[go: up one dir, main page]

GB2572471B - Detecting lateral movement by malicious applications - Google Patents

Detecting lateral movement by malicious applications Download PDF

Info

Publication number
GB2572471B
GB2572471B GB1901182.4A GB201901182A GB2572471B GB 2572471 B GB2572471 B GB 2572471B GB 201901182 A GB201901182 A GB 201901182A GB 2572471 B GB2572471 B GB 2572471B
Authority
GB
United Kingdom
Prior art keywords
lateral movement
malicious applications
detecting lateral
detecting
malicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1901182.4A
Other versions
GB201901182D0 (en
GB2572471A (en
Inventor
J Thomas Andrew
Stutz Daniel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sophos Ltd filed Critical Sophos Ltd
Priority to GB1901182.4A priority Critical patent/GB2572471B/en
Priority claimed from GB1900949.7A external-priority patent/GB2566657B8/en
Publication of GB201901182D0 publication Critical patent/GB201901182D0/en
Publication of GB2572471A publication Critical patent/GB2572471A/en
Application granted granted Critical
Publication of GB2572471B publication Critical patent/GB2572471B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/305Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
GB1901182.4A 2016-06-30 2016-06-30 Detecting lateral movement by malicious applications Active GB2572471B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1901182.4A GB2572471B (en) 2016-06-30 2016-06-30 Detecting lateral movement by malicious applications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1900949.7A GB2566657B8 (en) 2016-06-30 2016-06-30 Proactive network security using a health heartbeat
GB1901182.4A GB2572471B (en) 2016-06-30 2016-06-30 Detecting lateral movement by malicious applications

Publications (3)

Publication Number Publication Date
GB201901182D0 GB201901182D0 (en) 2019-03-20
GB2572471A GB2572471A (en) 2019-10-02
GB2572471B true GB2572471B (en) 2020-10-21

Family

ID=65997892

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1901182.4A Active GB2572471B (en) 2016-06-30 2016-06-30 Detecting lateral movement by malicious applications

Country Status (1)

Country Link
GB (1) GB2572471B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11811929B2 (en) 2021-01-27 2023-11-07 International Business Machines Corporation Detection of compromised credentials

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12536319B2 (en) 2022-06-08 2026-01-27 Microsoft Technology Licensing, Llc Controlling application access to sensitive data
CN119066464B (en) * 2024-07-31 2025-09-05 电子科技大学 APT covert channel identification method and system for multimodal anomaly detection

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160088000A1 (en) * 2014-09-18 2016-03-24 Microsoft Corporation Lateral movement detection
US20180288079A1 (en) * 2015-08-31 2018-10-04 Splunk Inc. Lateral movement detection for network security analysis

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160088000A1 (en) * 2014-09-18 2016-03-24 Microsoft Corporation Lateral movement detection
US20180288079A1 (en) * 2015-08-31 2018-10-04 Splunk Inc. Lateral movement detection for network security analysis

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11811929B2 (en) 2021-01-27 2023-11-07 International Business Machines Corporation Detection of compromised credentials

Also Published As

Publication number Publication date
GB201901182D0 (en) 2019-03-20
GB2572471A (en) 2019-10-02

Similar Documents

Publication Publication Date Title
IL297610B1 (en) Eye position detection using eye features
GB201900639D0 (en) Detecting vulnerable applications
EP3923593C0 (en) ZONE DETECTION
EP3408402A4 (en) MAGNETOELECTROCHEMICAL DETECTION
EP3179954A4 (en) Detecting uncontrolled movement
GB201602319D0 (en) Proximity detection
PL3245484T3 (en) Inductive movement sensors
PL3245483T3 (en) Inductive movement sensors
GB201514987D0 (en) Tamper detection
PL3245482T3 (en) Inductive movement sensors
GB201719627D0 (en) Proximity detection
GB201513698D0 (en) Object detection
GB2543813B (en) Improved malware detection
EP3153582A4 (en) Improved nitrile hydratase
GB2556191B (en) Gesture detection
UY4467S (en) JAR
BR112017007401A2 (en) specific detection methods
MA50130A (en) POSITION DETECTOR
GB2572471B (en) Detecting lateral movement by malicious applications
EP3252426A4 (en) Displacement detection device
EP3238620C0 (en) MOTION DETECTION PLATE
IL250053A0 (en) Motion detection facility
GB201502226D0 (en) AH-7921 detection
DE112015001410A5 (en) Sensor magnet assembly
BR112017000904A2 (en) polymeric detection methods