GB2614426B - Enterprise network threat detection - Google Patents

Enterprise network threat detection Download PDF

Info

Publication number: GB2614426B
Authority: GB; United Kingdom
Prior art keywords: enterprise network; threat detection; network threat; detection; enterprise
Prior art date: 2018-08-31
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.): Active

Application number

GB2216902.3A

Other versions

GB202216902D0 (en

GB2614426A (en

Inventor

Ladnai Beata

David Harris Mark

G P Smith Andrew

J Thomas Andrew

Humphries Russell

D Ray Kenneth

Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)

Sophos Ltd

Original Assignee

Sophos Ltd

Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)

2018-08-31

Filing date

2019-08-13

Publication date

2023-10-11

2018-09-12 Priority claimed from US16/129,113 external-priority patent/US11297073B2/en

2019-08-13 Application filed by Sophos Ltd filed Critical Sophos Ltd

2022-12-28 Publication of GB202216902D0 publication Critical patent/GB202216902D0/en

2023-07-05 Publication of GB2614426A publication Critical patent/GB2614426A/en

2023-10-11 Application granted granted Critical

2023-10-11 Publication of GB2614426B publication Critical patent/GB2614426B/en

Status Active legal-status Critical Current

2039-08-13 Anticipated expiration legal-status Critical

Links

238000001514 detection method Methods 0.000 title 1

Classifications

- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/01—Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
- G06N5/046—Forward inferencing; Production systems
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06395—Quality analysis or management
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic

Landscapes

Engineering & Computer Science (AREA)
Computer Security & Cryptography (AREA)
Theoretical Computer Science (AREA)
General Engineering & Computer Science (AREA)
Business, Economics & Management (AREA)
Software Systems (AREA)
Computer Hardware Design (AREA)
Computing Systems (AREA)
Human Resources & Organizations (AREA)
Physics & Mathematics (AREA)
General Physics & Mathematics (AREA)
Computer Networks & Wireless Communication (AREA)
Signal Processing (AREA)
Data Mining & Analysis (AREA)
Evolutionary Computation (AREA)
Mathematical Physics (AREA)
Artificial Intelligence (AREA)
Strategic Management (AREA)
Entrepreneurship & Innovation (AREA)
Economics (AREA)
Computational Linguistics (AREA)
Development Economics (AREA)
Educational Administration (AREA)
Marketing (AREA)
Game Theory and Decision Science (AREA)
Operations Research (AREA)
Quality & Reliability (AREA)
Tourism & Hospitality (AREA)
General Business, Economics & Management (AREA)
Virology (AREA)
General Health & Medical Sciences (AREA)
Health & Medical Sciences (AREA)
Computer Vision & Pattern Recognition (AREA)
Medical Informatics (AREA)
Computer And Data Communications (AREA)
Alarm Systems (AREA)

GB2216902.3A 2018-08-31 2019-08-13 Enterprise network threat detection Active GB2614426B (en)

Applications Claiming Priority (9)

Application Number	Priority Date	Filing Date	Title
US201862726174P	2018-08-31	2018-08-31
US16/129,113 US11297073B2 (en)	2018-08-31	2018-09-12	Forensic query of local event streams in an enterprise network
US16/128,953 US11552962B2 (en)	2018-08-31	2018-09-12	Computer assisted identification of intermediate level threats
US16/129,183 US10938839B2 (en)	2018-08-31	2018-09-12	Threat detection with business impact scoring
US16/129,143 US10972485B2 (en)	2018-08-31	2018-09-12	Enterprise network threat detection
US16/129,087 US20200076833A1 (en)	2018-08-31	2018-09-12	Dynamic filtering of endpoint event streams
US16/128,984 US10938838B2 (en)	2018-08-31	2018-09-12	Computer augmented threat evaluation
US201962874758P	2019-07-16	2019-07-16
GB2103617.3A GB2592132B (en)	2018-08-31	2019-08-13	Enterprise network threat detection

Publications (3)

Publication Number	Publication Date
GB202216902D0 GB202216902D0 (en)	2022-12-28
GB2614426A GB2614426A (en)	2023-07-05
GB2614426B true GB2614426B (en)	2023-10-11

Family

ID=69643045

Family Applications (2)

Application Number	Title	Priority Date	Filing Date
GB2216902.3A Active GB2614426B (en)	2018-08-31	2019-08-13	Enterprise network threat detection
GB2103617.3A Active GB2592132B (en)	2018-08-31	2019-08-13	Enterprise network threat detection

Family Applications After (1)

Application Number	Title	Priority Date	Filing Date
GB2103617.3A Active GB2592132B (en)	2018-08-31	2019-08-13	Enterprise network threat detection

Country Status (2)

Country	Link
GB (2)	GB2614426B (en)
WO (1)	WO2020046575A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US11966502B2 (en)	2020-03-17	2024-04-23	Forensifile, Llc	Digital file forensic accounting and management system
CN113537262B (en) *	2020-04-20	2024-05-28	深信服科技股份有限公司	Data analysis method, device, equipment and readable storage medium
CN111786950B (en) *	2020-05-28	2023-10-27	中国平安财产保险股份有限公司	Network security monitoring method, device, equipment and medium based on situation awareness
US12086265B2 (en) *	2022-01-19	2024-09-10	Dell Products L.P.	Automatically performing varied security scans on distributed files using machine learning techniques

Citations (6)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US20160173510A1 (en) *	2014-12-15	2016-06-16	Sophos Limited	Threat detection using url cache hits
US20170063903A1 (en) *	2015-08-31	2017-03-02	Splunk Inc.	Event views in data intake stage of machine data processing platform
US9727726B1 (en) *	2013-12-19	2017-08-08	Amazon Technologies, Inc.	Intrusion detection using bus snooping
US20170346835A1 (en) *	2014-12-15	2017-11-30	Sophos Limited	Server drift monitoring
US20180091535A1 (en) *	2016-09-23	2018-03-29	Sap Se	Snapshot of a forensic investigation for enterprise threat detection
US9934378B1 (en) *	2015-04-21	2018-04-03	Symantec Corporation	Systems and methods for filtering log files

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
WO2014152469A1 (en) *	2013-03-18	2014-09-25	The Trustees Of Columbia University In The City Of New York	Unsupervised anomaly-based malware detection using hardware features
US9690938B1 (en) *	2015-08-05	2017-06-27	Invincea, Inc.	Methods and apparatus for machine learning based malware detection
CN106682495B (en) *	2016-11-11	2020-01-10	腾讯科技（深圳）有限公司	Safety protection method and safety protection device
US10360380B2 (en) *	2017-01-19	2019-07-23	Cylance Inc.	Advanced malware classification
US10205735B2 (en) *	2017-01-30	2019-02-12	Splunk Inc.	Graph-based network security threat detection across time and entities
RU2659737C1 (en) *	2017-08-10	2018-07-03	Акционерное общество "Лаборатория Касперского"	System and method of managing computing resources for detecting malicious files
US10984122B2 (en) *	2018-04-13	2021-04-20	Sophos Limited	Enterprise document classification

2019
- 2019-08-13 GB GB2216902.3A patent/GB2614426B/en active Active
- 2019-08-13 GB GB2103617.3A patent/GB2592132B/en active Active
- 2019-08-13 WO PCT/US2019/046316 patent/WO2020046575A1/en active Application Filing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US9727726B1 (en) *	2013-12-19	2017-08-08	Amazon Technologies, Inc.	Intrusion detection using bus snooping
US20160173510A1 (en) *	2014-12-15	2016-06-16	Sophos Limited	Threat detection using url cache hits
US20170346835A1 (en) *	2014-12-15	2017-11-30	Sophos Limited	Server drift monitoring
US9934378B1 (en) *	2015-04-21	2018-04-03	Symantec Corporation	Systems and methods for filtering log files
US20170063903A1 (en) *	2015-08-31	2017-03-02	Splunk Inc.	Event views in data intake stage of machine data processing platform
US20180091535A1 (en) *	2016-09-23	2018-03-29	Sap Se	Snapshot of a forensic investigation for enterprise threat detection

Also Published As

Publication number	Publication date
GB2592132A (en)	2021-08-18
WO2020046575A1 (en)	2020-03-05
GB2592132B (en)	2023-01-04
GB202103617D0 (en)	2021-04-28
GB202216902D0 (en)	2022-12-28
GB2614426A (en)	2023-07-05

Publication	Publication Date	Title
GB2587966B (en)	2022-12-14	Network security
EP3593508A4 (en)	2020-02-26	Identifying malicious network devices
EP3731489B8 (en)	2022-12-28	Improved network anomaly detection
EP3368997A4 (en)	2019-06-19	Network aware distributed business transaction anomaly detection
GB2587749B (en)	2021-08-25	Cyber defence system
GB202018989D0 (en)	2021-01-13	Malware detection
GB2614426B (en)	2023-10-11	Enterprise network threat detection
EP3756324A4 (en)	2021-10-06	Network security
EP3281116A4 (en)	2018-08-15	Systems and methods for generating network threat intelligence
GB2573651B (en)	2020-05-06	Network vulnerability assessment
GB201801767D0 (en)	2018-03-21	Network testing
SG11202100815XA (en)	2021-02-25	Cyber defence system
GB2575052B (en)	2023-04-26	Phishing detection
EP3378208A4 (en)	2019-06-19	Handling network threats
GB2584120B (en)	2023-04-05	Network security
GB202209120D0 (en)	2022-08-10	Identifying threats
GB2568091B (en)	2020-04-22	Threat detection system
GB2574093B (en)	2020-10-07	Malware barrier
GB2569568B (en)	2021-02-24	Threat detection system
GB2583931B (en)	2021-10-06	Network vulnerability detection
GB2572155B (en)	2022-12-28	Threat detection system
GB201802257D0 (en)	2018-03-28	Network
GB201819711D0 (en)	2019-01-16	Multi factor network anomaly detection
GB2580317B (en)	2022-03-16	Threat forecasting
GB2611724B (en)	2023-08-09	Phishing detection