专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08959568B2 Enterprise security assessment sharing 有权
标题翻译：企业安全评估共享
公开(公告)号：US08959568B2
公开(公告)日：2015-02-17
申请号：US11724061
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F11/00
CPC分类号： H04L63/20 , G06F21/552 , G06F21/577 , H04L41/0803 , H04L41/0893 , H04L63/1425
摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.
摘要翻译：企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。其暂定性质体现在其两个组成部分：用于表达对评估的信心程度的忠实领域，以及评估有效的估计时间段的实时生存领域。端点可以将安全评估发布到安全评估通道上，并订阅其他端点发布的安全评估子集。通过订阅所有安全性评估，记录安全性评估以及记录端点响应安全威胁所采取的本地操作，专用端点与作为集中审核点执行的通道相连。

2. 发明授权

US08955105B2 Endpoint enabled for enterprise security assessment sharing 有权
标题翻译：端点启用企业安全评估共享
公开(公告)号：US08955105B2
公开(公告)日：2015-02-10
申请号：US11724060
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F11/00
CPC分类号： H04L63/20 , H04L63/02
摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.
摘要翻译：企业范围的共享安排使用称为安全评估的语义抽象来在名为端点的安全产品之间共享安全相关信息。安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。端点使用包含通用评估共享代理和公共评估生成代理的架构。共同评估共享代理被安排用于订阅安全性评估，向安全评估发布安全评估，保持对通道上配置更改的意识（例如，添加或删除新端点时），并实施安全功能，如授权，验证和加密。常见的评估生成引擎处理与安全评估相关联的端点行为，包括基于已过期的评估的评估生成，取消，跟踪和回滚操作。公共评估产生引擎生成并发送指示采取哪些本地动作的消息。

3. 发明授权

US08538934B2 Contextual gravitation of datasets and data services 有权
标题翻译：数据集和数据服务的语境引力
公开(公告)号：US08538934B2
公开(公告)日：2013-09-17
申请号：US13284140
申请日：2011-10-28
申请人： Efim Hudis , Christopher Kelly Eakins
发明人： Efim Hudis , Christopher Kelly Eakins
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F17/30297 , G06F17/30312
摘要： Through proactive structured dataset management, suggestions are made for dataset enrichment, cleansing, and other enhancements. Users need not go looking for potentially helpful datasets online or in an enterprise filesystem, because relevant datasets and services will be automatically suggested, based on a samplex cast from the user's dataset. Enrichment may add typed attributes, rows, and/or cell values from a matching dataset, may cleanse data, and may add another dataset which has data about the same entity as the original dataset. Proactive dataset and service matching occurs inside a security perimeter to protect confidentiality. Confidence in suggested modifications may be shown by color differences. Modifications may be previewed, and kept or reverted after acceptance. Suggestions are made in from-example or from-scratch scenarios. Samplex, preview, modification, and other modules reside in an architecture that supports a variety of data sources and dataset service providers, in an auction or other market.
摘要翻译：通过积极的结构化数据集管理，提出了数据集的丰富，清理和其他增强功能的建议。用户不需要在线或企业文件系统中查找潜在的有用数据集，因为将根据用户数据集中的samplex转换自动建议相关的数据集和服务。丰富可以从匹配的数据集中添加类型化属性，行和/或单元格值，可以清除数据，并可能添加另一个数据集，该数据集具有与原始数据集相同的实体的数据。主动数据集和服务匹配发生在安全边界内，以保护机密性。对建议修改的置信度可能会通过颜色差异来显示。修改可以预览，并在验收后保留或恢复。建议是从示例或从零开始的情况。 Samplex，预览，修改和其他模块驻留在支持各种数据源和数据集服务提供商的体系结构中，在拍卖或其他市场中。

4. 发明申请

US20130117012A1 KNOWLEDGE BASED PARSING 审中-公开
标题翻译：基于知识的分类
公开(公告)号：US20130117012A1
公开(公告)日：2013-05-09
申请号：US13288942
申请日：2011-11-03
申请人： Yifat Orlin , Elad Ziklik , Gal Novik , Neta Haiby , Efim Hudis , Meir Raviv , Joseph I. Malka
发明人： Yifat Orlin , Elad Ziklik , Gal Novik , Neta Haiby , Efim Hudis , Meir Raviv , Joseph I. Malka
IPC分类号： G06F17/27
CPC分类号： G06Q10/00 , G06F17/277
摘要： The subject disclosure generally relates to parsing unstructured data based on knowledge of domains related to the unstructured data. A domain identification component can identify a set of domains related to a term in a data set. An inspection component can identify unmatched words, and unmatched related domains. A correlation component can compare the unmatched words to known values for the unmatched domains, and a manager component can match the unmatched words with the unmatched domains based on the comparison. In addition, combinations of the words can be generated based on a set of predetermined rules, and compared to the unmatched domains. Furthermore, delimiter based parsing can be employed to augment the knowledge based parsing.
摘要翻译：主题公开通常涉及基于与非结构化数据相关的域的知识来解析非结构化数据。域识别组件可以标识与数据集中的术语相关的一组域。检查组件可以识别不匹配的单词和不匹配的相关域。相关分量可以将不匹配的词与未匹配的域的已知值进行比较，并且管理器组件可以基于比较将不匹配的词与不匹配的域进行匹配。此外，可以基于一组预定规则来生成单词的组合，并且与不匹配的域进行比较。此外，可以使用基于分隔符的解析来增加基于知识的解析。

5. 发明申请

US20100241974A1 Controlling Malicious Activity Detection Using Behavioral Models 有权
标题翻译：使用行为模型控制恶意活动检测
公开(公告)号：US20100241974A1
公开(公告)日：2010-09-23
申请号：US12408453
申请日：2009-03-20
申请人： Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人： Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
IPC分类号： G06F21/00 , G06F3/048
CPC分类号： G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
摘要翻译：描述了系统，方法和计算机程序产品，用于基于与相应的信息技术资产相关联的行为模型来控制关于信息技术资产的恶意活动检测。与行为模型相关的保护规则和相应的敏感性被保护服务应用于检测信息技术资产的恶意活动。

6. 发明申请

US20080244748A1 Detecting compromised computers by correlating reputation data with web access logs 有权
标题翻译：通过将声誉数据与Web访问日志相关联来检测受感染的计算机
公开(公告)号：US20080244748A1
公开(公告)日：2008-10-02
申请号：US11824649
申请日：2007-06-30
申请人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
发明人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
IPC分类号： G06F11/00
CPC分类号： H04L63/1425 , H04L63/308
摘要： Compromised host computers in an enterprise network environment comprising a plurality of security products called endpoints are detected in an automated manner by an arrangement in which a reputation service provides updates to identify resources including website URIs (Universal Resource Identifiers) and IP addresses (collectively “resources”) whose reputations have changed and represent potential threats or adversaries to the enterprise network. Responsively to the updates, a malware analyzer, which can be configured as a standalone endpoint, or incorporated into an endpoint having anti-virus/malware detection capability, or incorporated into the reputation service, will analyze logs maintained by another endpoint (typically a firewall, router, proxy server, or gateway) to identify, in a retroactive manner over some predetermined time window, those client computers in the environment that had any past communications with a resource that is newly categorized by the reputation service as malicious. Every client computer so identified is likely to be compromised.
摘要翻译：在企业网络环境中包含被称为端点的多个安全产品的被破坏的主计算机以自动方式被检测，其中信誉服务提供更新以识别包括网站URI（通用资源标识符）和IP地址（统称为“资源”）的资源 “），其声誉已经改变，代表企业网络的潜在威胁或对手。响应于更新，可以配置为独立端点或并入具有防病毒/恶意软件检测功能或并入信誉服务的端点的恶意软件分析器将分析由另一个端点（通常为防火墙）维护的日志，路由器，代理服务器或网关）以某种预定时间窗口的追溯方式，将与信誉服务新分类的资源的任何过去通信的环境中的那些客户端计算机识别为恶意的。如此确定的每台客户端计算机都可能受到威胁。

7. 发明申请

US20080244694A1 Automated collection of forensic evidence associated with a network security incident 有权
标题翻译：自动收集与网络安全事件相关的法医证据
公开(公告)号：US20080244694A1
公开(公告)日：2008-10-02
申请号：US11824732
申请日：2007-06-30
申请人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
发明人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
IPC分类号： H04L9/00
CPC分类号： H04L63/1425 , H04L63/308
摘要： An automated collection of forensic evidence associated with a security incident is provided by an arrangement in which different security products called endpoints in an enterprise network are enabled for sharing security-related information over a common communication channel using an abstraction called a security assessment. A security assessment is generally configured to indicate an endpoint's understanding of a detected security incident that pertains to an object in the environment which may include users, computers, IP addresses, and website URIs (Universal Resource Identifiers). The security assessment is published by the endpoint into the channel and received by subscribing endpoints. The security assessment triggers the receiving endpoints to go into a more comprehensive or detailed mode of evidence collection. In addition, any forensic evidence having relevance to the security incident that may have already been collected prior to the detection will be marked for retention so that it is not otherwise deleted.
摘要翻译：与安全事件相关联的法医证据的自动收集由一种安排提供，其中使企业网络中称为端点的不同安全产品能够使用称为安全性评估的抽象通过公共通信信道共享与安全相关的信息。通常，安全性评估被配置为指示端点对于可能包括用户，计算机，IP地址和网站URI（通用资源标识符）的环境中的对象的检测到的安全事件的理解。安全评估由端点发布到信道中，并由订阅端点接收。安全评估使得接收端点进入更全面或详细的证据收集模式。此外，与检测前已经收集到的安全事件相关的任何法医证据将被标记为保留，以免另外删除。

8. 发明授权

US08955134B2 Malicious code infection cause-and-effect analysis 有权
标题翻译：恶意代码感染原因分析
公开(公告)号：US08955134B2
公开(公告)日：2015-02-10
申请号：US13369225
申请日：2012-02-08
申请人： Gregory D. Hartrell , David J. Steeves , Efim Hudis
发明人： Gregory D. Hartrell , David J. Steeves , Efim Hudis
IPC分类号： G06F21/00 , G06F21/55
CPC分类号： G06F21/552 , G06F21/565 , G06F2221/034 , H04L63/1416 , H04L63/1425
摘要： A malware analysis system for automating cause and effect analysis of malware infections is provided. The malware analysis system monitors and records computer system activities. Upon being informed of a suspected malware infection, the malware analysis system creates a time-bounded snapshot of the monitored activities that were conducted within a time frame prior to the notification of the suspected malware infection. The malware analysis system may also create a time-bounded snapshot of the monitored activities that are conducted within a time frame subsequent to the notification of the suspected malware infection. The malware analysis system provides the created snapshot or snapshots for further analysis.
摘要翻译：提供了恶意软件感染自动分析的恶意软件分析系统。恶意软件分析系统监控和记录计算机系统活动。在被通知疑似恶意软件感染后，恶意软件分析系统会在通知疑似恶意软件感染之前的一段时间内创建受监视活动的有时限的快照。恶意软件分析系统还可能会在通知疑似恶意软件感染后的时间内为受监视的活动创建时间有限的快照。恶意软件分析系统提供创建的快照或快照进行进一步分析。

9. 发明授权

US08881223B2 Enterprise security assessment sharing for off-premise users using globally distributed infrastructure 有权
标题翻译：使用全球分布式基础设施的外部用户的企业安全评估共享
公开(公告)号：US08881223B2
公开(公告)日：2014-11-04
申请号：US12192111
申请日：2008-08-14
申请人： Efim Hudis , Yigal Edery , Oleg Ananiev , John Wohlfert , Nir Nice
发明人： Efim Hudis , Yigal Edery , Oleg Ananiev , John Wohlfert , Nir Nice
IPC分类号： G06F17/00 , G06Q30/02 , G06F17/30 , H04L29/06 , G06F21/55 , G06F21/56 , G06F21/62
CPC分类号： G06F21/56 , G06F17/30867 , G06F21/55 , G06F21/629 , G06F2221/2115 , G06F2221/2141 , G06F2221/2149 , G06F2221/2151 , G06Q30/0204 , G06Q30/0215 , H04L63/0281 , H04L63/14 , H04L63/20
摘要： Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
摘要翻译：启用安全内容管理作为基于云的服务，通过该服务可以为内部部署的网络用户和非内部部署或漫游用户实施安全保护和策略强制。全球SCM服务将通常由企业网络SCM设备硬件或服务器提供的安全功能（如防病毒，间谍软件和网络钓鱼保护，防火墙，入侵检测，集中管理等）集成到基于云的用户通过基于互联网的在线点（“POPs”）达成的服务。 POPs配置有转发代理服务器，在某些实现中，缓存和网络加速组件，并耦合到提供配置管理和身份管理服务（如主动目录服务）的集线器。

10. 发明授权

US08677479B2 Detection of adversaries through collection and correlation of assessments 有权
标题翻译：通过收集和相关评估来检测对手
公开(公告)号：US08677479B2
公开(公告)日：2014-03-18
申请号：US11893934
申请日：2007-08-17
申请人： John Neystadt , Efim Hudis
发明人： John Neystadt , Efim Hudis
IPC分类号： H04L29/06
CPC分类号： G06F21/552 , G06F21/577 , H04L9/3263 , H04L63/0823 , H04L63/10 , H04L63/101 , H04L63/1416 , H04L2209/76 , H04L2463/144
摘要： An automated arrangement for detecting adversaries is provided in which assessments of detected adversaries are reported to a reputation service from security devices, such as unified threat management systems in deployed customer networks. By using actual deployed networks, the number of available sensors can be very large to increase the scope of the adversary detection, while still observing real attacks and threats including those that are targeted to small sets of customers. The reputation service performs a number of correlations and validations on the received assessments to then return a reputation back to the security device in the enterprise network that can be used for blocking adversaries, but only when multiple, distinct sources report the same adversary in their assessments to thus ensure that the reputation is accurate and reliable.
摘要翻译：提供了用于检测对手的自动化安排，其中检测到的对手的评估被报告给来自安全设备（诸如部署的客户网络中的统一威胁管理系统）的信誉服务。通过使用实际部署的网络，可用传感器的数量可能非常大，以增加对手检测的范围，同时仍然观察到真正的攻击和威胁，包括针对小型客户的攻击和威胁。信誉服务对接收到的评估执行一些相关性和验证，然后将声誉返回到可用于阻止对手的企业网络中的安全设备，但只有当多个不同来源在其评估中报告相同的对手时从而确保声誉准确可靠。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式