Patents by Inventor Daniel Salvatore Schiappa
Daniel Salvatore Schiappa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10896254Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: June 29, 2016Date of Patent: January 19, 2021Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 10880269Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: GrantFiled: April 22, 2016Date of Patent: December 29, 2020Assignee: Sophos LimitedInventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 10762209Abstract: In one aspect, a method for securing a device includes receiving a first set of boot information of a device, receiving a first cryptographic proof of the first set of boot information, receiving a second set of boot information of the device, receiving a second cryptographic proof of the second set of boot information, comparing the first set of boot information and the second set of boot information, and, upon determining that the first set of boot information and the second set of boot information are different, determining whether differences between the first set of boot information and the second set of boot information are permitted. The method may also include generating an alert upon determining that differences between the first set of boot information and the second set of boot information are not permitted.Type: GrantFiled: May 10, 2016Date of Patent: September 1, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Simon Neil Reed, Daniel Salvatore Schiappa
-
Patent number: 10721210Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: GrantFiled: May 8, 2019Date of Patent: July 21, 2020Assignee: Sophos LimitedInventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 10558800Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: May 3, 2018Date of Patent: February 11, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Patent number: 10528739Abstract: In one aspect, a method for securing a device includes receiving a first set of boot information from a first device, the first set of boot information including a first list of boot items, receiving from the first device a first proof based on the first set of boot information, verifying the first set of boot information based on the first proof, determining a reputation for one or more of the boot items in the first list of boot items. and reporting the determined reputation.Type: GrantFiled: April 20, 2016Date of Patent: January 7, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Simon Neil Reed, Daniel Salvatore Schiappa
-
Patent number: 10516531Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: August 24, 2018Date of Patent: December 24, 2019Assignee: Sophos LimitedInventors: Harald Schütz, Andrew J. Thomas, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20190319987Abstract: An interface for a threat management facility of an enterprise network supports the use of third-party security products within the enterprise network by providing access to relevant internal instrumentation and/or a programmatic interface for direct or indirect access to local security agents on compute instances within the enterprise network.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319971Abstract: A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319980Abstract: A security platform uses a sensor-event-analysis-response methodology to iteratively adapt to a changing security environment by continuously creating and updating entity models based on observed activities and detecting patterns of events that deviate from these entity models.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319945Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190319961Abstract: Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.Type: ApplicationFiled: April 12, 2019Publication date: October 17, 2019Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20190318128Abstract: A ledger stores chain of custody information for files throughout an enterprise network. By identifying files with a homologous identifier such as a fuzzy hash that permits piecewise evaluation of similarity, the ledger can be used to track a chain of custody over a sequence of changes in content, ownership, and file properties. The ledger can be used, e.g., to evaluate trustworthiness of a file the first time it is encountered by an endpoint, or to apply enterprise policies based on trust.Type: ApplicationFiled: October 19, 2018Publication date: October 17, 2019Inventors: Karl Ackerman, Russell Humphries, Daniel Salvatore Schiappa, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190268303Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.Type: ApplicationFiled: May 8, 2019Publication date: August 29, 2019Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
-
Publication number: 20190213325Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, e.g., in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: ApplicationFiled: June 29, 2016Publication date: July 11, 2019Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20190028438Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: ApplicationFiled: September 27, 2018Publication date: January 24, 2019Inventors: Andrew J. Thomas, Neil Robert Tyndale Watkiss, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20180367299Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: ApplicationFiled: August 24, 2018Publication date: December 20, 2018Inventors: Harald Schütz, Andrew J. Thomas, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 10122687Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: September 14, 2014Date of Patent: November 6, 2018Assignee: Sophos LimitedInventors: Andrew J. Thomas, Neil Robert Tyndale Watkiss, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20180276378Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: ApplicationFiled: May 3, 2018Publication date: September 27, 2018Inventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Patent number: 10063373Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: November 23, 2016Date of Patent: August 28, 2018Assignee: Sophos LimitedInventors: Harald Schütz, Andrew J. Thomas, Kenneth D. Ray, Daniel Salvatore Schiappa