Patent application number | Description | Published |
20130332539 | Method and Apparatus for Detecting Unauthorized Bulk Forwarding of Sensitive Data Over a Network - Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time. | 12-12-2013 |
20130332541 | Method and Apparatus for Detecting Unauthorized Bulk Forwarding of Sensitive Data Over a Network - Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time. | 12-12-2013 |
20130333034 | Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion - Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system: and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines. | 12-12-2013 |
20130333041 | Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion - Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system; and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines. | 12-12-2013 |
20140351226 | Distributed Feature Collection and Correlation Engine - A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs. | 11-27-2014 |
20140351227 | Distributed Feature Collection and Correlation Engine - A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs. | 11-27-2014 |
20150264077 | Computer Implemented Techniques for Detecting, Investigating and Remediating Security Violations to IT Infrastructure - A method includes collecting system calls and call parameters invoked by monitored applications for target computer systems. The system calls and call parameters are received from operating system kernels on the plurality of target computer systems. Sequences of systems calls and call parameters of the monitored applications are correlated among different target computer systems to deduce malicious activities. Remedial action(s) are performed in response to malicious activities being deduced as being malicious by the correlating. Another method includes determining that network activity at a specific time is deemed to be suspicious. Using IP addresses involved in the suspicious network activity, computer system(s) are determined that are sources of the suspicious network activity. Based on the specific time and the determined computer system(s), application(s) are determined that are executing on the determined computer system(s) that are causing the suspicious network activity. Remedial action(s) are performed for the determined computer system(s). | 09-17-2015 |
Patent application number | Description | Published |
20140012973 | USER IDENTIFICATION USING MULTIFACETED FOOTPRINTS - A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user. | 01-09-2014 |
20140012976 | USER IDENTIFICATION USING MULTIFACETED FOOTPRINTS - A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user. | 01-09-2014 |
20150278729 | COGNITIVE SCORING OF ASSET RISK BASED ON PREDICTIVE PROPAGATION OF SECURITY-RELATED EVENTS - A method (and system) of scoring asset risk includes determining, using a processor, a risk value for each entity of a plurality of entities within a network and ranking each risk value. | 10-01-2015 |
Patent application number | Description | Published |
20150352319 | PEELABLE HEAT-SHRINKING TUBING - A heat shrink tubing, which can be readily peeled in the longitudinal direction after use (e.g., to remove the heat shrink tubing from an underlying material) is provided herein. The heat shrink tubing can be of various compositions, and generally is produced from at least one fluorinated, copolymeric resin. The tubing can exhibit desirable physical properties such as good optical clarity (e.g., translucency or transparency) and/or peelability, exhibiting one or more of complete, straight, and even peeling along a given length of tubing. | 12-10-2015 |
20150354732 | PEELABLE HEAT-SHRINK TUBING - A heat shrink tubing, which can be readily peeled in the longitudinal direction after use (e.g., to remove the heat shrink tubing from an underlying material) is provided herein. The heat shrink tubing can be of various compositions, and generally is produced from at least one fluorinated, copolymeric resin. The tubing can exhibit desirable physical properties such as good optical clarity (e.g., translucency or transparency) and/or peelability, exhibiting one or more of complete, straight, and even peeling along a given length of tubing. | 12-10-2015 |