Discovery of groupings of security alert types and corresponding complex multipart attacks, from analysis of massive security telemetry
Granted: January 8, 2019
Patent Number:
10178109
Alerts generated by triggering signatures on endpoints are identified in samples of security telemetry. The sources of alerts are filtered. Alert tuples identifying multipart attacks are discovered. An iterative multi-pass search of alert types generated by filtered sources can be conducted. During each pass, groups of successively larger numbers of alert types generated by common sources are identified. A list of alert types can be sorted according to the number of filtered sources that…
Systems and methods for detecting unknown vulnerabilities in computing processes
Granted: January 8, 2019
Patent Number:
10176329
The disclosed computer-implemented method for detecting unknown vulnerabilities in computing processes may include (1) monitoring a computing environment that facilitates execution of a computing process by logging telemetry data related to the computing process while the computing process is running within the computing environment, (2) determining that the computing process crashed while running within the computing environment, (3) searching the telemetry data for evidence of any…
System and method for dynamic detection of command and control malware
Granted: January 8, 2019
Patent Number:
10176325
A system and method for dynamic detection of Command and Control (C&C) malware is provided. The method may include hooking API within an application and analyzing the code of the hooked API using static analysis. The method may further include conducting dynamic analysis; wherein incoming network and file content is collected and data patterns relating to C&C are detected from this content. Using these data patterns, this system may identify C&C URLs and further filter these…
Utilizing endpoint asset awareness for network intrusion detection
Granted: January 1, 2019
Patent Number:
10171483
An intrusion device identifies network data to be sent to a destination endpoint and determines a sensitivity level of the destination endpoint based on asset valuation. The intrusion device identifies a subset of signatures that corresponds to the sensitivity level of the destination endpoint and determines whether the network data includes an intrusion based on the subset of signatures.
Systems and methods for identifying non-malicious files on computing devices within organizations
Granted: January 1, 2019
Patent Number:
10169584
The disclosed computer-implemented method for identifying non-malicious files on computing devices within organizations may include (1) identifying a file on at least one computing device within multiple computing devices managed by an organization, (2) identifying a source of the file based on examining a relationship between the file and the organization, (3) determining that the source of the file is trusted within the organization, and then (4) concluding, based on the source of the…
Systems and methods for detecting modification attacks on shared physical memory
Granted: January 1, 2019
Patent Number:
10169577
The disclosed computer-implemented method for detecting modification attacks on shared physical memory may include (i) identifying a page frame of physical memory that is shared by a plurality of virtual machines, (ii) calculating a first checksum for the page frame, (iii) calculating, while the page frame is shared by the plurality of virtual machines and before any of the plurality of virtual machines writes to a page of virtual memory that is mapped to the page frame, a second…
Systems and methods for preventing internal network attacks
Granted: January 1, 2019
Patent Number:
10169575
A computer-implemented method for preventing internal network attacks may include 1) identifying a host system that is within a subnet of a network, 2) detecting an intrusion on the host system, the intrusion on the host system being capable of facilitating an attack via the host system on at least one additional system of the network, 3) identifying at least one additional host system within the subnet of the network, and 4) implementing a security measure on the additional host system…
Systems and methods for detecting credential theft
Granted: December 25, 2018
Patent Number:
10162962
The disclosed computer-implemented method for detecting credential theft may include (i) monitoring a secured computing system's credential store that may include at least one sensitive credential that may be used to facilitate authentication of a user that is attempting to access the secured computing system, (ii) gathering, while monitoring the credential store, primary evidence of an attempted theft of the sensitive credential from the credential store, (iii) gathering corroborating…
Systems and methods for encrypting files
Granted: December 18, 2018
Patent Number:
10157290
The disclosed computer-implemented method for encrypting files may include (i) detecting an event within a network that triggers an encryption of a file on the network, (ii) performing, in response to detecting the event, both encrypting the file to a file encryption key and encrypting the file encryption key to a public key of a source of the file, (iii) receiving, from a client, a file access request that includes the encrypted file encryption key, and (iv) transmitting, in response to…
Scanning for and remediating security risks on lightweight computing devices
Granted: December 18, 2018
Patent Number:
10158662
The present disclosure relates to scanning for security threats on a lightweight computing device. An example method generally includes receiving, from a mobile device, a software package including a lightweight computing device security application. A lightweight device transmits, to the mobile device, information identifying at least a first application installed on the lightweight computing device. In response, the lightweight device receives, from the mobile device, information…
Call block policy using validated identities and selected attribute sharing
Granted: December 11, 2018
Patent Number:
10154136
Systems, apparatuses, methods, and computer readable mediums for implementing a flexible call blocking scheme using validated identities and selected attribute sharing. A user may undergo an identity verification process to generate one or more signed attributes associated with the user. When the user initiates a phone call, the user may select which attributes to expose to the callee. In one embodiment, the user's device may prevent the user's phone number from being exposed to the…
Determining a recommended control point for a file system
Granted: December 11, 2018
Patent Number:
10152530
A control point module may receive information associated with a plurality of users accessing a plurality of files. Each of the files may be stored in a folder of the plurality of folders. Users who have accessed one or more files stored in a folder may be assigned to each corresponding folder. Users who have been assigned to each folder of a plurality of pairs of the folders may be compared to identify one or more differences of assigned users between each folder of each pair of the…
Dynamic indication of a status of an application
Granted: December 11, 2018
Patent Number:
10152197
The systems and methods described herein relate to mobile devices. More specifically, the systems and methods described herein relate to dynamically altering a stating of an application on a mobile device. Mobile devices may have several applications installed thereon. In some instances, the applications may not be available. The application icon may be dynamically altered to indicate a status of the application.
Preventing data loss over network channels by dynamically monitoring file system operations of a process
Granted: December 4, 2018
Patent Number:
10148694
Techniques are disclosed for performing data loss prevention (DLP) by monitoring file system activity of an application having a network connection. A DLP agent tracks file system activity (e.g., file open and read operations) being initiated by the application. The DLP agent intercepts the file system activity and evaluates a file specified by the file system operation to determine whether the file includes sensitive data. If so determined, the DLP agent prevents the sensitive data from…
Accurate real-time identification of malicious BGP hijacks
Granted: December 4, 2018
Patent Number:
10148690
A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include generating a hijack detection model using a machine learning technique, such as Positive Unlabeled learning. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a…
Systems and methods for detecting illegitimate devices on wireless networks
Granted: December 4, 2018
Patent Number:
10148688
The disclosed computer-implemented method for detecting illegitimate devices on wireless networks may include (1) identifying an initial set of hops that represent devices on a wireless network that relay network traffic between the computing device and a destination, (2) identifying, after identifying the initial set of hops, a new set of hops that relay the network traffic between the computing device and the destination, (3) comparing the initial set of hops to the new set of hops,…
Systems and methods for preventing session hijacking
Granted: December 4, 2018
Patent Number:
10148631
The disclosed computer-implemented method for preventing session hijacking may include (1) determining that a user is attempting to complete at least a portion of an authentication session on a first computing system, (2) using input from one or more input devices of the first computing system to obtain environmental context associated with the user's attempt to complete the authentication session, (3) preventing the authentication session from authenticating the user while using the…
Systems and methods for evaluating electronic control units within vehicle emulations
Granted: December 4, 2018
Patent Number:
10146893
A computer-implemented method for evaluating electronic control units within vehicle emulations may include (1) connecting an actual electronic control unit for a vehicle to a vehicle bus that emulates network traffic rather than actual network traffic generated by operation of the vehicle, (2) manipulating input to the actual electronic control unit to test how safely the actual electronic control unit and the emulated electronic control unit respond to the manipulated input, (3)…
Sparse data set processing
Granted: December 4, 2018
Patent Number:
10146740
A computer implemented method is provided for processing sparse data. A sparse data set is received. A modified sparse data set is calculated by replacing all nonzero values in the sparse data set with a common positive integer. The modified sparse data set is transposed to create a transposed data set. A covariance matrix is calculated by multiplying the transposed data set by the modified sparse data set. A tree of a predefined depth is generated by assigning columns of the sparse data…
Systems and methods for restarting computing devices into security-application-configured safe modes
Granted: November 27, 2018
Patent Number:
10140454
The disclosed computer-implemented method for restarting computing devices into security-application-configured safe modes may include (1) configuring a security application to recognize a predetermined signal received via a predetermined hardware device that indicates that a user wants to restart the computing device into a security-application-configured safe mode that prevents suspicious applications from loading, (2) detecting the predetermined signal via an instance of the…
