Labeling computing objects for improved threat detection

Threat detection in a network, involving processing a first object on an endpoint, the first object from a location external to the endpoint; in response to a first observed action, colouring the object with a descriptor of a context for the first observed action by persistently associating the desc...

Full description

Saved in:
Bibliographic Details
Main Authors Mark D Harris, Andrew J Thomas, John Edward Tyrone Shaw, Neil Robert Tyndale Watkiss, Harald Schutz, Robert W Cook, Simon Neil Reed, Anthony John Merry, Daniel Salvatore Schiappa, Kenneth D Ray
Format Patent
LanguageEnglish
Published 06.02.2019
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:Threat detection in a network, involving processing a first object on an endpoint, the first object from a location external to the endpoint; in response to a first observed action, colouring the object with a descriptor of a context for the first observed action by persistently associating the descriptor with the first object, the context including at least one attribute identifying the first object as exposed to external data; inheriting the descriptor at a second object when the second object is the target of an action by the first object ; applying a rule dependent on the descriptor in response to a second observed action of the second object to detect a reportable event based in part on an exposure of the second object to the external data; and transmitting information including a description of the reportable event and the second object along with the descriptor of the context to a threat management facility.
Bibliography:Application Number: GB20180011123