Advanced Persistent Threat and Targeted Malware Defense
First Claim
Patent Images
1. A method, comprising:
- receiving, at a computer system, data from one or more data feeds;
obtaining, with the computer system, a binary object based on the data;
loading, with the computer system, the binary object onto a sandboxed system;
executing the binary object with the sandbox system;
analyzing, with the computer system, operation of the sandboxed system to determine whether the binary object includes a malware payload; and
based on a determination that the binary object includes a malware payload, generating, with the computer system, a report indicating that the binary object includes a malware payload.
0 Assignments
0 Petitions
Accused Products
Abstract
Novel tools and techniques are implemented for providing computer security. In various embodiments, a computer system might receive data from one or more data feeds, might obtain a binary object based on the data, might load the binary object onto a sandboxed system, and might execute the binary object with the sandbox system. The computer system might analyze operation of the sandboxed system to determine whether the binary object includes a malware payload, and might, based on a determination that the binary object includes a malware payload, generate a report indicating that the binary object includes a malware payload.
-
Citations
73 Claims
-
1. A method, comprising:
-
receiving, at a computer system, data from one or more data feeds; obtaining, with the computer system, a binary object based on the data; loading, with the computer system, the binary object onto a sandboxed system; executing the binary object with the sandbox system; analyzing, with the computer system, operation of the sandboxed system to determine whether the binary object includes a malware payload; and based on a determination that the binary object includes a malware payload, generating, with the computer system, a report indicating that the binary object includes a malware payload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A system, comprising:
-
a plurality of sandboxed computers, each comprising a main system board; a management computer in communication with the plurality of sandboxed computers, the management computer comprising; one or more processors; and a computer readable medium in communication with the one or more processors, the computer readable medium having encoded thereon a set of instructions executable by the computer system to perform one or more operations, the set of instructions comprising; instructions for downloading a binary object on to each of one or more of the plurality of sandboxed computers, such that each of the one or more of the plurality of sandboxed computers executes or opens the binary object; instructions for analyzing, with the computer system, operation of the sandboxed system to determine whether the binary object includes a malware payload; and instructions for, based on a determination that the binary object includes a malware payload, generating, with the computer system, a report indicating that the binary object includes a malware payload. - View Dependent Claims (67)
-
-
68. A method, comprising:
-
collecting, with a computer, biographical information about a person, the biographical information comprising one or more social media handles; automatically accessing one or more social networks using the social media handles to identify unusual activity; automatically searching the Internet using the biographical information; correlating the unusual activity with results of searching the Internet; and displaying, on a dashboard, indications of unusual activity on the one or more social networks and correlated results of searching the Internet.
-
-
69. A device for secure web browsing, the device comprising:
-
a first set of ports for connections to a set of peripherals; a second set of ports for connections with a computer; a processor in communication with the first and second sets of ports; a network interface in communication with the processor; a switch in communication with the processor; and a write-protected computer-readable medium having instructions encoded thereon, the instructions being executable by the processor to; provide, in a first configuration, a pass-through connection between the first set of ports and the second set of ports, such that the set of peripherals can communicate with the computer for normal operation of the computer; provide, in a second configuration, a secure browsing environment, in which the peripherals communicate with the processor to perform secure web browsing activities using the network interface, without any communication with the computer; and change from the first configuration to the second configuration when the switch is manipulated. - View Dependent Claims (70, 71, 72, 73)
-
Specification