-
Patent Agency Ranking
公开(公告)号:US20180322286A1
公开(公告)日:2018-11-08
申请号:US15585156
申请日:2017-05-02
Applicant: CrowdStrike, Inc.
Inventor: David F. Diehl , Daniel W. Brown , Aaron Javon Marks , Kirby Koster , Daniel T. Martin
CPC classification number: G06F21/566 , G06F21/552 , H04L63/14 , H04L63/1416
Abstract: A security agent implemented on a monitored computing device is described herein. The security agent has access to parametric behavioral pattern definitions that, in combination with canonical patterns of behavior, configure the security agent to match observed behavior with known computing behavior that is benign or malignant. This arrangement of the definitions and the pattern of behavior allow the security agent's behavior to be updated by a remote security service without updating a configuration of the security agent. The remote security service can create, modify, and disseminate these definitions and patterns of behavior, giving the security agent real-time ability to respond to new behaviors exhibited by the monitored computing device.
-
2.发明授权公开(公告)号:US11907370B2
公开(公告)日:2024-02-20
申请号:US17019166
申请日:2020-09-11
Applicant: CrowdStrike, Inc.
Inventor: David F. Diehl , Daniel W. Brown , Aaron Javan Marks , Kirby J. Koster , Daniel T. Martin
CPC classification number: G06F21/566 , G06F21/552 , H04L63/14 , H04L63/1416 , G06N20/00
Abstract: A security agent implemented on a monitored computing device is described herein. The security agent has access to parametric behavioral pattern definitions that, in combination with canonical patterns of behavior, configure the security agent to match observed behavior with known computing behavior that is benign or malignant. This arrangement of the definitions and the pattern of behavior allow the security agent's behavior to be updated by a remote security service without updating a configuration of the security agent. The remote security service can create, modify, and disseminate these definitions and patterns of behavior, giving the security agent real-time ability to respond to new behaviors exhibited by the monitored computing device.
-
公开(公告)号:US09477835B2
公开(公告)日:2016-10-25
申请号:US14048920
申请日:2013-10-08
Applicant: CrowdStrike, Inc.
Inventor: Daniel T. Martin , David F. Diehl
CPC classification number: G06F21/552 , G06F11/3006 , G06F11/3089 , G06F21/554 , G06F2201/86 , G06F2201/875 , H04L63/1425
Abstract: A computing device described herein is configured to receive a notification of an event associated with a plurality of system components. In response, the computing device determines a state for the system components based on a state for one of those system components specified in an event model. That specified state in the event model reflects a previous occurrence of another event.
Abstract translation: 这里描述的计算设备被配置为接收与多个系统组件相关联的事件的通知。 作为响应,计算设备基于事件模型中指定的那些系统组件之一的状态来确定系统组件的状态。 事件模型中的指定状态反映了先前发生的另一个事件。
-
公开(公告)号:US10803172B2
公开(公告)日:2020-10-13
申请号:US15585156
申请日:2017-05-02
Applicant: CrowdStrike, Inc.
Inventor: David F. Diehl , Daniel W. Brown , Aaron Javon Marks , Kirby Koster , Daniel T. Martin
Abstract: A security agent implemented on a monitored computing device is described herein. The security agent has access to parametric behavioral pattern definitions that, in combination with canonical patterns of behavior, configure the security agent to match observed behavior with known computing behavior that is benign or malignant. This arrangement of the definitions and the pattern of behavior allow the security agent's behavior to be updated by a remote security service without updating a configuration of the security agent. The remote security service can create, modify, and disseminate these definitions and patterns of behavior, giving the security agent real-time ability to respond to new behaviors exhibited by the monitored computing device.
-
公开(公告)号:US20150101044A1
公开(公告)日:2015-04-09
申请号:US14048920
申请日:2013-10-08
Applicant: CrowdStrike, Inc.
Inventor: Daniel T. Martin , David F. Diehl
IPC: G06F21/50
CPC classification number: G06F21/552 , G06F11/3006 , G06F11/3089 , G06F21/554 , G06F2201/86 , G06F2201/875 , H04L63/1425
Abstract: A computing device described herein is configured to receive a notification of an event associated with a plurality of system components. In response, the computing device determines a state for the system components based on a state for one of those system components specified in an event model. That specified state in the event model reflects a previous occurrence of another event.
Abstract translation: 这里描述的计算设备被配置为接收与多个系统组件相关联的事件的通知。 作为响应,计算设备基于事件模型中指定的那些系统组件之一的状态来确定系统组件的状态。 事件模型中的指定状态反映了先前发生的另一个事件。
-
-
-
-
Search Results
5
records
(took 0.01 seconds)
