Patents by Inventor Ross McKerchar
Ross McKerchar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11853425Abstract: Malware uses various techniques to detect a sandbox environment so that malicious code can avoid execution in closely monitored contexts that might otherwise trigger detection and remediation. A security system is dynamically updated to exploit these anti-sandbox techniques, e.g., by causing endpoints to mimic sandbox environments in a manner that discourages malware execution on the endpoint, and by updating sandboxes to alter or hide sandbox detection triggers.Type: GrantFiled: October 9, 2020Date of Patent: December 26, 2023Assignee: Sophos LimitedInventors: Ross McKerchar, Erik Jan Loman, Simon Neil Reed, Kenneth D. Ray, Andrew J. Thomas, Karl Ackerman
-
Patent number: 11741222Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: December 15, 2020Date of Patent: August 29, 2023Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20220286481Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.Type: ApplicationFiled: April 15, 2022Publication date: September 8, 2022Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11310275Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.Type: GrantFiled: January 31, 2018Date of Patent: April 19, 2022Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20220114257Abstract: Malware uses various techniques to detect a sandbox environment so that malicious code can avoid execution in closely monitored contexts that might otherwise trigger detection and remediation. A security system is dynamically updated to exploit these anti-sandbox techniques, e.g., by causing endpoints to mimic sandbox environments in a manner that discourages malware execution on the endpoint, and by updating sandboxes to alter or hide sandbox detection triggers.Type: ApplicationFiled: October 9, 2020Publication date: April 14, 2022Inventors: Ross McKerchar, Erik Jan Loman, Simon Neil Reed, Kenneth D. Ray, Andrew J. Thomas, Karl Ackerman
-
Patent number: 11134056Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: September 28, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11095609Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: August 17, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11019056Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: May 25, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 10986092Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: April 20, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20210097171Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: ApplicationFiled: December 15, 2020Publication date: April 1, 2021Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 10896254Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: June 29, 2016Date of Patent: January 19, 2021Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20190238591Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190238538Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190238506Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190213325Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, e.g., in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: ApplicationFiled: June 29, 2016Publication date: July 11, 2019Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa