Patents by Inventor Andrew J. Thomas

Andrew J. Thomas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12354043
    Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.
    Type: Grant
    Filed: September 7, 2023
    Date of Patent: July 8, 2025
    Assignee: Sophos Limited
    Inventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
  • Publication number: 20250124382
    Abstract: An endpoint coupled in a communicating relationship with an enterprise network may include a data recorder configured to store an event stream of data indicating events on the endpoint including types of changes to computing objects, a filter configured to locally process the event stream into a filtered event stream including a subset of types of changes to the computing objects, and a local security agent. The local security agent may be configured to transmit the filtered event stream to a threat management facility, respond to a filter adjustment from the threat management facility by adjusting the filter to modify the subset of types of changes included in the filtered event stream, and respond to a query from the threat management facility by retrieving data stored in the data recorder over a time window before the query and excluded from the filtered event stream.
    Type: Application
    Filed: August 20, 2024
    Publication date: April 17, 2025
    Inventors: Beata Ladnai, Mark D. Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
  • Patent number: 12273382
    Abstract: Security is improved by adding a security heartbeat for and endpoint as a factor in a multi-factor authentication system. The security heartbeat may be used directly as an authentication factor, e.g., where the heartbeat provides a reliable and verifiable indication of identity, or the security heartbeat may be used as a gating input for some other verification method, e.g., where a text message with a temporary security code can only be transmitted to a user when the user's endpoint is providing a secure heartbeat.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: April 8, 2025
    Assignee: Sophos Limited
    Inventors: Karl Ackerman, John Edward Tyrone Shaw, Craig Paradis, Andrew J. Thomas, Kenneth D. Ray
  • Patent number: 12261824
    Abstract: An application executing on an endpoint accesses remote resources using a gateway. In response to a requested remote access, the application may be marked with a descriptor that specifies a target action and a pattern of occurrences of the target action. When a second observable action on the endpoint includes the pattern of events following the first observable action, a reportable event may be generated indicating a compromised state of the endpoint. The gateway can then regulate usage of the remote resource based on the reportable event.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: March 25, 2025
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Neil Robert Tyndale Watkiss, Daniel Salvatore Schiappa, Kenneth D. Ray
  • Patent number: 12244641
    Abstract: A firewall uses information about an application that originates a network request to determine whether and how to forward the request over a network. The firewall may more generally rely on the identity of the originating application, the security state of the originating application, the security state of the endpoint, and any other information that might provide an indication of malicious activity, to make routing and forwarding decisions for endpoint-originated network traffic.
    Type: Grant
    Filed: August 3, 2023
    Date of Patent: March 4, 2025
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Karl Ackerman, James Douglas Bean, Kenneth D. Ray, Daniel Stutz
  • Publication number: 20250047686
    Abstract: A threat management facility receives data from a variety of sources such as compute instances within an enterprise network, cloud service providers supporting the enterprise network, and third-party data providers such as geolocation services. In order to facilitate prompt notification of potential risks, the threat management facility may incrementally update data for use in threat assessments as the data becomes available from these different sources, and create suitable alerts or notifications whenever the currently accumulated data provides an indication of threat meeting a predetermined threshold.
    Type: Application
    Filed: August 21, 2024
    Publication date: February 6, 2025
    Inventors: Andrew J. Thomas, Mangal Rakesh Vankadaru, Prakash Kumar Talreja, Timothy Rayment, Biju Balakrishnan Nair
  • Patent number: 12218977
    Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.
    Type: Grant
    Filed: April 15, 2022
    Date of Patent: February 4, 2025
    Assignee: Sophos Limited
    Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
  • Patent number: 12181586
    Abstract: A method for multi-track environmental fault monitoring for aerial platforms includes estimating a normalized squared residual error (NSRE) for each of one or more satellite-receiver tracks over time. The method also includes determining an averaged NSRE for each satellite-receiver track by averaging the NSRE over multiple time windows. The method further includes performing a threshold test on the averaged NSRE to determine a filter state. In addition, the method includes determining whether to apply a scale factor for each satellite-receiver track based on the filter state.
    Type: Grant
    Filed: May 9, 2022
    Date of Patent: December 31, 2024
    Assignee: Raytheon Company
    Inventors: Shuwu Wu, Matt Keti, Andrew J. Thomas, Joseph Chang
  • Publication number: 20240427930
    Abstract: An endpoint in an enterprise network is instrumented with sensors to detect security-related events occurring on the endpoint. Event data from these sensors is augmented with contextual information about, e.g., a source of each event in order to facilitate improved correlation, analysis, and visualization at a threat management facility for the enterprise network.
    Type: Application
    Filed: June 28, 2024
    Publication date: December 26, 2024
    Inventors: Kenneth D. Ray, Andrew J. Thomas, Karl Ackerman
  • Publication number: 20240414174
    Abstract: An asynchronous stream of security events is added to a data lake for enterprise security by identifying groups of related events related to a security threat, and creating rules to fold these related events into a single security event along with metadata. The folding rules may then be applied to security events in the event stream to compress data in the data lake and improve detection efficiency.
    Type: Application
    Filed: August 21, 2024
    Publication date: December 12, 2024
    Inventors: Andrew J. Thomas, Mangal Rakesh Vankadaru, Prakash Kumar Talreja, Timothy Rayment
  • Patent number: 12153948
    Abstract: In order to use zero trust network resources distributed across multiple gateways, an agent is deployed on an endpoint of an enterprise network. The agent maps requests for specific applications to corresponding gateways. The agent may also multiplex or otherwise aggregate communications among different network applications and gateways in order to provide seamless, transparent access to the distributed resources at a single endpoint, and/or within a single interface.
    Type: Grant
    Filed: March 9, 2022
    Date of Patent: November 26, 2024
    Assignee: Sophos Limited
    Inventors: Biju Ramachandra Kaimal, Andrew J. Thomas, Venkata Suresh Reddy Obulareddy, Mayur Premi, Robert W. Cook, Ramesh Kamath, Matthew Charles Setzer, Madan Mohan Nayak
  • Patent number: 12153674
    Abstract: An event graph can be generated, and, upon malware detection, traversed backward to identify a root cause associated with the malware detection. Using this information, rules for earlier malware detection can be created by analyzing the event graph proximal to the root cause rather than proximal to the malware detection trigger.
    Type: Grant
    Filed: March 8, 2022
    Date of Patent: November 26, 2024
    Assignee: Sophos Limited
    Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
  • Patent number: 12132746
    Abstract: A threat management facility receives data from a variety of sources such as compute instances within an enterprise network, cloud service providers supporting the enterprise network, and third-party data providers such as geolocation services. In order to facilitate prompt notification of potential risks, the threat management facility may incrementally update data for use in threat assessments as the data becomes available from these different sources, and create suitable alerts or notifications whenever the currently accumulated data provides an indication of threat meeting a predetermined threshold.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: October 29, 2024
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Mangal Rakesh Vankadaru, Prakash Kumar Talreja, Timothy Rayment, Biju Balakrishnan Nair
  • Patent number: 12132745
    Abstract: A platform for threat investigation in an enterprise network receives threat data from managed endpoints, and is augmented with data from cloud computing platforms and other third-party resources. The resulting merged data set can be incrementally updated and used to automatically launch investigations at appropriate times.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: October 29, 2024
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Mangal Rakesh Vankadaru, Prakash Kumar Talreja, Timothy Rayment, Biju Balakrishnan Nair
  • Patent number: 12111927
    Abstract: In embodiments, a framework for an extensible, file-based security system is described for determining an appropriate application, application environment, and/or access or security control measure based at least in part on a file's reputation.
    Type: Grant
    Filed: July 26, 2023
    Date of Patent: October 8, 2024
    Assignee: Sophos Limited
    Inventor: Andrew J. Thomas
  • Patent number: 12101334
    Abstract: A threat management system stores an attack matrix characterizing tactics and techniques, and provides threat detection based on patterns of traversal of the attack matrix. Where the threat management system provides a data lake of security events and a query interface for using the data lake to investigate security issues, useful inferences may also be drawn by comparing query activity in the query interface with the patterns of traversal of the attack matrix, such as by using a malicious pattern of traversal to identify a concurrent chain of queries indicative of a threat, or by presenting separate threat scores to an analyst based on query activity and patterns of traversal.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: September 24, 2024
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Mangal Rakesh Vankadaru, Prakash Kumar Talreja, Timothy Rayment
  • Publication number: 20240311503
    Abstract: A threat management facility stores a number of entity models that characterize reportable events from one or more entities. A stream of events from compute instances within an enterprise network can then be analyzed using these entity models to detect behavior that is inconsistent or anomalous for one or more of the entities that are currently active within the enterprise network.
    Type: Application
    Filed: May 23, 2024
    Publication date: September 19, 2024
    Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
  • Patent number: 12093383
    Abstract: An event graph associated with a root cause for a change in security state on an endpoint is used to facilitate malware detection on other endpoints.
    Type: Grant
    Filed: March 8, 2022
    Date of Patent: September 17, 2024
    Assignee: Sophos Limited
    Inventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
  • Patent number: 12095778
    Abstract: An asynchronous stream of security events is added to a data lake for enterprise security by identifying groups of related events related to a security threat, and creating rules to fold these related events into a single security event along with metadata. The folding rules may then be applied to security events in the event stream to compress data in the data lake and improve detection efficiency.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: September 17, 2024
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Mangal Rakesh Vankadaru, Prakash Kumar Talreja, Timothy Rayment
  • Patent number: 12079757
    Abstract: An endpoint coupled in a communicating relationship with an enterprise network may include a data recorder configured to store an event stream of data indicating events on the endpoint including types of changes to computing objects, a filter configured to locally process the event stream into a filtered event stream including a subset of types of changes to the computing objects, and a local security agent. The local security agent may be configured to transmit the filtered event stream to a threat management facility, respond to a filter adjustment from the threat management facility by adjusting the filter to modify the subset of types of changes included in the filtered event stream, and respond to a query from the threat management facility by retrieving data stored in the data recorder over a time window before the query and excluded from the filtered event stream.
    Type: Grant
    Filed: August 14, 2023
    Date of Patent: September 3, 2024
    Assignee: Sophos Limited
    Inventors: Beata Ladnai, Mark D. Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries