Patents by Inventor Andrew G. P. Smith
Andrew G. P. Smith has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20200076835Abstract: In a threat management platform, a number of endpoints log events in an event data recorder. A local agent filters this data and feeds a filtered data stream to a central threat management facility. The central threat management facility can locally or globally tune filtering by local agents based on the current data stream, and can query local event data recorders for additional information where necessary or helpful in threat detection or forensic analysis. The central threat management facility also stores and deploys a number of security tools such as a web-based user interface supported by machine learning models to identify potential threats requiring human intervention and other models to provide human-readable context for evaluating potential threats.Type: ApplicationFiled: September 12, 2018Publication date: March 5, 2020Inventors: Beata Ladnai, Mark David Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Publication number: 20200076833Abstract: Activity on an endpoint is monitored in two stages with a local agent. In a first stage, particular computing objects on the endpoint are selected for tracking. In a second stage, particular types of changes to those objects are selected. By selecting objects and object changes in this manner, a compact data stream of information highly relevant to threat detection can be provided from an endpoint to a central threat management facility. In order to support dynamic threat response, the locus and level of detection applied by the local agent can be controlled by the threat management facility and/or the endpoint.Type: ApplicationFiled: September 12, 2018Publication date: March 5, 2020Inventors: Beata Ladnai, Mark David Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Publication number: 20200076834Abstract: Activity on an endpoint is monitored in two stages with a local agent. In a first stage, particular computing objects on the endpoint are selected for tracking. In a second stage, particular types of changes to those objects are selected. By selecting objects and object changes in this manner, a compact data stream of information highly relevant to threat detection can be provided from an endpoint to a central threat management facility. At the same time, a local data recorder creates a local record of a wider range of objects and changes. The system may support forensic activity by facilitating queries to the local data recorder on the endpoint to retrieve more complete records of local activity when the compact data stream does not adequately characterize a particular context.Type: ApplicationFiled: September 12, 2018Publication date: March 5, 2020Inventors: Beata Ladnai, Mark David Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Publication number: 20200076837Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.Type: ApplicationFiled: November 8, 2019Publication date: March 5, 2020Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries, Kenneth D. Ray
-
Patent number: 10516682Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.Type: GrantFiled: April 5, 2018Date of Patent: December 24, 2019Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries, Kenneth D. Ray
-
Patent number: 10489588Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: GrantFiled: March 19, 2018Date of Patent: November 26, 2019Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Patent number: 10460105Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: GrantFiled: March 19, 2018Date of Patent: October 29, 2019Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Patent number: 10417419Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: GrantFiled: March 19, 2018Date of Patent: September 17, 2019Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Patent number: 10417418Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: GrantFiled: March 19, 2018Date of Patent: September 17, 2019Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Publication number: 20190258800Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: ApplicationFiled: May 2, 2019Publication date: August 22, 2019Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Publication number: 20180276380Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: ApplicationFiled: March 19, 2018Publication date: September 27, 2018Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Publication number: 20180276379Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: ApplicationFiled: March 19, 2018Publication date: September 27, 2018Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Publication number: 20180227320Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.Type: ApplicationFiled: April 5, 2018Publication date: August 9, 2018Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries, Kenneth D. Ray
-
Patent number: 9967267Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.Type: GrantFiled: April 15, 2016Date of Patent: May 8, 2018Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries, Kenneth D. Ray
-
Patent number: 9928366Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: GrantFiled: April 11, 2017Date of Patent: March 27, 2018Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Publication number: 20170300690Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.Type: ApplicationFiled: April 11, 2017Publication date: October 19, 2017Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Publication number: 20170302685Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.Type: ApplicationFiled: April 15, 2016Publication date: October 19, 2017Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries, Kenneth D. Ray
-
Patent number: 8392972Abstract: In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.Type: GrantFiled: February 11, 2009Date of Patent: March 5, 2013Assignee: Sophos PLCInventors: Bradley A. C. Manring, Andrew G. P. Smith, Howard Moore, Andrew J. Thomas
-
Publication number: 20100205657Abstract: In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.Type: ApplicationFiled: February 11, 2009Publication date: August 12, 2010Inventors: Bradley A.C. Manring, Andrew G. P. Smith, Howard Moore, Andrew J. Thomas