logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11727333 B1

PDFFull Text
Date of Patent:
Aug. 15, 2023

Filed:

Mar. 28, 2022

Endpoint with remotely programmable data recorder

Applicant:

Sophos Limited, Abingdon, GB;

Inventors:

Beata Ladnai, Altrincham, GB;

Mark David Harris, Oxon, GB;

Andrew G. P. Smith, Oxford, GB;

Kenneth D. Ray, Seattle, WA (US);

Andrew J. Thomas, Oxfordshire, GB;

Russell Humphries, Surrey, GB;

Assignee:

Sophos Limited, Abingdon, GB;

Attorney:

Strategic Patents, P.C.

Primary Examiner:

Amie C Lin

Int. Cl.
CPC ...
G06F 11/07 (2006.01); H04L 9/40 (2022.01); G06F 21/55 (2013.01); G06F 9/54 (2006.01); G06F 21/56 (2013.01); G06Q 10/0635 (2023.01); G06N 5/046 (2023.01); G06N 20/00 (2019.01); G06F 17/18 (2006.01); G06Q 10/0639 (2023.01); G06F 16/955 (2019.01); G06N 7/00 (2023.01); G06N 5/04 (2023.01); G06N 5/022 (2023.01); G06N 20/20 (2019.01); G06V 20/52 (2022.01); G06F 18/214 (2023.01); G06F 18/21 (2023.01); G06F 18/23213 (2023.01); G06F 18/2413 (2023.01); G06N 5/01 (2023.01); G06Q 30/018 (2023.01); G06Q 30/0283 (2023.01);
U.S. Cl.
CPC ...
G06Q 10/0635 (2013.01); G06F 9/542 (2013.01); G06F 11/079 (2013.01); G06F 16/955 (2019.01); G06F 17/18 (2013.01); G06F 18/214 (2023.01); G06F 18/2178 (2023.01); G06F 18/23213 (2023.01); G06F 18/24143 (2023.01); G06F 21/554 (2013.01); G06F 21/56 (2013.01); G06F 21/562 (2013.01); G06F 21/565 (2013.01); G06N 5/01 (2023.01); G06N 5/022 (2013.01); G06N 5/04 (2013.01); G06N 5/046 (2013.01); G06N 7/00 (2013.01); G06N 20/00 (2019.01); G06N 20/20 (2019.01); G06Q 10/06395 (2013.01); G06V 20/52 (2022.01); H04L 63/0227 (2013.01); H04L 63/0263 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01); G06Q 30/0185 (2013.01); G06Q 30/0283 (2013.01);
Abstract

An endpoint coupled in a communicating relationship with an enterprise network may include a data recorder configured to store an event stream of data indicating events on the endpoint including types of changes to computing objects, a filter configured to locally process the event stream into a filtered event stream including a subset of types of changes to the computing objects, and a local security agent. The local security agent may be configured to transmit the filtered event stream to a threat management facility, respond to a filter adjustment from the threat management facility by adjusting the filter to modify the subset of types of changes included in the filtered event stream, and respond to a query from the threat management facility by retrieving data stored in the data recorder over a time window before the query and excluded from the filtered event stream.

Find Patent Forward Citations

Loading…