Patent · US Active

Advanced persistent threat detection

US9392015B2 · kind B2 · utility

32Cited by

12References

15Claims

0Family size

Assignee

Sophos Limited · GB

Inventor

Andrew J. Thomas · Woodstock, GB

Key dates

Filing date	Apr 28, 2014
Grant date	Jul 12, 2016
Priority date	—
Expiry date	Apr 30, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/146
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.