Processing

Please wait...

Settings

Settings

Goto Application

1. WO2017083436 - SYSTEM AND METHOD FOR DETECTING LATERAL MOVEMENT AND DATA EXFILTRATION

Publication Number WO/2017/083436
Publication Date 18.05.2017
International Application No. PCT/US2016/061201
International Filing Date 09.11.2016
IPC
G06F 11/00 2006.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
11Error detection; Error correction; Monitoring
CPC
G06F 11/00
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
11Error detection; Error correction; Monitoring
G06F 21/566
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
H04L 63/1416
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1416Event detection, e.g. attack signature detection
Applicants
  • CYPHORT, INC. [US]/[US]
Inventors
  • GONG, Fengmin
  • BURT, Alexander
  • JAS, Frank
Agents
  • GURZO, Paul M.
  • SHAMI, Khaled
  • SWIATEK, Maria S.
  • BACH, Joseph
  • HAYES, Jennifer
  • BIRKENEDER, Erik
Priority Data
14/936,61209.11.2015US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) SYSTEM AND METHOD FOR DETECTING LATERAL MOVEMENT AND DATA EXFILTRATION
(FR) SYSTÈME ET PROCÉDÉ POUR DÉTECTER UN MOUVEMENT LATÉRAL ET UNE EXFILTRATION DE DONNÉES
Abstract
(EN) A system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold.
(FR) L'invention concerne un système configuré pour détecter une activité menaçante sur un réseau. Le système comprend un dispositif numérique configuré pour détecter un premier indicateur d'ordre de compromission sur un réseau; détecter un second indicateur d'ordre de compromission sur le réseau; générer un score de risque sur la base d'une corrélation entre ledit premier indicateur d'ordre de compromission sur le réseau et le second indicateur d'ordre de compromission sur ledit réseau; et générer au moins une alerte d'incident sur la base de la comparaison du score de risque à un seuil.
Latest bibliographic data on file with the International Bureau