Patents by Inventor Harald Schütz
Harald Schütz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11716351Abstract: A honeypot file is cryptographically secured with a cryptographic key. The key, or related key material, is then placed on a central keystore and the file is placed on a data store within the enterprise network. Unauthorized access to the honeypot file can then be detecting by monitoring use of the associated key material, which usefully facilitates detection of file access at any time when, and from any location where, cryptographic access to the file is initiated.Type: GrantFiled: July 8, 2021Date of Patent: August 1, 2023Assignee: Sophos LimitedInventors: Harald Schütz, Andreas Berger, Russell Humphries, Mark D. Harris, Kenneth D. Ray
-
Publication number: 20210344715Abstract: A honeypot file is cryptographically secured with a cryptographic key. The key, or related key material, is then placed on a central keystore and the file is placed on a data store within the enterprise network. Unauthorized access to the honeypot file can then be detecting by monitoring use of the associated key material, which usefully facilitates detection of file access at any time when, and from any location where, cryptographic access to the file is initiated.Type: ApplicationFiled: July 8, 2021Publication date: November 4, 2021Inventors: Harald Schütz, Andreas Berger, Russell Humphries, Mark D. Harris, Kenneth D. Ray
-
Patent number: 11089056Abstract: A honeypot file is cryptographically secured with a cryptographic key. The key, or related key material, is then placed on a central keystore and the file is placed on a data store within the enterprise network. Unauthorized access to the honeypot file can then be detecting by monitoring use of the associated key material, which usefully facilitates detection of file access at any time when, and from any location where, cryptographic access to the file is initiated.Type: GrantFiled: September 28, 2018Date of Patent: August 10, 2021Assignee: Sophos LimitedInventors: Harald Schütz, Andreas Berger, Russell Humphries, Mark D. Harris, Kenneth D. Ray
-
Patent number: 10834061Abstract: Rules are applied at a network perimeter to outbound network communications that contain file attachments. The rules may, in a variety of circumstances, require wrapping of an outbound file from the endpoint in a portable encrypted container. The network perimeter may be enforced locally at the endpoint, or at any network device between the endpoint and a recipient.Type: GrantFiled: January 14, 2019Date of Patent: November 10, 2020Assignee: Sophos LimitedInventors: Russell Humphries, Gordon Sullivan, Kenneth D. Ray, Anthony John Merry, Harald Schütz, Andreas Berger
-
Patent number: 10691824Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: GrantFiled: January 15, 2019Date of Patent: June 23, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Patent number: 10657277Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: GrantFiled: November 20, 2017Date of Patent: May 19, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Patent number: 10650154Abstract: Securing an endpoint against malicious activity includes encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files, receiving a request to access a file from a process executing on the endpoint, decrypting the file for the process, and monitoring a security state of the process. If the security state becomes a compromised state, a technique involves maintaining access to any open files (including the file decrypted for the process), prohibiting access to other files, and initiating a remediation of the process by facilitating a restart of the process. If the remediation is successful, access by the process to the plurality of files may be restored.Type: GrantFiled: February 12, 2016Date of Patent: May 12, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Publication number: 20200106808Abstract: A honeypot file is cryptographically secured with a cryptographic key. The key, or related key material, is then placed on a central keystore and the file is placed on a data store within the enterprise network. Unauthorized access to the honeypot file can then be detecting by monitoring use of the associated key material, which usefully facilitates detection of file access at any time when, and from any location where, cryptographic access to the file is initiated.Type: ApplicationFiled: September 28, 2018Publication date: April 2, 2020Inventors: Harald Schütz, Andreas Berger, Russell Humphries, Mark D. Harris, Kenneth D. Ray
-
Patent number: 10558800Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: May 3, 2018Date of Patent: February 11, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Patent number: 10516531Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: August 24, 2018Date of Patent: December 24, 2019Assignee: Sophos LimitedInventors: Harald Schütz, Andrew J. Thomas, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20190253399Abstract: Rules are applied at a network perimeter to outbound network communications that contain file attachments. The rules may, in a variety of circumstances, require wrapping of an outbound file from the endpoint in a portable encrypted container. The network perimeter may be enforced locally at the endpoint, or at any network device between the endpoint and a recipient.Type: ApplicationFiled: January 14, 2019Publication date: August 15, 2019Inventors: Russell Humphries, Gordon Sullivan, Kenneth D. Ray, Anthony John Merry, Harald Schütz, Andreas Berger
-
Publication number: 20190228172Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: ApplicationFiled: January 15, 2019Publication date: July 25, 2019Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Publication number: 20180367299Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: ApplicationFiled: August 24, 2018Publication date: December 20, 2018Inventors: Harald Schütz, Andrew J. Thomas, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20180276378Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: ApplicationFiled: May 3, 2018Publication date: September 27, 2018Inventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Patent number: 10063373Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: November 23, 2016Date of Patent: August 28, 2018Assignee: Sophos LimitedInventors: Harald Schütz, Andrew J. Thomas, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 9984248Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: GrantFiled: February 12, 2016Date of Patent: May 29, 2018Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Patent number: 9965627Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: September 14, 2014Date of Patent: May 8, 2018Assignee: Sophos LimitedInventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Publication number: 20180075249Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: ApplicationFiled: November 20, 2017Publication date: March 15, 2018Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Publication number: 20170235966Abstract: Securing an endpoint against malicious activity includes encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files, receiving a request to access a file from a process executing on the endpoint, decrypting the file for the process, and monitoring a security state of the process. If the security state becomes a compromised state, a technique involves maintaining access to any open files (including the file decrypted for the process), prohibiting access to other files, and initiating a remediation of the process by facilitating a restart of the process. If the remediation is successful, access by the process to the plurality of files may be restored.Type: ApplicationFiled: February 12, 2016Publication date: August 17, 2017Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Publication number: 20170235967Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: ApplicationFiled: February 12, 2016Publication date: August 17, 2017Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw