专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08959568B2 Enterprise security assessment sharing 有权
标题翻译：企业安全评估共享
公开(公告)号：US08959568B2
公开(公告)日：2015-02-17
申请号：US11724061
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F11/00
CPC分类号： H04L63/20 , G06F21/552 , G06F21/577 , H04L41/0803 , H04L41/0893 , H04L63/1425
摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.
摘要翻译：企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。其暂定性质体现在其两个组成部分：用于表达对评估的信心程度的忠实领域，以及评估有效的估计时间段的实时生存领域。端点可以将安全评估发布到安全评估通道上，并订阅其他端点发布的安全评估子集。通过订阅所有安全性评估，记录安全性评估以及记录端点响应安全威胁所采取的本地操作，专用端点与作为集中审核点执行的通道相连。

2. 发明授权

US08955105B2 Endpoint enabled for enterprise security assessment sharing 有权
标题翻译：端点启用企业安全评估共享
公开(公告)号：US08955105B2
公开(公告)日：2015-02-10
申请号：US11724060
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F11/00
CPC分类号： H04L63/20 , H04L63/02
摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.
摘要翻译：企业范围的共享安排使用称为安全评估的语义抽象来在名为端点的安全产品之间共享安全相关信息。安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。端点使用包含通用评估共享代理和公共评估生成代理的架构。共同评估共享代理被安排用于订阅安全性评估，向安全评估发布安全评估，保持对通道上配置更改的意识（例如，添加或删除新端点时），并实施安全功能，如授权，验证和加密。常见的评估生成引擎处理与安全评估相关联的端点行为，包括基于已过期的评估的评估生成，取消，跟踪和回滚操作。公共评估产生引擎生成并发送指示采取哪些本地动作的消息。

3. 发明授权

US08413247B2 Adaptive data collection for root-cause analysis and intrusion detection 有权
标题翻译：根本原因分析和入侵检测的自适应数据收集
公开(公告)号：US08413247B2
公开(公告)日：2013-04-02
申请号：US11717978
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F21/00
CPC分类号： H04L63/1433 , G06F21/552
摘要： Endpoints in an enterprise security environment are configured to adaptively switch from their normal data collection mode to a long-term, detailed data collection mode where advanced analyses are applied to the collected detailed data. Such adaptive data collection and analysis is triggered upon the receipt of a security assessment of a particular type, where a security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information (i.e., data in some context) that is collected about an object of interest. A specialized endpoint is coupled to the security assessment channel and performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to detected security incidents in the environment. The specialized endpoint is arranged to perform various analyses and processes on historical security assessments.
摘要翻译：企业安全环境中的端点被配置为自适应地从其正常的数据收集模式切换到长期的，详细的数据收集模式，其中对所收集的详细数据应用高级分析。这种自适应数据收集和分析是在接收到特定类型的安全评估时触发的，其中安全性评估被定义为由更广泛的语境意义的端点对收集到的信息（即某些上下文中的数据）的暂时分配关于感兴趣的对象。专用端点耦合到安全评估通道，并通过订阅所有安全评估，记录安全性评估以及记录端点响应于环境中检测到的安全事件而采取的本地操作，作为集中审核点执行。安排专门的终端，对历史安全评估进行各种分析和处理。

4. 发明申请

US20080229422A1 Enterprise security assessment sharing 有权
标题翻译：企业安全评估共享
公开(公告)号：US20080229422A1
公开(公告)日：2008-09-18
申请号：US11724061
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F11/00
CPC分类号： H04L63/20 , G06F21/552 , G06F21/577 , H04L41/0803 , H04L41/0893 , H04L63/1425
摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.
摘要翻译：企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。其暂定性质体现在其两个组成部分：用于表达对评估的信心程度的忠实领域，以及评估有效的估计时间段的实时生存领域。端点可以将安全评估发布到安全评估通道上，并订阅其他端点发布的安全评估子集。通过订阅所有安全性评估，记录安全性评估以及记录端点响应安全威胁所采取的本地操作，专用端点与作为集中审核点执行的通道相连。

5. 发明申请

US20080229414A1 Endpoint enabled for enterprise security assessment sharing 有权
标题翻译：端点启用企业安全评估共享
公开(公告)号：US20080229414A1
公开(公告)日：2008-09-18
申请号：US11724060
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F15/00
CPC分类号： H04L63/20 , H04L63/02
摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.
摘要翻译：企业范围的共享安排使用称为安全评估的语义抽象来在名为端点的安全产品之间共享安全相关信息。安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。端点使用包含通用评估共享代理和公共评估生成代理的架构。共同评估共享代理被安排用于订阅安全性评估，向安全评估发布安全评估，保持对通道上配置更改的意识（例如，添加或删除新端点时），并实施安全功能，如授权，验证和加密。常见的评估生成引擎处理与安全评估相关联的端点行为，包括基于已过期的评估的评估生成，取消，跟踪和回滚操作。公共评估产生引擎生成并发送指示采取哪些本地动作的消息。

6. 发明申请

US20080229421A1 Adaptive data collection for root-cause analysis and intrusion detection 有权
标题翻译：根本原因分析和入侵检测的自适应数据收集
公开(公告)号：US20080229421A1
公开(公告)日：2008-09-18
申请号：US11717978
申请日：2007-03-14
申请人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
发明人： Efim Hudis , Yair Helman , Joseph Malka , Uri Barash
IPC分类号： G06F11/00
CPC分类号： H04L63/1433 , G06F21/552
摘要： Endpoints in an enterprise security environment are configured to adaptively switch from their normal data collection mode to a long-term, detailed data collection mode where advanced analyses are applied to the collected detailed data. Such adaptive data collection and analysis is triggered upon the receipt of a security assessment of a particular type, where a security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information (i.e., data in some context) that is collected about an object of interest. A specialized endpoint is coupled to the security assessment channel and performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to detected security incidents in the environment. The specialized endpoint is arranged to perform various analyses and processes on historical security assessments.
摘要翻译：企业安全环境中的端点被配置为自适应地从其正常的数据收集模式切换到长期的，详细的数据收集模式，其中对所收集的详细数据应用高级分析。这种自适应数据收集和分析是在接收到特定类型的安全评估时触发的，其中安全性评估被定义为由更广泛的语境意义的端点对收集到的信息（即某些上下文中的数据）的暂时分配关于感兴趣的对象。专用端点耦合到安全评估通道，并通过订阅所有安全评估，记录安全性评估以及记录端点响应于环境中检测到的安全事件而采取的本地操作，作为集中审核点执行。安排专门的终端，对历史安全评估进行各种分析和处理。

7. 发明申请

US20100241974A1 Controlling Malicious Activity Detection Using Behavioral Models 有权
标题翻译：使用行为模型控制恶意活动检测
公开(公告)号：US20100241974A1
公开(公告)日：2010-09-23
申请号：US12408453
申请日：2009-03-20
申请人： Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人： Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
IPC分类号： G06F21/00 , G06F3/048
CPC分类号： G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
摘要翻译：描述了系统，方法和计算机程序产品，用于基于与相应的信息技术资产相关联的行为模型来控制关于信息技术资产的恶意活动检测。与行为模型相关的保护规则和相应的敏感性被保护服务应用于检测信息技术资产的恶意活动。

8. 发明授权

US08490187B2 Controlling malicious activity detection using behavioral models 有权
公开(公告)号：US08490187B2
公开(公告)日：2013-07-16
申请号：US12408453
申请日：2009-03-20
申请人： Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人： Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
IPC分类号： G06F11/00 , G06F12/14 , G06F7/04 , G06F3/048
CPC分类号： G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.

9. 发明授权

US08424094B2 Automated collection of forensic evidence associated with a network security incident 有权
标题翻译：自动收集与网络安全事件相关的法医证据
公开(公告)号：US08424094B2
公开(公告)日：2013-04-16
申请号：US11824732
申请日：2007-06-30
申请人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
发明人： John Neystadt , Efim Hudis , Yair Helman , Alexandra Faynburd
IPC分类号： G06F21/00
CPC分类号： H04L63/1425 , H04L63/308
摘要： An automated collection of forensic evidence associated with a security incident is provided by an arrangement in which different security products called endpoints in an enterprise network are enabled for sharing security-related information over a common communication channel using an abstraction called a security assessment. A security assessment is generally configured to indicate an endpoint's understanding of a detected security incident that pertains to an object in the environment which may include users, computers, IP addresses, and website URIs (Universal Resource Identifiers). The security assessment is published by the endpoint into the channel and received by subscribing endpoints. The security assessment triggers the receiving endpoints to go into a more comprehensive or detailed mode of evidence collection. In addition, any forensic evidence having relevance to the security incident that may have already been collected prior to the detection will be marked for retention so that it is not otherwise deleted.
摘要翻译：与安全事件相关联的法医证据的自动收集由一种安排提供，其中使企业网络中称为端点的不同安全产品能够使用称为安全性评估的抽象通过公共通信信道共享与安全相关的信息。通常，安全性评估被配置为指示端点对于可能包括用户，计算机，IP地址和网站URI（通用资源标识符）的环境中的对象的检测到的安全事件的理解。安全评估由端点发布到信道中，并由订阅端点接收。安全评估使得接收端点进入更全面或详细的证据收集模式。此外，与检测前已经收集到的安全事件相关的任何法医证据将被标记为保留，以免另外删除。

10. 发明申请

US20090328222A1 MAPPING BETWEEN USERS AND MACHINES IN AN ENTERPRISE SECURITY ASSESSMENT SHARING SYSTEM 有权
标题翻译：企业安全评估系统中用户和机器之间的映射
公开(公告)号：US20090328222A1
公开(公告)日：2009-12-31
申请号：US12146440
申请日：2008-06-25
申请人： Yair Helman , Efim Hudis , Lior Arzi
发明人： Yair Helman , Efim Hudis , Lior Arzi
IPC分类号： G06F21/00
CPC分类号： H04L63/1425 , G06F21/554
摘要： Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint will generate a tentative assignment of contextual meaning called a security assessment that is published when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”. ESAS is configured with the capabilities to map between objects, including users and machines in the enterprise network, so that security assessments applicable to one object domain can be used to generate security assessments in another object domain.
摘要翻译：在企业安全评估共享（“ESAS”）系统中的对象类型映射可以对企业网络进行攻击，并更好地检测安全事件，并提高响应能力。 ESAS系统分布在共享通用通信通道的企业网络中包含不同安全产品的端点之间。端点将产生一个上下文意义的临时赋值，称为安全评估，当检测到潜在的安全事件时，该评估将被发布。安全评估确定感兴趣的对象，安全事件的类型及其严重性。还提供了一种由被称为“保真度”的属性表示的对检测的置信度。配置ESAS配置能够在企业网络中的对象（包括用户和计算机）之间进行映射，以便可以使用适用于一个对象域的安全评估来生成另一对象域中的安全性评估。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式