Patents by Inventor Kenneth D. Ray
Kenneth D. Ray has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240142126Abstract: Embodiments include overflow sensor assemblies for water heaters, HVAC systems, and other devices for which temperature control systems may be used. An example overflow sensor assembly for detecting fluid leaks at a device may include a sensor probe configured to be in electrical communication with a power supply, and a sensor mounting bracket that forms a ground, where the sensor mounting bracket is configured to be adjustably coupled to a mounting surface on the device, such that the sensor mounting bracket can deflect about the mounting surface. The sensor probe is suspended from the sensor mounting bracket.Type: ApplicationFiled: January 9, 2024Publication date: May 2, 2024Inventors: Robert L. Long, Kenneth D. Frederick, Kevin M. Ray, Karl S. Tallakson, Sivakumar Gopalnarayanan
-
Publication number: 20240112115Abstract: In a threat management platform, a number of endpoints log events in an event data recorder. A local agent filters this data and feeds a filtered data stream to a central threat management facility. The central threat management facility can locally or globally tune filtering by local agents based on the current data stream, and can query local event data recorders for additional information where necessary or helpful in threat detection or forensic analysis. The central threat management facility also stores and deploys a number of security tools such as a web-based user interface supported by machine learning models to identify potential threats requiring human intervention and other models to provide human-readable context for evaluating potential threats.Type: ApplicationFiled: August 3, 2023Publication date: April 4, 2024Inventors: Beata Ladnai, Mark D. Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Patent number: 11928231Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.Type: GrantFiled: March 7, 2023Date of Patent: March 12, 2024Assignee: Sophos LimitedInventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Patent number: 11916907Abstract: Where a single networked security service supports multiple enterprises, this security service can operate as a shared source of trust so that security devices associated with one enterprise can provide authenticated, policy-based management of computing devices associated with another enterprise. For example, an enterprise firewall can advantageously manage network access for a new device based on a shared and authenticated relationship with the networked security service.Type: GrantFiled: July 8, 2020Date of Patent: February 27, 2024Assignee: Sophos LimitedInventors: Andrew J. Thomas, Moritz Daniel Grimm, Thomas Rolf-Werner Eckert, Kenneth D. Ray
-
Publication number: 20240062133Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.Type: ApplicationFiled: September 7, 2023Publication date: February 22, 2024Inventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
-
Publication number: 20240037477Abstract: An endpoint coupled in a communicating relationship with an enterprise network may include a data recorder configured to store an event stream of data indicating events on the endpoint including types of changes to computing objects, a filter configured to locally process the event stream into a filtered event stream including a subset of types of changes to the computing objects, and a local security agent. The local security agent may be configured to transmit the filtered event stream to a threat management facility, respond to a filter adjustment from the threat management facility by adjusting the filter to modify the subset of types of changes included in the filtered event stream, and respond to a query from the threat management facility by retrieving data stored in the data recorder over a time window before the query and excluded from the filtered event stream.Type: ApplicationFiled: August 14, 2023Publication date: February 1, 2024Inventors: Beata Ladnai, Mark D. Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Patent number: 11853414Abstract: Trampoline and return-oriented programming attacks employ a variety of techniques to maliciously execute instructions on a device in a manner different from a legitimate programmer's original intent. By instrumenting a device to detect deviations from predicted behavior, these exploits can be identified and mitigated.Type: GrantFiled: November 16, 2021Date of Patent: December 26, 2023Assignee: Sophos LimitedInventors: Erik Jan Loman, Lute Edwin Engels, Andrew J. Thomas, Kenneth D. Ray
-
Patent number: 11853425Abstract: Malware uses various techniques to detect a sandbox environment so that malicious code can avoid execution in closely monitored contexts that might otherwise trigger detection and remediation. A security system is dynamically updated to exploit these anti-sandbox techniques, e.g., by causing endpoints to mimic sandbox environments in a manner that discourages malware execution on the endpoint, and by updating sandboxes to alter or hide sandbox detection triggers.Type: GrantFiled: October 9, 2020Date of Patent: December 26, 2023Assignee: Sophos LimitedInventors: Ross McKerchar, Erik Jan Loman, Simon Neil Reed, Kenneth D. Ray, Andrew J. Thomas, Karl Ackerman
-
Patent number: 11843631Abstract: An endpoint in an enterprise network is monitored, and when a potential trigger for a distributed denial of service (DDoS) attack is followed by an increase in network traffic from the endpoint to a high reputation network address, the endpoint is treated as a DDoS service bot and isolated from the network until remediation can be performed.Type: GrantFiled: July 8, 2021Date of Patent: December 12, 2023Assignee: Sophos LimitedInventors: Karl Ackerman, Mark David Harris, Simon Neil Reed, Andrew J. Thomas, Kenneth D. Ray
-
Publication number: 20230385447Abstract: A threat management system provides a collection of queries for investigating security issues within an enterprise. Useful inferences are drawn about the value of different queries, and about the security posture of the enterprise, by monitoring contextual activity such as the popularity and context of query usage, patterns of end user modification to queries, and post-query activity.Type: ApplicationFiled: August 14, 2023Publication date: November 30, 2023Inventors: Karl Ackerman, Andrew J. Thomas, Kenneth D. Ray
-
Patent number: 11755974Abstract: An automated system attempts to characterize code as safe or unsafe. For intermediate code samples not placed with sufficient confidence in either category, human-readable analysis is automatically generated to assist a human reviewer in reaching a final disposition. For example, a random forest over human-interpretable features may be created and used to identify suspicious features in a manner that is understandable to, and actionable by, a human reviewer. Similarly, a k-nearest neighbor algorithm may be used to identify similar samples of known safe and unsafe code based on a model for, e.g., a file path, a URL, an executable, and so forth. Similar code may then be displayed (with other information) to a user for evaluation in a user interface. This comparative information can improve the speed and accuracy of human interventions by providing richer context for human review of potential threats.Type: GrantFiled: March 1, 2021Date of Patent: September 12, 2023Assignee: Sophos LimitedInventors: Joshua Daniel Saxe, Andrew J. Thomas, Russell Humphries, Simon Neil Reed, Kenneth D. Ray, Joseph H. Levy
-
Patent number: 11741222Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: December 15, 2020Date of Patent: August 29, 2023Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 11736522Abstract: An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.Type: GrantFiled: December 18, 2018Date of Patent: August 22, 2023Assignee: Sophos LimitedInventors: Andrew J. Thomas, Kenneth D. Ray, Karl Ackerman
-
Patent number: 11727143Abstract: A threat management system provides a collection of queries for investigating security issues within an enterprise. Useful inferences are drawn about the value of different queries, and about the security posture of the enterprise, by monitoring contextual activity such as the popularity and context of query usage, patterns of end user modification to queries, and post-query activity.Type: GrantFiled: June 9, 2021Date of Patent: August 15, 2023Assignee: Sophos LimitedInventors: Karl Ackerman, Andrew J. Thomas, Kenneth D. Ray
-
Patent number: 11727333Abstract: An endpoint coupled in a communicating relationship with an enterprise network may include a data recorder configured to store an event stream of data indicating events on the endpoint including types of changes to computing objects, a filter configured to locally process the event stream into a filtered event stream including a subset of types of changes to the computing objects, and a local security agent. The local security agent may be configured to transmit the filtered event stream to a threat management facility, respond to a filter adjustment from the threat management facility by adjusting the filter to modify the subset of types of changes included in the filtered event stream, and respond to a query from the threat management facility by retrieving data stored in the data recorder over a time window before the query and excluded from the filtered event stream.Type: GrantFiled: March 28, 2022Date of Patent: August 15, 2023Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Patent number: 11720844Abstract: In a threat management platform, a number of endpoints log events in an event data recorder. A local agent filters this data and feeds a filtered data stream to a central threat management facility. The central threat management facility can locally or globally tune filtering by local agents based on the current data stream, and can query local event data recorders for additional information where necessary or helpful in threat detection or forensic analysis. The central threat management facility also stores and deploys a number of security tools such as a web-based user interface supported by machine learning models to identify potential threats requiring human intervention and other models to provide human-readable context for evaluating potential threats.Type: GrantFiled: March 26, 2021Date of Patent: August 8, 2023Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew G. P. Smith, Kenneth D. Ray, Andrew J. Thomas, Russell Humphries
-
Patent number: 11722521Abstract: A firewall uses information about an application that originates a network request to determine whether and how to forward the request over a network. The firewall may more generally rely on the identity of the originating application, the security state of the originating application, the security state of the endpoint, and any other information that might provide an indication of malicious activity, to make routing and forwarding decisions for endpoint-originated network traffic.Type: GrantFiled: February 8, 2022Date of Patent: August 8, 2023Assignee: Sophos LimitedInventors: Andrew J. Thomas, Karl Ackerman, James Douglas Bean, Kenneth D. Ray, Daniel Stutz
-
Patent number: 11716351Abstract: A honeypot file is cryptographically secured with a cryptographic key. The key, or related key material, is then placed on a central keystore and the file is placed on a data store within the enterprise network. Unauthorized access to the honeypot file can then be detecting by monitoring use of the associated key material, which usefully facilitates detection of file access at any time when, and from any location where, cryptographic access to the file is initiated.Type: GrantFiled: July 8, 2021Date of Patent: August 1, 2023Assignee: Sophos LimitedInventors: Harald Schütz, Andreas Berger, Russell Humphries, Mark D. Harris, Kenneth D. Ray
-
Publication number: 20230214514Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.Type: ApplicationFiled: March 7, 2023Publication date: July 6, 2023Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
-
Publication number: 20230216883Abstract: Possible Denial of Service (DoS) activity is detected and remediated based on an initial heartbeat failure from a network asset, followed by externally directed network traffic from the network asset. In general, an interruption of the heartbeat can signal the possible presence of malware on the network asset, and the externally directed network traffic, and particularly certain patterns of traffic such as a high volume of traffic toward an address with a known, good reputation, can signal the possible presence of a DoS bot on the network asset that is sourcing the network traffic.Type: ApplicationFiled: March 7, 2023Publication date: July 6, 2023Inventor: Kenneth D. Ray