Patents by Inventor Alex MARKHAM
Alex MARKHAM has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902322Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.Type: GrantFiled: August 12, 2022Date of Patent: February 13, 2024Assignee: Darktrace Holdings LimitedInventors: Robert Hutchinson, Alex Markham, Krystian Szczur
-
Patent number: 11693964Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: GrantFiled: January 5, 2021Date of Patent: July 4, 2023Assignee: Darktrace Holdings LimitedInventors: Jack Stockdale, Alex Markham
-
Publication number: 20230111771Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.Type: ApplicationFiled: August 12, 2022Publication date: April 13, 2023Inventors: Robert Hutchinso, Alex Markham, Krystian Szczur
-
Publication number: 20230042552Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: ApplicationFiled: October 12, 2022Publication date: February 9, 2023Applicant: Darktrace Holdings LimitedInventors: Jack Stockdale, Alex Markham
-
Patent number: 11546360Abstract: A cyber security appliance has modules that utilize probes to interact with entities in a cloud infrastructure environment (CIE). A cloud module can 1) use the information about relevant changes in the CIE fed from the probes, and 2) use machine learning models that are trained on a normal behavior of at least a first entity associated with the CIE; and thus, indicate when a behavior of the first entity falls outside of being a normal pattern of life. A cyber threat module can use machine learning models trained on cyber threats in the CIE and examine at least the behaviors of the first entity falling outside of the normal pattern of life to determine what is a likelihood of ‘a chain of unusual behaviors under analysis that fall outside of being the normal behavior’ is a cyber threat. An autonomous response module can cause actions to contain the cyber threat.Type: GrantFiled: February 19, 2019Date of Patent: January 3, 2023Assignee: Darktrace Holdings LimitedInventors: Andrew Woodford, Jacob Araiza, Alex Markham, Matthew Dunn
-
Patent number: 11418538Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.Type: GrantFiled: November 8, 2019Date of Patent: August 16, 2022Assignee: Darktrace Holdings LimitedInventors: Robert Hutchinson, Alex Markham, Krystian Szczur
-
Publication number: 20210273949Abstract: A traffic manager module of a cyber threat defense platform that can differentiate between data flows to a client device. A registration module can register a connection between devices within a client network to transmit a series of data packets. A classifier module can execute a comparison of features of the connection to a set of interest criteria to determine an interest level for the cyber threat defense platform in the connection. The classifier module can apply an interest classifier describing the interest level to the connection based on the comparison. A deep packet inspection engine can examine the data packets of the connection for cyber threats if the interest classifier indicates interest. A diverter can shunt the data packets of the connection away from the deep packet inspection engine if the interest classifier indicates no interest.Type: ApplicationFiled: February 26, 2021Publication date: September 2, 2021Inventors: Guy Howlett, Alex Markham, Martina Balintova, Andrew Woodford, Jack Stockdale
-
Publication number: 20210157919Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: ApplicationFiled: January 5, 2021Publication date: May 27, 2021Inventors: Jack Stockdale, Alex Markham
-
Publication number: 20200244699Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.Type: ApplicationFiled: November 8, 2019Publication date: July 30, 2020Applicant: Darktrace LimitedInventors: Robert Hutchinson, Alex Markham, Krystian Szczur
-
Publication number: 20190260794Abstract: A cyber security appliance has modules that utilize probes to interact with entities in a cloud infrastructure environment (CIE). A cloud module can 1) use the information about relevant changes in the CIE fed from the probes, and 2) use machine learning models that are trained on a normal behavior of at least a first entity associated with the CIE; and thus, indicate when a behavior of the first entity falls outside of being a normal pattern of life. A cyber threat module can use machine learning models trained on cyber threats in the CIE and examine at least the behaviors of the first entity falling outside of the normal pattern of life to determine what is a likelihood of ‘a chain of unusual behaviors under analysis that fall outside of being the normal behavior’ is a cyber threat. An autonomous response module can cause actions to contain the cyber threat.Type: ApplicationFiled: February 19, 2019Publication date: August 22, 2019Inventors: Andrew Woodford, Jacob Araiza, Alex Markham, Matthew Dunn
-
Publication number: 20190251260Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: ApplicationFiled: April 22, 2019Publication date: August 15, 2019Inventors: Jack Stockdale, Alex Markham
-
Patent number: 10268821Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analyzing the metrics using one or more models, and determining, in accordance with the analyzed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: GrantFiled: August 3, 2015Date of Patent: April 23, 2019Assignee: Darktrace LimitedInventors: Jack Stockdale, Alex Markham
-
Publication number: 20170220801Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behaviour of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: ApplicationFiled: August 3, 2015Publication date: August 3, 2017Inventors: Jack STOCKDALE, Alex MARKHAM