication Number Publication Date
GB201713290D0 GB201713290D0 (en) 2017-10-04
GB2584585A GB2584585A (en) 2020-12-16
GB2584585B GB2584585B (en) 2021-03-24
GB2584585B8 true GB2584585B8 (en) 2021-11-03

Family

ID=54979861

Family Applications (5)

Application Number Title Priority Date Filing Date
GB1713286.1A Active GB2555690B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1713290.3A Active GB2584585B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1713287.9A Active GB2555691B (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1711325.9A Active GB2554159B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GBGB1711327.5A Pending GB201711327D0 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB1713286.1A Active GB2555690B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Family Applications After (3)

Application Number Title Priority Date Filing Date
GB1713287.9A Active GB2555691B (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GB1711325.9A Active GB2554159B8 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection
GBGB1711327.5A Pending GB201711327D0 (en) 2014-12-15 2015-12-02 Monitoring variations in observable events for threat detection

Country Status (2)

Country Link
GB (5) GB2555690B8 (en)
WO (1) WO2016097686A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9419989B2 (en) 2014-12-15 2016-08-16 Sophos Limited Threat detection using URL cache hits
US9774613B2 (en) 2014-12-15 2017-09-26 Sophos Limited Server drift monitoring
US9571512B2 (en) 2014-12-15 2017-02-14 Sophos Limited Threat detection using endpoint variance
US10462173B1 (en) * 2016-06-30 2019-10-29 Fireeye, Inc. Malware detection verification and enhancement by coordinating endpoint and malware detection systems

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6430615B1 (en) * 1998-03-13 2002-08-06 International Business Machines Corporation Predictive model-based measurement acquisition employing a predictive model operating on a manager system and a managed system
US6671811B1 (en) * 1999-10-25 2003-12-30 Visa Internation Service Association Features generation for use in computer network intrusion detection
CA2464430A1 (en) * 2003-04-16 2004-10-16 Wms Gaming Inc. Layered security methods and apparatus in a gaming system environment
US20060020924A1 (en) * 2004-06-15 2006-01-26 K5 Systems Inc. System and method for monitoring performance of groupings of network infrastructure and applications using statistical analysis
US8533818B1 (en) * 2006-06-30 2013-09-10 Symantec Corporation Profiling backup activity
US7634479B2 (en) * 2006-12-29 2009-12-15 Trend Micro Incorporated Pre-populating local URL rating cache
US8312536B2 (en) * 2006-12-29 2012-11-13 Symantec Corporation Hygiene-based computer security
US8028061B2 (en) * 2007-10-18 2011-09-27 Trendium, Inc. Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes
US8566932B1 (en) * 2009-07-31 2013-10-22 Symantec Corporation Enforcing good network hygiene using reputation-based automatic remediation
US8800030B2 (en) * 2009-09-15 2014-08-05 Symantec Corporation Individualized time-to-live for reputation scores of computer files
US8229930B2 (en) * 2010-02-01 2012-07-24 Microsoft Corporation URL reputation system
US20130339515A1 (en) * 2012-06-13 2013-12-19 International Business Machines Corporation Network service functionality monitor and controller
US8984331B2 (en) * 2012-09-06 2015-03-17 Triumfant, Inc. Systems and methods for automated memory and thread execution anomaly detection in a computer network
GB2505533B (en) * 2012-12-14 2014-07-09 F Secure Corp Security method and apparatus
US9311480B2 (en) * 2013-03-15 2016-04-12 Mcafee, Inc. Server-assisted anti-malware client
US10382454B2 (en) * 2014-09-26 2019-08-13 Mcafee, Llc Data mining algorithms adopted for trusted execution environment
US10033766B2 (en) * 2015-06-05 2018-07-24 Cisco Technology, Inc. Policy-driven compliance

Also Published As

Publication number Publication date
GB2554159A (en) 2018-03-28
GB2554159B8 (en) 2021-11-03
GB2555690B8 (en) 2021-11-03
GB2555691B (en) 2020-05-06
GB2555690A (en) 2018-05-09
GB2584585A (en) 2020-12-16
GB201713287D0 (en) 2017-10-04
GB201713286D0 (en) 2017-10-04
WO2016097686A1 (en) 2016-06-23
GB2555690B (en) 2020-07-15
GB2555691A (en) 2018-05-09
GB201711327D0 (en) 2017-08-30
GB201713290D0 (en) 2017-10-04
GB2584585B (en) 2021-03-24
GB2554159B (en) 2020-02-26

Similar Documents

Publication Publication Date Title
GB2533284B (en) Performing object detection
EP3407317C0 (en) Tamper detection
GB201408100D0 (en) Detection method
GB201413707D0 (en) Usage monitoring system and metod
GB201408516D0 (en) Neutron detection
GB201413708D0 (en) Leak detection system
SG11201702459VA (en) Event-specific detection methods
GB2555691B (en) Monitoring variations in observable events for threat detection
GB2521885B (en) Detection device
GB2518472B (en) Metal-theft detection device
GB201411568D0 (en) Detection
GB201405556D0 (en) Neutron detection
IL251155A0 (en) Impairment detection
GB2532838B (en) Monitoring system with position detection
GB2547600B (en) Devices and methods for detecting norovirus on surfaces
SG10201406350UA (en) An event detection method
GB2529306B (en) Electricity detection device
GB201707731D0 (en) Detection system
SG11201610262TA (en) Object detection system
GB201416459D0 (en) Detection method
GB201402174D0 (en) Detection method
GB201516218D0 (en) Detection system
GB201508766D0 (en) Detection system
GB201404343D0 (en) Tamper detection
GB201416158D0 (en) Detection device

Legal Events

Date Code Title Description
S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021

S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 26 OCTOBER 2021