Patents by Inventor Andrew J. Thomas

Andrew J. Thomas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Dynamic policy based on user experience
    Patent number: 11087014
    Abstract: Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: August 10, 2021
    Assignee: Sophos Limited
    Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
  • ENTERPRISE DOCUMENT CLASSIFICATION
    Publication number: 20210240845
    Abstract: A collection of documents or other files and the like within an enterprise network are labelled according to an enterprise document classification scheme, and then a recognition model such as a neural network or other machine learning model can be used to automatically label other files throughout the enterprise network. In this manner, documents and the like throughout an enterprise can be automatically identified and managed according to features such as confidentiality, sensitivity, security risk, business value, and so forth.
    Type: Application
    Filed: March 30, 2021
    Publication date: August 5, 2021
    Inventor: Andrew J. Thomas
  • Dynamic multi-factor authentication
    Patent number: 11068615
    Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: July 20, 2021
    Assignee: Sophos Limited
    Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
  • COMPUTER AUGMENTED THREAT EVALUATION
    Publication number: 20210211440
    Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.
    Type: Application
    Filed: March 1, 2021
    Publication date: July 8, 2021
    Inventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
  • THREAT DETECTION WITH BUSINESS IMPACT SCORING
    Publication number: 20210211441
    Abstract: A computer model is created for automatically evaluating the business value of computing objects such as files and databases on an endpoint. This can be used to assess the potential business impact of a security compromise to an endpoint, or a process executing on an endpoint, in order to prioritize potential threats within an enterprise for human review and intervention.
    Type: Application
    Filed: March 1, 2021
    Publication date: July 8, 2021
    Inventors: Russell Humphries, Andrew J. Thomas
  • Managing claiming of unrecognized devices for admission to an enterprise network
    Patent number: 11019056
    Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: May 25, 2021
    Assignee: Sophos Limited
    Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
  • Local proxy detection
    Patent number: 10986109
    Abstract: A technique for local proxy detection includes monitoring outbound traffic from the endpoint with remote network addresses outside the enterprise network, detecting use of a secure communication protocol with a request from the endpoint to one of the remote network addresses, identifying a plaintext network address within the request, and in response to identifying a plaintext network address in the request, initiating remediation of a potentially malicious local proxy on the endpoint.
    Type: Grant
    Filed: April 5, 2017
    Date of Patent: April 20, 2021
    Assignee: Sophos Limited
    Inventors: Fraser Howard, Karl Ackerman, Andrew J. Thomas, Dmitri Samosseiko
  • Baiting endpoints for improved detection of authentication attacks
    Patent number: 10986124
    Abstract: A credential store for an endpoint contains credentials for accessing a remote service. In general, the credentials will not have an ordinary, legitimate use for the endpoint, serving instead to log in to a dedicated trapping service or the like. In the event that the endpoint becomes compromised and an attacker gains access to the credential store, the presentation of the credentials to the remote service can provide an indication of compromise to the endpoint and any suitable remediation may be taken.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: April 20, 2021
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Daniel Stutz
  • Managing claiming of unrecognized devices for admission to an enterprise network
    Patent number: 10986092
    Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: April 20, 2021
    Assignee: Sophos Limited
    Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
  • Enterprise document classification
    Patent number: 10984122
    Abstract: A collection of documents or other files and the like within an enterprise network are labelled according to an enterprise document classification scheme, and then a recognition model such as a neural network or other machine learning model can be used to automatically label other files throughout the enterprise network. In this manner, documents and the like throughout an enterprise can be automatically identified and managed according to features such as confidentiality, sensitivity, security risk, business value, and so forth.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: April 20, 2021
    Assignee: Sophos Limited
    Inventor: Andrew J. Thomas
  • Electronic mail security using root cause analysis
    Patent number: 10972483
    Abstract: Electronic communications passing through a communication gateway or similar device for an enterprise can be monitored for indicators of malicious activity. When potentially malicious activity is identified, a user-based inquiry can be employed to identify potential sources of the malicious activity within the enterprise network. More specifically, by identifying a user that sourced the communication, instead of or in addition to a network address, devices within the enterprise network associated with the user can be located, analyzed, and remediated as appropriate.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: April 6, 2021
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, David James Mitchell, Paul Stuart Murray
  • Device management based on groups of network adapters
    Patent number: 10972431
    Abstract: Secure management of an enterprise network is improved by creating a network adapter fingerprint for an endpoint that identifies all of the network adapters for that endpoint. With this information, the location and connectivity of the endpoint can be tracked and managed independent of the manner in which the endpoint is connecting to the enterprise network.
    Type: Grant
    Filed: April 4, 2018
    Date of Patent: April 6, 2021
    Assignee: Sophos Limited
    Inventors: Moritz Daniel Grimm, Daniel Stutz, Andrew J. Thomas, Kenneth D. Ray
  • Enterprise network threat detection
    Patent number: 10972485
    Abstract: In a threat management platform, a number of endpoints log events in an event data recorder. A local agent filters this data and feeds a filtered data stream to a central threat management facility. The central threat management facility can locally or globally tune filtering by local agents based on the current data stream, and can query local event data recorders for additional information where necessary or helpful in threat detection or forensic analysis. The central threat management facility also stores and deploys a number of security tools such as a web-based user interface supported by machine learning models to identify potential threats requiring human intervention and other models to provide human-readable context for evaluating potential threats.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: April 6, 2021
    Assignee: Sophos Limited
    Inventors: Beata Ladnai, Mark David Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
  • SANDBOX ENVIRONMENT FOR DOCUMENT PREVIEW AND ANALYSIS
    Publication number: 20210097171
    Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.
    Type: Application
    Filed: December 15, 2020
    Publication date: April 1, 2021
    Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
  • Threat detection with business impact scoring
    Patent number: 10938839
    Abstract: A computer model is created for automatically evaluating the business value of computing objects such as files and databases on an endpoint. This can be used to assess the potential business impact of a security compromise to an endpoint, or a process executing on an endpoint, in order to prioritize potential threats within an enterprise for human review and intervention.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: March 2, 2021
    Assignee: Sophos Limited
    Inventors: Russell Humphries, Andrew J. Thomas
  • Secure labeling of network flows
    Patent number: 10938781
    Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: March 2, 2021
    Assignee: Sophos Limited
    Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
  • Computer augmented threat evaluation
    Patent number: 10938838
    Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: March 2, 2021
    Assignee: Sophos Limited
    Inventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
  • Sandbox environment for document preview and analysis
    Patent number: 10896254
    Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: January 19, 2021
    Assignee: Sophos Limited
    Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
  • TRACKING MALICIOUS SOFTWARE MOVEMENT WITH AN EVENT GRAPH
    Publication number: 20210012005
    Abstract: A multi-endpoint event graph is used to detect malware based on malicious software moving through a network.
    Type: Application
    Filed: September 30, 2020
    Publication date: January 14, 2021
    Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
  • Secure labeling of network flows
    Patent number: 10880269
    Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: December 29, 2020
    Assignee: Sophos Limited
    Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy