Real Time Touch



new TOP 200 Companies filing patents this week

new Companies with the Most Patent Filings (2010+)




Real Time Touch

Sophos Limited patents


Recent patent applications related to Sophos Limited. Sophos Limited is listed as an Agent/Assignee. Note: Sophos Limited may have other listings under different names/spellings. We're not affiliated with Sophos Limited, we're just tracking patents.

ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 | Company Directory "S" | Sophos Limited-related inventors


 new patent  Policy management

In embodiments of the present invention improved capabilities are described for the operation of a threat management facility, wherein the threat management facility may provide for a plurality of computer asset protection services to a corporate computer network. The threat management facility may provide a policy management service as one of the plurality of protection services, wherein the policy management service may be adapted to provide corporate policy updates to a plurality of computer facilities associated with the corporate computer network. ... Sophos Limited

Behavioral-based control of access to encrypted content by a process

Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a url that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.. ... Sophos Limited

Identifying and remediating phishing security weaknesses

A threat management facility generates a simulated phishing threat based on one or more characteristics of a network user. Based on whether the user fails to respond appropriately to the simulated phishing threat, the threat management facility may implement one or more prophylactic measures to remediate the security weakness exposed by the user's failure to respond appropriately to the simulated phishing threat. ... Sophos Limited

Mitigation of return-oriented programming attacks

Trampoline and return-oriented programming attacks employ a variety of techniques to maliciously execute instructions on a device in a manner different from a legitimate programmer's original intent. By instrumenting a device to detect deviations from predicted behavior, these exploits can be identified and mitigated.. ... Sophos Limited

Use of an application controller to monitor and control software file and application environments

In embodiments of the present invention, a framework for an extensible, file-based security system is described for determining an appropriate application, application environment, and/or access or security control measure based at least in part on a file's reputation. In response to the selection of a file, an application controller may be used to select a software application from two or more software applications to open the selected file, based at least in part on the selected file's reputation. ... Sophos Limited

Emulating transparent file encryption

Transparent file processing is supported in unix-like operating systems by emulating the desired file processing through a number of recipes that accommodate different contexts. Recipes are provided, for example, for local folders in user space, for whole devices (e.g., flash drives or network drives), and for folders synchronized to cloud data. ... Sophos Limited

Perimeter encryption

Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. ... Sophos Limited

Elastic outbound gateway

In general, in an aspect, a method for providing an outbound gateway protection includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways sharing configuration data with the controller gateway, provisioning one or more load balancer gateways in one or more client virtual clouds, the one or more client virtual clouds each comprising one or more clients, the one or more load balancer gateways distributing client requests among the worker gateways, assigning groups of the one or more clients to one of the one or more load balancer gateways based on requests from a majority of the worker gateways, and communicating outbound network traffic from the clients via the assigned load balancer gateways.. . ... Sophos Limited

Systems and methods for dynamic vendor and vendor outlet classification

Certain embodiments of the present invention provide methods and systems for dynamic classification of electronic vendors. Certain embodiments provide a method for dynamic vendor classification. ... Sophos Limited

Content leakage protection

Methods and systems for identifying content of interest. Accessed textual information is processed by at least one of character unification, phrase unification, and concept unification. ... Sophos Limited

Mobile device policy enforcement

In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.. ... Sophos Limited

Cloud storage scanner

A system, method and computer program for a scanning service is presented. A scanning service compatible with a cloud storage system is configured to receive notifications from a cloud storage service about storage event activity and to access data in the cloud storage service. ... Sophos Limited

Method and system for detecting restricted content associated with retrieved content

In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. ... Sophos Limited

Combined security and qos coordination among devices

A method includes establishing a wireless link between a wireless interface of an endpoint and a wap; exchanging, through the wireless link, network traffic associated with execution of an application at the endpoint; executing, at the endpoint, a security routine to monitor a security status of the endpoint; establishing, through the wireless link, a secure channel that shares the wireless link with the network traffic of the application, the secure channel to extend from the security routine to a supervisor through the wireless link and the wap; conveying, from the security routine and through the secure channel, an indication of the security status; receiving, at the security routine and through the secure channel, a command to change a setting of the wireless interface associated with a characteristic of the wireless link; and accessing, from the security routine, the wireless interface to effect the change in response to receiving the command.. . ... Sophos Limited

12/14/17 / #20170359370

Key throttling to mitigate unauthorized file access

A file system extension for an endpoint controls access to files by selectively decrypting files under certain conditions. Where a pattern of access to the files suggests malicious and/or automated file access activity, the file system extension may limit the rate of file access by regulating the rate at which decryption is provided to requesting processes.. ... Sophos Limited

12/14/17 / #20170359309

Combined security and qos coordination among devices

A method includes establishing a wireless link between a wireless interface of an endpoint and a wap; exchanging, through the wireless link, network traffic associated with execution of an application at the endpoint; executing, at the endpoint, a security routine to monitor a security status of the endpoint; establishing, through the wireless link, a secure channel that shares the wireless link with the network traffic of the application, the secure channel to extend from the security routine to a supervisor through the wireless link and the wap; conveying, from the security routine and through the secure channel, an indication of the security status; receiving, at the security routine and through the secure channel, a command to change a setting of the wireless interface associated with a characteristic of the wireless link; and accessing, from the security routine, the wireless interface to effect the change in response to receiving the command.. . ... Sophos Limited

12/14/17 / #20170359306

Network security

A gateway or other network device may be configured to monitor endpoint behavior, and to request a verification of user presence at the endpoint under certain conditions suggesting, e.g., malware or other endpoint compromise. For example, when a network request is directed to a low-reputation or unknown network address, user presence may be verified to ensure that this action was initiated by a human user rather than automatically by malware or the like. ... Sophos Limited

11/30/17 / #20170346835

Server drift monitoring

Threat detection is improved by monitoring variations in observable events and correlating these variations to malicious activity. The disclosed techniques can be usefully employed with any attribute or other metric that can be instrumented on an endpoint and tracked over time including observable events such as changes to files, data, software configurations, operating systems, and so forth. ... Sophos Limited

11/23/17 / #20170339172

A method and system for network access control based on traffic monitoring and vulnerability detection using process related information

Disclosed are various embodiments of method and system for network access control. The method may involve traffic monitoring and vulnerability detection using process information. ... Sophos Limited

11/09/17 / #20170322902

Systems and methods for enforcing policies in the discovery of anonymizing proxy communications

In embodiments of the present invention improved capabilities are described for systems and methods that enforce policies with respect to proxy communications.. . ... Sophos Limited

10/26/17 / #20170310708

Secure labeling of network flows

An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. ... Sophos Limited

10/26/17 / #20170310703

Detecting triggering events for distributed denial of service attacks

An endpoint in an enterprise network is monitored, and when a potential trigger for a distributed denial of service (ddos) attack is followed by an increase in network traffic from the endpoint to a high reputation network address, the endpoint is treated as a ddos service bot and isolated from the network until remediation can be performed.. . ... Sophos Limited

10/26/17 / #20170310693

Local proxy detection

Protocol suites such as hypertext transfer protocol (http) using secure socket layer (ssl) can facilitate secure network communications. When using this type of secure communication, network addresses are typically expressed as numeric internet protocol addresses rather than the human-readable uniform resource locators (urls) that are entered into a browser address bar by a human user. ... Sophos Limited

10/26/17 / #20170310692

Detecting endpoint compromise based on network usage history

In the context of network activity by an endpoint in an enterprise network, malware detection is improved by using a combination of reputation information for a network address that is accessed by the endpoint with reputation information for an application on the endpoint that is accessing the network address. This information, when combined with a network usage history for the application, provides improved differentiation between malicious network activity and legitimate, user-initiated network activity.. ... Sophos Limited

10/26/17 / #20170310686

Labeling network flows according to source applications

An enterprise security system is improved by instrumenting endpoints to explicitly label network flows according to sources of network traffic. When a network message from an endpoint is received at a gateway, firewall, or other network device/service, the network message may be examined to determine the application on the endpoint that originated the request, and this source information may be used to control routing or other handling of the network message.. ... Sophos Limited

10/26/17 / #20170308706

Boot security

In one aspect, a method for securing a device includes receiving a first set of boot information of a device, receiving a first cryptographic proof of the first set of boot information, receiving a second set of boot information of the device, receiving a second cryptographic proof of the second set of boot information, comparing the first set of boot information and the second set of boot information, and, upon determining that the first set of boot information and the second set of boot information are different, determining whether differences between the first set of boot information and the second set of boot information are permitted. The method may also include generating an alert upon determining that differences between the first set of boot information and the second set of boot information are not permitted.. ... Sophos Limited

10/26/17 / #20170308704

Boot security

In one aspect, a method for securing a device includes receiving a first set of boot information from a first device, the first set of boot information including a first list of boot items, receiving from the first device a first proof based on the first set of boot information, verifying the first set of boot information based on the first proof, determining a reputation for one or more of the boot items in the first list of boot items. And reporting the determined reputation. ... Sophos Limited

08/17/17 / #20170237754

Evaluating installers and installer payloads

A reputation of an installer may be determined based on contextual information including its source (e.g., its publisher), a cryptographic signature or certificate, a process that carried out its download, a user that initiated its download, whether the installer has been previously vetted by a security policy, and so forth. A corresponding reputation may then be inferred for each of the computer objects contained within the installer, such that the reputation remains with the computer objects if/when they are unpacked on an endpoint. ... Sophos Limited

08/17/17 / #20170235967

Behavioral-based control of access to encrypted content by a process

Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a url that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.. ... Sophos Limited

08/17/17 / #20170235966

Process-level control of encrypted content

Securing an endpoint against malicious activity includes encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files, receiving a request to access a file from a process executing on the endpoint, decrypting the file for the process, and monitoring a security state of the process. If the security state becomes a compromised state, a technique involves maintaining access to any open files (including the file decrypted for the process), prohibiting access to other files, and initiating a remediation of the process by facilitating a restart of the process. ... Sophos Limited

08/17/17 / #20170235951

Virtual machine security

A virtual machine transmits local files to a secure virtual machine hosted by a hypervisor for malware detection. When malware is detected, the secure virtual machine can responsively provide remediation code to the virtual machine on a temporary basis so that the virtual machine can perform suitable remediation without a permanent increase in size of the virtual machine.. ... Sophos Limited

08/03/17 / #20170223052

Honeypot network services

In general, in one aspect, a system for providing honeypot network services may monitor network activity, and detect network activity indicative of network service discovery by a first device, for example, port scanning. The system may present a temporarily available network service to the first device in response to detecting the activity indicative of port scanning, for example, by redirecting traffic at an unassigned network address to a honeypot network service. ... Sophos Limited

07/20/17 / #20170208078

Method and system for detecting restricted content associated with retrieved content

In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. ... Sophos Limited

04/20/17 / #20170111374

Mitigation of anti-sandbox malware techniques

Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. ... Sophos Limited

04/20/17 / #20170109529

Mitigation of anti-sandbox malware techniques

Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. ... Sophos Limited

04/20/17 / #20170109528

Mitigation of anti-sandbox malware techniques

Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. ... Sophos Limited

03/30/17 / #20170090906

Method and system for providing software updates to local machines

In embodiments of the present invention improved capabilities are described for a updating software in a plurality of devices coupled to one another in a communicating relationship through a local network, the method comprising receiving a descriptor file for a software update at the first device from a remote source outside the local network, the descriptor file including a hash code for each of a plurality of update sub-files and an order for assembling the update sub-files into the software update, downloading the plurality of update sub-files to the first device from a remote source outside the local network until the sub-files identified in the descriptor file are present on the first device, where a presence of the sub-files is evaluated using the hash codes in the descriptor file, and broadcasting every one of the plurality of update sub-files from the first device to the number of other devices.. . ... Sophos Limited

03/16/17 / #20170078093

Key management for compromised enterprise endpoints

Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. ... Sophos Limited








ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009



###

This listing is an abstract for educational and research purposes is only meant as a recent sample of applications filed, not a comprehensive history. Freshpatents.com is not affiliated or associated with Sophos Limited in any way and there may be associated servicemarks. This data is also published to the public by the USPTO and available for free on their website. Note that there may be alternative spellings for Sophos Limited with additional patents listed. Browse our Agent directory for other possible listings. Page by FreshPatents.com

###