Patents by Inventor Richard S. Teal
Richard S. Teal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240070297Abstract: A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.Type: ApplicationFiled: April 3, 2023Publication date: February 29, 2024Inventor: Richard S. Teal
-
Publication number: 20230300112Abstract: A stream of events is received at a local security agent running on an endpoint at an enterprise network. The local security agent may detect an event of a first event type and may generate an aggregate event with subsequent events of the first event type in the stream. The local security agent may then transmit the aggregate event to a security resource for detecting security threats.Type: ApplicationFiled: March 21, 2022Publication date: September 21, 2023Inventors: Michael David Wood, Anand Ajjan, Richard S. Teal
-
Patent number: 11620396Abstract: A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.Type: GrantFiled: July 13, 2021Date of Patent: April 4, 2023Assignee: Sophos LimitedInventor: Richard S. Teal
-
Publication number: 20210342461Abstract: A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.Type: ApplicationFiled: July 13, 2021Publication date: November 4, 2021Inventor: Richard S. Teal
-
Patent number: 11093624Abstract: A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.Type: GrantFiled: October 27, 2017Date of Patent: August 17, 2021Assignee: Sophos LimitedInventor: Richard S. Teal
-
Patent number: 11017102Abstract: A kernel driver on an endpoint is configured to monitor processes executing on the endpoint that use network communications, and to transmit process information to a firewall for the endpoint. The firewall can, in turn, use process this stream of information from individual endpoints or groups of endpoints as context for observed network activity in order to control secure network communications and otherwise manage network activity.Type: GrantFiled: October 27, 2017Date of Patent: May 25, 2021Assignee: Sophos LimitedInventor: Richard S. Teal
-
Patent number: 10885213Abstract: The configuration of a firewall on an endpoint is secured to prevent changes by unauthorized processes, while permitting changes that are requested by authorized processes. Authorized processes can be stored in a tamper protection cache within a kernel of the operating system of the endpoint and secured with reference to a trust authority external to the operating system. When a process on the endpoint requests a change to the firewall configuration, the requesting process can be checked against the processes listed in the tamper protection cache, and any suitable rules can be applied to limit or prevent changes to firewall configuration.Type: GrantFiled: October 27, 2017Date of Patent: January 5, 2021Assignee: Sophos LimitedInventor: Richard S. Teal
-
Patent number: 10885212Abstract: An endpoint has a tamper protection cache that identifies protected computing objects, along with a process cache that stores information for processes executing on the endpoint. By securing the tamper protection cache with reference to a trust authority external to the endpoint, or the operating system for the endpoint, computing objects listed in the tamper protection cache can be protected against unauthorized modifications from malware or other malicious or otherwise potentially unsafe code.Type: GrantFiled: October 27, 2017Date of Patent: January 5, 2021Assignee: Sophos LimitedInventor: Richard S. Teal
-
Patent number: 10885211Abstract: Endpoint security is improved by monitoring and controlling interprocess communications through a kernel-based endpoint protection driver. A list of protected computing objects such as registry keys, files, processes and directories is stored in the kernel and secured with reference to a trust authority external to the kernel and the endpoint. Protected processes are further controlled from unauthorized access and use by monitoring all interprocess communications through the endpoint protection driver and preventing unprotected processes from passing (potentially unsafe) data to protected processes.Type: GrantFiled: October 27, 2017Date of Patent: January 5, 2021Assignee: Sophos LimitedInventor: Richard S. Teal
-
Publication number: 20190081928Abstract: A kernel driver on an endpoint is configured to monitor processes executing on the endpoint that use network communications, and to transmit process information to a firewall for the endpoint. The firewall can, in turn, use process this stream of information from individual endpoints or groups of endpoints as context for observed network activity in order to control secure network communications and otherwise manage network activity.Type: ApplicationFiled: October 27, 2017Publication date: March 14, 2019Inventor: Richard S. Teal
-
Publication number: 20190081962Abstract: A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.Type: ApplicationFiled: October 27, 2017Publication date: March 14, 2019Inventor: Richard S. Teal
-
Publication number: 20190080102Abstract: Endpoint security is improved by monitoring and controlling interprocess communications through a kernel-based endpoint protection driver. A list of protected computing objects such as registry keys, files, processes and directories is stored in the kernel and secured with reference to a trust authority external to the kernel and the endpoint. Protected processes are further controlled from unauthorized access and use by monitoring all interprocess communications through the endpoint protection driver and preventing unprotected processes from passing (potentially unsafe) data to protected processes.Type: ApplicationFiled: October 27, 2017Publication date: March 14, 2019Inventor: Richard S. Teal
-
Publication number: 20190081983Abstract: The configuration of a firewall on an endpoint is secured to prevent changes by unauthorized processes, while permitting changes that are requested by authorized processes. Authorized processes can be stored in a tamper protection cache within a kernel of the operating system of the endpoint and secured with reference to a trust authority external to the operating system. When a process on the endpoint requests a change to the firewall configuration, the requesting process can be checked against the processes listed in the tamper protection cache, and any suitable rules can be applied to limit or prevent changes to firewall configuration.Type: ApplicationFiled: October 27, 2017Publication date: March 14, 2019Inventor: Richard S. Teal
-
Publication number: 20190080078Abstract: An endpoint has a tamper protection cache that identifies protected computing objects, along with a process cache that stores information for processes executing on the endpoint. By securing the tamper protection cache with reference to a trust authority external to the endpoint, or the operating system for the endpoint, computing objects listed in the tamper protection cache can be protected against unauthorized modifications from malware or other malicious or otherwise potentially unsafe code.Type: ApplicationFiled: October 27, 2017Publication date: March 14, 2019Inventor: Richard S. Teal
-
Patent number: 9374390Abstract: Techniques allow runtime extensions to a whitelist that locks down a computational system. For example, executable code is not only subject to whitelist checks that allow (or deny) its execution, but is also subject to checks that determine whether a whitelisted executable is itself trusted to introduce further executable code into the computational system in which it is allowed to run. In general, deletion and/or modification of instances of code that are already covered by the whitelist are also disallowed in accordance with a security policy. Accordingly, an executable that is trusted may be allowed to delete and/or modify code instances covered by the whitelist. In general, trust may be coded for a given code instance that seeks to introduce, remove or modify code.Type: GrantFiled: January 23, 2015Date of Patent: June 21, 2016Assignee: LUMENSION SECURITY, INC.Inventors: Daniel M. Teal, Wesley G. Miller, Charisse Castagnoli, Toney Jennings, Todd Schell, Richard S. Teal
-
Patent number: 8950007Abstract: Techniques have been developed to allow runtime extensions to a whitelist that locks down a computational system. For example, executable code (including e.g., objects such as a script or active content that may be treated as an executable) is not only subject to whitelist checks that allow (or deny) its execution, but is also subject to checks that determine whether a whitelisted executable is itself trusted to introduce further executable code into the computational system in which it is allowed to run. In general, deletion and/or modification of instances of code that are already covered by the whitelist are also disallowed in accordance with a security policy. Accordingly, an executable that is trusted may be allowed to delete and/or modify code instances covered by the whitelist. In general, trust may be coded for a given code instance that seeks to introduce, remove or modify code (e.g., in the whitelist itself).Type: GrantFiled: January 28, 2010Date of Patent: February 3, 2015Assignee: Lumension Security, Inc.Inventors: Daniel M. Teal, Wesley G. Miller, Charisse Castagnoli, Toney Jennings, Todd Schell, Richard S. Teal
-
Publication number: 20100318789Abstract: System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules.Type: ApplicationFiled: March 19, 2010Publication date: December 16, 2010Inventors: Richard S. Teal, Todd A. Schell, Daniel M. Teal
-
Patent number: 7711952Abstract: System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules.Type: GrantFiled: September 13, 2005Date of Patent: May 4, 2010Assignee: Coretrace CorporationInventors: Daniel M. Teal, Richard S. Teal, Todd A. Schell
-
Patent number: 7398389Abstract: A system and method for network security using a kernel based network security infrastructure is disclosed. The method comprises the installation of a computer code set into the operating system kernel of each computer on a network and use of the computer code set to detect and stop unwanted or malicious intrusions into the kernel. Because the security feature is kernel based, a broader range of security features, such as security of communication between user-space applications and the kernel, can be implemented.Type: GrantFiled: November 14, 2002Date of Patent: July 8, 2008Assignee: Coretrace CorporationInventors: Daniel M. Teal, Richard S. Teal
-
Publication number: 20030120935Abstract: A system and method for network security using a kernel based network security infrastructure is disclosed. The method comprises the installation of a computer code set into the operating system kernel of each computer on a network and use of the computer code set to detect and stop unwanted or malicious intrusions into the kernel. Because the security feature is kernel based, a broader range of security features, such as security of communication between user-space applications and the kernel, can be implemented.Type: ApplicationFiled: November 14, 2002Publication date: June 26, 2003Applicant: CORETRACE CORPORATIONInventors: Daniel M. Teal, Richard S. Teal