US20140143864A1 - System and method for detecting, alerting and blocking data leakage, eavesdropping and spyware - Google Patents
System and method for detecting, alerting and blocking data leakage, eavesdropping and spywareDownload PDFInfo
- Publication number
- US20140143864A1 US20140143864A1US13/904,547US201313904547AUS2014143864A1US 20140143864 A1US20140143864 A1US 20140143864A1US 201313904547 AUS201313904547 AUS 201313904547AUS 2014143864 A1US2014143864 A1US 2014143864A1
- Authority
- US
- United States
- Prior art keywords
- turn
- hardware device
- networked computing
- switch
- device interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1475—Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- the present inventionrelates to a system and method for detecting, alerting and blocking data leakage, eavesdropping and spyware in networked computing devices.
- Networked computing deviceshave a high risk for being attacked by malicious code for gaining remote access, eavesdropping and spying.
- WindowsTM computing devices, iPhoneTM, AndroidTM and WindowsTM Phoneare incredibly high risk environments for being spied upon without the end-user's knowledge.
- Many search engine resulting linkssuch as those of BINGTM and of GOOGLETM contain drive-by malware that allows for remote espionage and provides access to sensitive information stored in the networked computing devices. This unauthorized access to sensitive information provides an increased opportunity for cyber-crime.
- anti-virus, anti-malware, and anti-spyware applicationsfocus on trying to detect malware based on known signatures or behavior.
- new types of malwareare being developed constantly and the currently available firewall, intrusion detection, intrusion prevention, anti-virus, anti-malware, and anti-spyware applications cannot detect, prevent or react to most of the new types of malware.
- This present inventionprovides a system and method for detecting, alerting and blocking data leakage, eavesdropping and spyware in networked computing devices.
- the inventionprovides a computer-implemented method for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices.
- the methodincludes providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device.
- GUIgraphical user interface
- Implementations of this aspect of the inventionmay include one or more of the following features.
- Upon resolving the unauthorized change of status of the specific hardware device interface or unauthorized data traffic across the specific hardware device interfaceturning on the specific hardware device interface by activating the turn-on switch for the specific hardware device interface or the turn-on-off switch.
- Activation of the turn-on, turn-off, turn-all-on, turn-all-off switchesis initiated locally by a user of the networked computing device, or remotely by an administrator of the networked computing device.
- the networked computing deviceincludes a central processing unit (CPU), a security application, and a display.
- the security applicationprovides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware across all available hardware device interfaces in each of the networked computing device.
- the CPUexecutes the computer implemented instruction provided by the security application, and the display displays the GUI.
- the methodfurther includes providing a first table comprising a list of applications and authorized status of each available hardware device interface for each application and storing the first table in a database.
- the methodfurther includes providing a second table comprising a list of known malicious applications and storing the second table in the database.
- the methodfurther includes providing a server configured to access the one or more networked computing devices via a network connection.
- the servercomprises a command center, a dashboard, a toolbar, a taskbar, a standalone GUI and an application programmer's interface (API).
- the command centeris configured to manage remotely security applications in the one or more networked computing devices.
- the methodfurther includes creating rules and policies and installing them in the security applications of the one or more networked computing devices and the server via the command center.
- the methodfurther includes summarizing and presenting in the dashboard real-time events occurring in the one or more networked computing devices and the server.
- the methodfurther includes displaying the status of all available hardware device interfaces in the toolbar for the one or more networked computing devices and the server. Communications between the server and the one or more networked computing devices comprise secure communications protocols.
- the secure communication protocolscomprise one of secure socket layer (SSL), or transport layer security (TLS).
- the serverfurther comprises a real-time kernel driver and a rootkit ‘system’ healer.
- the real-time kernelconstantly monitors the status of all controlling interfaces and settings and in the event a hacker or malicious code tampers with the security applications, the rootkit “system” healer restores the security applications.
- the available hardware device interfacesmay be a keyboard, mouse, touchscreen, webcam, USB hardware device interface, microphone, Flash memory, Infrared, Bluetooth, Ethernet, Wireless, LAN, WAN, VPN, text messaging interfaces, telephone interfaces, modem, cellular, GPS interfaces, gesture based interfaces or eye-motion based interfaces.
- the turn-on, turn-off, turn-all-on, turn-all-off switchescomprise slidably activated switches, or comprise pressure-activated switches.
- the networked computing devicesmay be personal computers, servers, desktops, laptops, mobile phones, iPhonesTM, iPadsTM, iTouchesTM, DroidsTM, BlackberryTM devices, WindowsTM phone, AndroidTM phones, personal digital assistants (PDAs), or tablet devices.
- the warning signalmay be a visual warning signal or an acoustical warning signal.
- the visual warning signalcomprises flashing of the specific hardware device interface image in the GUI.
- the methodfurther includes, prior to installing a new application in any of the one or more networked computing devices, sending a message comprising the hardware device interfaces to which the new application requests access and asking for installation permission and which hardware device interfaces should be blocked.
- the inventionfeatures a system for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices including a graphical user interface (GUI) displaying all available hardware device interfaces in each networked computing device, a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device, a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device, and a security application.
- GUIgraphical user interface
- the security applicationis configured to monitor status of each available hardware device interface and data traffic across each available hardware device interface, and upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal and turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
- the inventionfeatures a computer program product for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices.
- the computer program productis stored on a computer readable medium and includes computer code for providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device, computer code for providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device, computer code for providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device, computer code for monitoring status of each available hardware device interface and data traffic across each available hardware device interface, computer code for providing a warning signal, upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface and computer code for turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
- GUIgraphical user interface
- the present inventionbroadly monitors and protects all the high-risk hardware device ports and interfaces that are accessible by both the end-user and software applications, including modern malware.
- the Snoopwall technology of the present inventioncomplements prior art security applications, which usually monitor network traffic across network traffic ports.
- Network traffic portsmay be opened for allowing Internet communications.
- port 80is opened for allowing World Wide Web communications via the hypertext transfer protocol (HTTP).
- port 21is opened for allowing file transfers via the file transfer protocol (FTP).
- HTTPhypertext transfer protocol
- FTPfile transfer protocol
- Prior art security applicationsfocus on monitoring these network traffic ports for malicious traffic and review packets of data traveling over these network traffic ports.
- the Snoopwall technology of the present inventiondoes not need to eavesdrop on any network traffic packets or data as it is designed to monitor access to the actual Ethernet hardware device ports and to alert end-users about any new attempted access to these hardware device ports.
- the Snoopwall technology of the present inventiondoes not need any information or frequent updates about the types of traffic that may flow across the many (up to 65535) network traffic ports using many different protocols. Therefore, the Snoopwall technology of the present invention complements prior art security applications and techniques and provides a more efficient method of blocking access to the network through the actual hardware device interface ports such as Ethernet, Wireless Ethernet, among others.
- the Snoopwall technology of the present inventionis focused on the root cause of data leakage, i.e., access to the high-risk hardware interface ports, while prior art security applications focus on detecting the signatures of the malware payload or the malware behavior. Therefore, the Snoopwall technology of the present invention is applicable against any type of malware including new or not yet detected types of malware, whereas the prior art security applications are applicable only to already known malware.
- the Snoopwall technology of the present inventionis applicable against advanced persistent threats (APTs) malware, which is malware that is nearly impossible to detect or remove.
- APIsadvanced persistent threats
- the Snoopwall technology of the present inventionis also applicable against zero-day (O-day) or other new forms of malware.
- the Snoopwall technology of the present inventionfocuses on the management of the high-risk hardware interface ports, it will not require any updates for malware signatures or malware behavioral heuristics.
- the only necessary updates for the Snoopwall technology to properly secure an end-user environmentwould be only when new high-risk hardware interface ports are created, which is a very infrequent event.
- Thisis not only uniquely complementary to existing security utilities, it is a completely radical approach—focusing on the areas where data is leaked from, instead of focusing on the detection of each possible piece of new malware being delivered to the end-user system in some form of payload or application.
- FIG. 1is a schematic diagram of the network architecture of a system 80 for blocking data leakage, eavesdropping and spyware applications according to this invention
- FIG. 2is a schematic diagram of the computing device 92 A of FIG. 1 ;
- FIG. 3is a schematic diagram of one embodiment of a graphical user interface (GUI) 100 used in the computing device 92 A of FIG. 2 ;
- GUIgraphical user interface
- FIG. 4is a block diagram of the components of system 80 of FIG. 1 ;
- FIG. 5-FIG . 8depict an embodiment of a GUI, used in a mobile communication device for detecting, alerting and blocking data leakage, eavesdropping and malicious spyware;
- FIG. 9depicts a table used to set permissions and denials for specific applications.
- the present inventionrelates to eavesdropping and spyware blocking technology, and more specifically it relates to systems and methods for blocking data leakage, eavesdropping and spyware technology in networked devices by controlling access to various high-risk data ports or hardware device interfaces.
- These high risk portsinclude Webcam, USB, Microphone, Flash Memory, Infrared, Bluetooth, Wireless, LAN, WAN, VPN, Cellular and GPS interfaces, among others.
- a client-server system 80 for blocking data leakage, eavesdropping and spyware applicationsincludes computing devices 92 A, 92 B, mobile communication devices 92 C, personal digital assistant devices 92 D, Tablet/iPadTM device 92 F and a server 92 E.
- Devices 92 A, 92 B, 92 C, 92 D, 92 Fare connected to each other and to the server 92 E via a network 90 .
- system 80includes additional computing devices including personal computers, servers, desktops, laptops, iPhones, iPads, iTouches, Droids, Blackberry devices, Windows phone, Android phones, or other tablet devices, among others.
- networked computing device 92 Aincludes a central processing unit (CPU) 96 , software applications 97 , access ports (or hardware device interfaces) 102 A - - - 102 N, memory 98 , database 99 , a Snoopwall application 200 , and a display 94 , as shown in FIG. 2 .
- the Snoopwall application 200provides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware of the computing device 92 A.
- application 200provides functionalities for monitoring, detecting and blocking data leakage and eavesdropping in the data stored in database 99 , memory 98 , and in operations executed by the CPU 96 . These functionalities include monitoring information flow across all ports 102 A .
- Snoopwall application 200also presents a graphical user interface (GUI) 100 , as shown displayed in display 94 of FIG. 2 .
- Database 99includes a list of applications 300 and information whether each application is allowed to run on the specific computing device and to which ports of the computing device should have access, as shown in FIG. 9 .
- the user of the computing device 92 A and the administrator of the client-server system 80are allowed to manually enter permissions and denials of applications in list 300 and set access to specific ports and store the information in database 99 .
- Database 99also stores a list of known malicious applications that should not be allowed to run on the computing device or have access to any or specific ports.
- Snoopwall application 200also reviews each application prior to installing or running it on a device and determines the associated application unique signature and the requests for access to the high-risk access ports by the application. Application 200 stores this information in the database 99 and informs the user of the application prior its installation.
- the application ANGRYBIRDSFORAPPLE.exeis downloaded to a WindowsTM iTunesTM platform and the Snoopwall application 200 reviews the downloaded file to determine which device ports the downloaded application tries to access. It was found that the ANGRYBIRDSFORAPPLE.exe application tries to access the GPS, USB, Bluetooth, Internet, webcam and microphone, whereas the ANGRYBIRDSFORAPPLE.exe application is not supposed to have access to these hardware device ports.
- This informationis stored in the database 99 in the list of applications and is shared and communicated to all end-users.
- the Snoopwall application 200sends out a message to them informing them that the application they want to install tries to access the above mentioned device ports and asks them if they really want to install this application and if they want to block access of the application to any or all of the above mentioned device ports.
- GUI 100displays in real time the status of all access ports (or hardware device interface) 102 A . . . 102 N.
- ports 102 A . . . 102 Nare arranged linearly within a toolbar 100 A.
- ports 102 A . . . 102 Nare depicted in other geometric arrangements including vertical arrangements, horizontal arrangements, circular arrangements, or along any other geometric or random configuration.
- access portsinclude Webcam 102 A, USB port 102 B, Microphone 102 C, Flash Memory 102 D, Infrared 102 E, Bluetooth 102 F, Wireless 102 G, LAN, WAN, VPN, Cellular and GPS interfaces 102 H, keyboard, mouse, touchscreen, Ethernet, text messaging interfaces, telephone interfaces, modem, gesture based interfaces, eye-motion based interfaces, or other enhanced input/output (i/o) interfaces, among others.
- GUI 100also displays a Turn-All-ON button 104 , a Turn-All-OFF button 103 and port specific On and Off buttons 105 , 106 .
- the portWhen data leakage, eavesdropping or spyware software are detected in any of ports 102 A . . . 102 N, the port turns red, flashes and sends an acoustical warning signal.
- the userhas the option to turn off manually the specific port by activating the corresponding Off button 106 in order to block the detected data leakage, eavesdropping or spyware software.
- the userhas also the option to turn off manually all access ports by activating the Turn-All-OFF button 103 .
- the portsmay be enabled when the problem has been resolved by activating either the Turn-All-ON button 104 or the port specific On button 105 .
- the systemalso provides automatic turning Off of all ports or specific ports when data leakage, eavesdropping or spyware software are detected in any of ports 102 A . . . 102 N.
- the systemalso provides automatic turning ON of all ports or specific ports when the problem is resolved.
- System 80also includes Client-Server capabilities to allow information technology managers to control remotely any or al of the above mentioned ports in any or all of the individual devices 92 A, 92 B, 92 C, 92 D, 92 F from server 92 E.
- Client-Server capabilitiesprovide real-time manual, semi-automatic and automatic detection, alerting, blocking and controlling access to various high-risk data ports in cases when data leakage, eavesdropping and spyware applications are detected.
- the management interface for client-server system 80includes a command center 212 , a dashboard 214 , a toolbar 100 A, a taskbar or systray and popup alerts 216 , standalone GUI 110 , application programmers interface (API) 220 , secure communication protocol 228 , network interface 230 , device driver interface library 222 , real-time kernel driver 224 , Rootkit “system healer” 226 , and remotely managed “Snoopwall” systems 232 , 234 .
- APIapplication programmers interface
- command center 212runs in the administrator's computing device (i.e., server-A 92 E) and is used for managing the Snoopwall security utilities running in the remote system endpoints 232 , 234 of the networked computing devices 92 A, 92 B, 92 C, 92 F, as well as the Snoopwall security utilities running in the administrator's computing device 92 E.
- Command center 212helps create rules and policies in groups and roll them out to the Snoopwall security utilities running in the one or more remote system endpoints as well as to the Snoopwall security utilities running on the administrator's computing device.
- Dashboard 214summarizes real-time events from one or more remote system endpoints 232 , 234 as well as real-time events running on the administrator's system.
- Toolbar 100 Aallows configuration changes and alerts through a simple graphical user interface (GUI), as shown in FIG. 3 .
- GUIgraphical user interface
- Toolbar 100 Acan also be minimized to be a Taskbar or Systray 216 until the user interacts with the system or when events occur requiring Popup Alerts.
- Standalone GUI 110provides the system core functionalities to the standalone computing devices 92 A, 92 B, 92 C, 92 D, 92 F. These core functionalities include obtaining help, setting options, features, performing updates and other end-user functions.
- API 220is accessible through secure, trusted interfaces 230 , 222 , 224 , 226 , and allows abstraction of the command center 212 , dashboard 214 , toolbar 100 A, taskbar 216 , and standalone GUI 110 to the endpoint systems 232 , 234 .
- API 220provides flexibility in how it displays events, controls and results, while the core functionality is available through this centralized set of function calls.
- the remotely managed endpoint systems 232 , 234 of the computing devices 92 A, 92 B, 92 C, 92 D, 92 Fconnect to the server 92 E via a network interface 230 .
- Secure communication protocols 228such as secure socket layer (SSL), or transport layer security (TLS) are used in the connections and communications between the remotely managed endpoint systems 232 , 234 of the computing devices 92 A, 92 B, 92 C, 92 D, 92 F and the server 92 E.
- Core functionality exposed by the API 220is derived from the device driver interface library 222 to manage Webcam 102 A, USB port 102 B, Microphone 102 C, Flash Memory 102 D, Infrared 102 E, Bluetooth 102 F, Wireless 102 G, LAN, WAN, VPN, Cellular and GPS interfaces 102 H, and to ensure that control is not subverted by a hacker or malicious software.
- Real-time kernel driver 224constantly monitors the status of the controlling interface and settings and in the event a hacker or malicious code are able to tamper with the “Snoopwall” application, a Rootkit “system” healer 226 is installed to capture these rare but high risk events and thereby to restore the “Snoopwall” application and to block data leakage.
- the Snoopwall client application 200depicts all available ports in the standalone GUI 110 and provides visual alerts about each high-risk data leakage port's state, i.e., whether it is open or closed or if there is an attempt to open one of these ports. If a port is opened and unauthorized data transfer is detected across this port, the GUI shows a flashing icon of this port. In other embodiments, an acoustical warning signal is also sent.
- the user of the device and/or the remote administratorhave the ability to enable or disable any or all of the displayed high-risk ports.
- these high-risk portsinclude Webcam 102 A, USB port 102 B, Microphone 102 C, Flash Memory 102 D, Infrared 102 E, Bluetooth 102 F, Wireless 102 G, LAN, WAN, VPN, Cellular and GPS interfaces 102 H.
- the functionality of the keyboardis not disabled while the keyboard is protected against keyloggers.
- the USB portis being eavesdropped, the USB port is disabled while the keyboard and mouse devices remain operational.
- password and/or token accesscan be enabled as an additional security option so that no third-party can take over a high-risk data leakage port without being prompted for a password or token.
- Configuration optionsallow for an auto-shutoff interval to be set on one or more selected high-risk data leakage ports, an auto-alert interval and method such as popup window or email, password, token and proxy server settings as well as update server information.
- the Snoopwall application 200may be written using any programming language, including C, C++, Java with database interfaces into a Structured Query Language (SQL) database and/or text files containing critical user, application and ports information, among others.
- SQLStructured Query Language
- each Snoopwall application for each standalone devicehas a different GUI, Kernel, Driver, Rootkit and Secure Communication methodologies
- the code of the Snoopwall applicationis customized to ensure it functions securely and can self-heal on any operating system (OS) including WindowsTM XP, WindowsTM 7 , WindowsTM 8 , iPhoneTM, iPadTM, iTouchTM OS Editions, AndroidTM OS, Linux OS, BSD, Unix, Blackberry OS, Microsoft Phone and Tablet operating systems, among others.
- OSoperating system
- the Snoopwall server 92 Econtains all the codes of the Snoopwall clients to ensure that the local systems 92 A, 92 B, 2 C, 92 D, 92 F are secure from eavesdropping.
- Server 92 Ealso includes the built-in application programmers interface (API) 220 , dashboard 214 , command center 212 , toolbar 100 A, and taskbar or systray and popup alerts 216 .
- API 220allows for remote control, alerts and updates from Snoopwall client systems in the same WAN, LAN or multi-VLAN segments through authentication.
- Dashboard 214displays in real-time the status of the ports in each Snoopwall client and which Snoopwall clients have changed their profile.
- Command center 212allows making changes in single Snoopwall clients or creating groups and pushing changes to these groups.
- the Snoopwall Server codealso includes industry standard logging using SYSLOG format about the key events of Snoopwall clients and the server itself.
- Snoopwall application 200may be written using any programming language, and the code is customized so that it can run on one or more operating systems including WindowsTM 2000 , WindowsTM NT, WindowsTM XP, WindowsTM 7 and WindowsTM 8 as well as Linux, BSD and Unix, among others.
- Snoopwall application 200 A for a mobile phone 92 Cincludes a GUI screen 120 that depicts a privacy meter indicator 122 , the amount of CPU used 124 , the battery voltage used 126 , the storage capacity used 127 , the memory capacity used 125 , and the battery power level 123 .
- GUI 120also includes a toolbar 121 , a button for initiating a privacy audit function 128 and a take control button 129 . Activating the take control button 129 presents a new GUI screen 130 , shown in FIG. 7 .
- GUI screen 130depicts the status of all high risk ports including microphone 131 , Bluetooth interface 132 , GPS 133 , storage 134 , USB 135 , Infrared interface 136 , Wi-Fi interface 137 , camera 138 , SMS messaging port 139 and the phone port 140 .
- a slidably activated button 150that can be set to the On position 150 a or the Off position 150 b and thereby to enable or disable the corresponding port.
- Screen 130also includes images of the active applications 145 and allows the user to turn on or off the applications by sliding button 150 to the On position 150 a or the Off position 150 b , as shown in FIG. 8 .
- every networked computing device 92 A, 92 B, 92 C, 92 D, 92 Fis equipped with an anti-eavesdropping utility, i.e., a Snoopwall application 200 , that complements all existing firewalls and all anti-virus programs.
- a Snoopwall application 200installed, a user can easily see which data ports are open, which ports are closed and if there is unauthorized data leakage (eavesdropping) across a port.
- the userreceives visual alerts when there is unauthorized eavesdropping across a port and has the option to select which ports to keep open and which port to disable. Ports may be disabled completely and remain closed until the user unlocks them with a secret password.
- the consumeralso known as the “standalone” configuration
- the enterprise editionalso known as the “client-server” configuration
- the enterprise editionincludes a command center 212 , dashboard 214 and remote management API 220 .
- the Snoopwall applicationenables computing device managers and owners to finally take control of these devices and truly know if there is any attempt to eavesdrop on them through high risk data leakage ports.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
- This application is a non-provisional application of and claims the benefit of U.S. provisional application Ser. No. 61/729,202 filed on Nov. 21, 2012 and entitled “System and methods for data leakage, eavesdropping and spyware detection, alerting and blocking” which is commonly assigned and the contents of which are expressly incorporated herein by reference.
- The present invention relates to a system and method for detecting, alerting and blocking data leakage, eavesdropping and spyware in networked computing devices.
- Networked computing devices have a high risk for being attacked by malicious code for gaining remote access, eavesdropping and spying. In particular, Windows™ computing devices, iPhone™, Android™ and Windows™ Phone are incredibly high risk environments for being spied upon without the end-user's knowledge. Many search engine resulting links such as those of BING™ and of GOOGLE™ contain drive-by malware that allows for remote espionage and provides access to sensitive information stored in the networked computing devices. This unauthorized access to sensitive information provides an increased opportunity for cyber-crime. Currently available anti-virus, anti-malware, and anti-spyware applications focus on trying to detect malware based on known signatures or behavior. However, new types of malware are being developed constantly and the currently available firewall, intrusion detection, intrusion prevention, anti-virus, anti-malware, and anti-spyware applications cannot detect, prevent or react to most of the new types of malware.
- In particular, none of the currently available security utilities can answer these questions: Which ports or device interfaces are open? Is the wireless port enabled? Is it connected to a network? Is the Bluetooth or Infrared Interface enabled? Is the webcam on? Is the universal serial bus (USB) port enabled? Is the microphone on? Some of the currently available security applications come with keylogger detection utilities. However, there are no guarantees that these applications will also stop keyboard eavesdropping. Most users want SKYPE™ and Microsoft instant messaging (IM) on in order to be able to communicate and therefore numerous communication ports remain open. Malware may use these open ports to phone home to callback uniform resource locators (URLs). Spyware may use these open ports to send eavesdropping information to those who are maliciously eavesdropping, unbeknownst to the victim or the plethora of security utilities.
- Accordingly, there is a need for improved systems and methods for detecting, alerting and blocking data leakage, eavesdropping and spyware in networked computing devices.
- This present invention provides a system and method for detecting, alerting and blocking data leakage, eavesdropping and spyware in networked computing devices.
- In general, in one aspect the invention provides a computer-implemented method for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices. The method includes providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device. Next, providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device. Next, providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device. Next, monitoring status of each available hardware device interface and data traffic across each available hardware device interface. Upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal, turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
- Implementations of this aspect of the invention may include one or more of the following features. Upon resolving the unauthorized change of status of the specific hardware device interface or unauthorized data traffic across the specific hardware device interface, turning on the specific hardware device interface by activating the turn-on switch for the specific hardware device interface or the turn-on-off switch. Activation of the turn-on, turn-off, turn-all-on, turn-all-off switches is initiated locally by a user of the networked computing device, or remotely by an administrator of the networked computing device. The networked computing device includes a central processing unit (CPU), a security application, and a display. The security application provides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware across all available hardware device interfaces in each of the networked computing device. The CPU executes the computer implemented instruction provided by the security application, and the display displays the GUI. The method further includes providing a first table comprising a list of applications and authorized status of each available hardware device interface for each application and storing the first table in a database. The method further includes providing a second table comprising a list of known malicious applications and storing the second table in the database. The method further includes providing a server configured to access the one or more networked computing devices via a network connection. The server comprises a command center, a dashboard, a toolbar, a taskbar, a standalone GUI and an application programmer's interface (API). The command center is configured to manage remotely security applications in the one or more networked computing devices. The method further includes creating rules and policies and installing them in the security applications of the one or more networked computing devices and the server via the command center. The method further includes summarizing and presenting in the dashboard real-time events occurring in the one or more networked computing devices and the server. The method further includes displaying the status of all available hardware device interfaces in the toolbar for the one or more networked computing devices and the server. Communications between the server and the one or more networked computing devices comprise secure communications protocols. The secure communication protocols comprise one of secure socket layer (SSL), or transport layer security (TLS). The server further comprises a real-time kernel driver and a rootkit ‘system’ healer. The real-time kernel constantly monitors the status of all controlling interfaces and settings and in the event a hacker or malicious code tampers with the security applications, the rootkit “system” healer restores the security applications. The available hardware device interfaces may be a keyboard, mouse, touchscreen, webcam, USB hardware device interface, microphone, Flash memory, Infrared, Bluetooth, Ethernet, Wireless, LAN, WAN, VPN, text messaging interfaces, telephone interfaces, modem, cellular, GPS interfaces, gesture based interfaces or eye-motion based interfaces. The turn-on, turn-off, turn-all-on, turn-all-off switches comprise slidably activated switches, or comprise pressure-activated switches. The networked computing devices may be personal computers, servers, desktops, laptops, mobile phones, iPhones™, iPads™, iTouches™, Droids™, Blackberry™ devices, Windows™ phone, Android™ phones, personal digital assistants (PDAs), or tablet devices. The warning signal may be a visual warning signal or an acoustical warning signal. The visual warning signal comprises flashing of the specific hardware device interface image in the GUI. The method further includes, prior to installing a new application in any of the one or more networked computing devices, sending a message comprising the hardware device interfaces to which the new application requests access and asking for installation permission and which hardware device interfaces should be blocked.
- In general, in another aspect, the invention features a system for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices including a graphical user interface (GUI) displaying all available hardware device interfaces in each networked computing device, a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device, a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device, and a security application. The security application is configured to monitor status of each available hardware device interface and data traffic across each available hardware device interface, and upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal and turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
- In general, in another aspect, the invention features a computer program product for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices. The computer program product is stored on a computer readable medium and includes computer code for providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device, computer code for providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device, computer code for providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device, computer code for monitoring status of each available hardware device interface and data traffic across each available hardware device interface, computer code for providing a warning signal, upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface and computer code for turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
- Among the advantages of this invention may be one or more of the following. The present invention broadly monitors and protects all the high-risk hardware device ports and interfaces that are accessible by both the end-user and software applications, including modern malware.
- The Snoopwall technology of the present invention complements prior art security applications, which usually monitor network traffic across network traffic ports. Network traffic ports may be opened for allowing Internet communications. In one example,
port 80 is opened for allowing World Wide Web communications via the hypertext transfer protocol (HTTP). In another example, port21 is opened for allowing file transfers via the file transfer protocol (FTP). Prior art security applications focus on monitoring these network traffic ports for malicious traffic and review packets of data traveling over these network traffic ports. The Snoopwall technology of the present invention does not need to eavesdrop on any network traffic packets or data as it is designed to monitor access to the actual Ethernet hardware device ports and to alert end-users about any new attempted access to these hardware device ports. The Snoopwall technology of the present invention does not need any information or frequent updates about the types of traffic that may flow across the many (up to 65535) network traffic ports using many different protocols. Therefore, the Snoopwall technology of the present invention complements prior art security applications and techniques and provides a more efficient method of blocking access to the network through the actual hardware device interface ports such as Ethernet, Wireless Ethernet, among others. - The Snoopwall technology of the present invention is focused on the root cause of data leakage, i.e., access to the high-risk hardware interface ports, while prior art security applications focus on detecting the signatures of the malware payload or the malware behavior. Therefore, the Snoopwall technology of the present invention is applicable against any type of malware including new or not yet detected types of malware, whereas the prior art security applications are applicable only to already known malware. In particular, the Snoopwall technology of the present invention is applicable against advanced persistent threats (APTs) malware, which is malware that is nearly impossible to detect or remove. The Snoopwall technology of the present invention is also applicable against zero-day (O-day) or other new forms of malware. As the Snoopwall technology of the present invention focuses on the management of the high-risk hardware interface ports, it will not require any updates for malware signatures or malware behavioral heuristics. The only necessary updates for the Snoopwall technology to properly secure an end-user environment would be only when new high-risk hardware interface ports are created, which is a very infrequent event. This is not only uniquely complementary to existing security utilities, it is a completely radical approach—focusing on the areas where data is leaked from, instead of focusing on the detection of each possible piece of new malware being delivered to the end-user system in some form of payload or application.
FIG. 1 is a schematic diagram of the network architecture of asystem 80 for blocking data leakage, eavesdropping and spyware applications according to this invention;FIG. 2 is a schematic diagram of thecomputing device 92A ofFIG. 1 ;FIG. 3 is a schematic diagram of one embodiment of a graphical user interface (GUI)100 used in thecomputing device 92A ofFIG. 2 ;FIG. 4 is a block diagram of the components ofsystem 80 ofFIG. 1 ;FIG. 5-FIG .8 depict an embodiment of a GUI, used in a mobile communication device for detecting, alerting and blocking data leakage, eavesdropping and malicious spyware; andFIG. 9 depicts a table used to set permissions and denials for specific applications.- In general, the present invention relates to eavesdropping and spyware blocking technology, and more specifically it relates to systems and methods for blocking data leakage, eavesdropping and spyware technology in networked devices by controlling access to various high-risk data ports or hardware device interfaces. These high risk ports include Webcam, USB, Microphone, Flash Memory, Infrared, Bluetooth, Wireless, LAN, WAN, VPN, Cellular and GPS interfaces, among others.
- Referring to
FIG. 1 , a client-server system 80 for blocking data leakage, eavesdropping and spyware applications according to one embodiment of this invention includescomputing devices mobile communication devices 92C, personaldigital assistant devices 92D, Tablet/iPad™ device 92F and aserver 92E.Devices server 92E via anetwork 90. In other embodiments,system 80 includes additional computing devices including personal computers, servers, desktops, laptops, iPhones, iPads, iTouches, Droids, Blackberry devices, Windows phone, Android phones, or other tablet devices, among others. - In one example,
networked computing device 92A includes a central processing unit (CPU)96,software applications 97, access ports (or hardware device interfaces)102A - - -102N,memory 98,database 99, aSnoopwall application 200, and adisplay 94, as shown inFIG. 2 . TheSnoopwall application 200 provides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware of thecomputing device 92A. In particular,application 200 provides functionalities for monitoring, detecting and blocking data leakage and eavesdropping in the data stored indatabase 99,memory 98, and in operations executed by theCPU 96. These functionalities include monitoring information flow across allports 102A . . .102N and closing of selected ports when data leakage, eavesdropping or spyware are detected.Snoopwall application 200 also presents a graphical user interface (GUI)100, as shown displayed indisplay 94 ofFIG. 2 .Database 99 includes a list ofapplications 300 and information whether each application is allowed to run on the specific computing device and to which ports of the computing device should have access, as shown inFIG. 9 . The user of thecomputing device 92A and the administrator of the client-server system 80 are allowed to manually enter permissions and denials of applications inlist 300 and set access to specific ports and store the information indatabase 99.Database 99 also stores a list of known malicious applications that should not be allowed to run on the computing device or have access to any or specific ports. Snoopwall application 200 also reviews each application prior to installing or running it on a device and determines the associated application unique signature and the requests for access to the high-risk access ports by the application.Application 200 stores this information in thedatabase 99 and informs the user of the application prior its installation. In one example, the application ANGRYBIRDSFORAPPLE.exe is downloaded to a Windows™ iTunes™ platform and theSnoopwall application 200 reviews the downloaded file to determine which device ports the downloaded application tries to access. It was found that the ANGRYBIRDSFORAPPLE.exe application tries to access the GPS, USB, Bluetooth, Internet, webcam and microphone, whereas the ANGRYBIRDSFORAPPLE.exe application is not supposed to have access to these hardware device ports. This information is stored in thedatabase 99 in the list of applications and is shared and communicated to all end-users. When users try to install the ANGRYBIRDSFORAPPLE.exe application in their iPad™ tablet, theSnoopwall application 200 sends out a message to them informing them that the application they want to install tries to access the above mentioned device ports and asks them if they really want to install this application and if they want to block access of the application to any or all of the above mentioned device ports.- Referring to
FIG. 3 ,GUI 100 displays in real time the status of all access ports (or hardware device interface)102A . . .102N. In the example ofFIG. 3 ,ports 102A . . .102N, are arranged linearly within atoolbar 100A. In other examples,ports 102A . . .102N are depicted in other geometric arrangements including vertical arrangements, horizontal arrangements, circular arrangements, or along any other geometric or random configuration. Examples of access ports includeWebcam 102A,USB port 102B,Microphone 102C,Flash Memory 102D,Infrared 102E,Bluetooth 102F,Wireless 102G, LAN, WAN, VPN, Cellular andGPS interfaces 102H, keyboard, mouse, touchscreen, Ethernet, text messaging interfaces, telephone interfaces, modem, gesture based interfaces, eye-motion based interfaces, or other enhanced input/output (i/o) interfaces, among others.GUI 100 also displays a Turn-All-ON button 104, a Turn-All-OFF button 103 and port specific On andOff buttons - When data leakage, eavesdropping or spyware software are detected in any of
ports 102A . . .102N, the port turns red, flashes and sends an acoustical warning signal. The user has the option to turn off manually the specific port by activating thecorresponding Off button 106 in order to block the detected data leakage, eavesdropping or spyware software. The user has also the option to turn off manually all access ports by activating the Turn-All-OFF button 103. The ports may be enabled when the problem has been resolved by activating either the Turn-All-ON button 104 or the port specific Onbutton 105. The system also provides automatic turning Off of all ports or specific ports when data leakage, eavesdropping or spyware software are detected in any ofports 102A . . .102N. The system also provides automatic turning ON of all ports or specific ports when the problem is resolved. System 80 also includes Client-Server capabilities to allow information technology managers to control remotely any or al of the above mentioned ports in any or all of theindividual devices server 92E. These Client-Server capabilities provide real-time manual, semi-automatic and automatic detection, alerting, blocking and controlling access to various high-risk data ports in cases when data leakage, eavesdropping and spyware applications are detected.- Referring to
FIG. 4 , the management interface for client-server system 80 includes acommand center 212, adashboard 214, atoolbar 100A, a taskbar or systray andpopup alerts 216,standalone GUI 110, application programmers interface (API)220,secure communication protocol 228,network interface 230, devicedriver interface library 222, real-time kernel driver 224, Rootkit “system healer”226, and remotely managed “Snoopwall”systems - In the example of
FIG. 1 ,command center 212 runs in the administrator's computing device (i.e., server-A 92E) and is used for managing the Snoopwall security utilities running in theremote system endpoints networked computing devices computing device 92E.Command center 212 helps create rules and policies in groups and roll them out to the Snoopwall security utilities running in the one or more remote system endpoints as well as to the Snoopwall security utilities running on the administrator's computing device.Dashboard 214 summarizes real-time events from one or moreremote system endpoints Toolbar 100A allows configuration changes and alerts through a simple graphical user interface (GUI), as shown inFIG. 3 .Toolbar 100A can also be minimized to be a Taskbar orSystray 216 until the user interacts with the system or when events occur requiring Popup Alerts. Standalone GUI 110 provides the system core functionalities to thestandalone computing devices API 220 is accessible through secure, trustedinterfaces command center 212,dashboard 214,toolbar 100A,taskbar 216, andstandalone GUI 110 to theendpoint systems API 220 provides flexibility in how it displays events, controls and results, while the core functionality is available through this centralized set of function calls.- The remotely managed
endpoint systems computing devices server 92E via anetwork interface 230.Secure communication protocols 228 such as secure socket layer (SSL), or transport layer security (TLS) are used in the connections and communications between the remotely managedendpoint systems computing devices server 92E. Core functionality exposed by theAPI 220 is derived from the devicedriver interface library 222 to manageWebcam 102A,USB port 102B,Microphone 102C,Flash Memory 102D,Infrared 102E,Bluetooth 102F,Wireless 102G, LAN, WAN, VPN, Cellular andGPS interfaces 102H, and to ensure that control is not subverted by a hacker or malicious software. Real-time kernel driver 224 constantly monitors the status of the controlling interface and settings and in the event a hacker or malicious code are able to tamper with the “Snoopwall” application, a Rootkit “system”healer 226 is installed to capture these rare but high risk events and thereby to restore the “Snoopwall” application and to block data leakage. - In the standalone configuration, the
Snoopwall client application 200 depicts all available ports in thestandalone GUI 110 and provides visual alerts about each high-risk data leakage port's state, i.e., whether it is open or closed or if there is an attempt to open one of these ports. If a port is opened and unauthorized data transfer is detected across this port, the GUI shows a flashing icon of this port. In other embodiments, an acoustical warning signal is also sent. The user of the device and/or the remote administrator have the ability to enable or disable any or all of the displayed high-risk ports. As was mentioned above, these high-risk ports includeWebcam 102A,USB port 102B,Microphone 102C,Flash Memory 102D,Infrared 102E,Bluetooth 102F,Wireless 102G, LAN, WAN, VPN, Cellular andGPS interfaces 102H. In the case of the keyboard being attacked, the functionality of the keyboard is not disabled while the keyboard is protected against keyloggers. In the case when the USB port is being eavesdropped, the USB port is disabled while the keyboard and mouse devices remain operational. In addition, password and/or token access can be enabled as an additional security option so that no third-party can take over a high-risk data leakage port without being prompted for a password or token. - Configuration options allow for an auto-shutoff interval to be set on one or more selected high-risk data leakage ports, an auto-alert interval and method such as popup window or email, password, token and proxy server settings as well as update server information. The
Snoopwall application 200 may be written using any programming language, including C, C++, Java with database interfaces into a Structured Query Language (SQL) database and/or text files containing critical user, application and ports information, among others. However, since each Snoopwall application for each standalone device has a different GUI, Kernel, Driver, Rootkit and Secure Communication methodologies, the code of the Snoopwall application is customized to ensure it functions securely and can self-heal on any operating system (OS) including Windows™ XP, Windows™7, Windows™8, iPhone™, iPad™, iTouch™ OS Editions, Android™ OS, Linux OS, BSD, Unix, Blackberry OS, Microsoft Phone and Tablet operating systems, among others. - In the Client-Server system configuration, the
Snoopwall server 92E contains all the codes of the Snoopwall clients to ensure that thelocal systems Server 92E also includes the built-in application programmers interface (API)220,dashboard 214,command center 212,toolbar 100A, and taskbar or systray and popup alerts216.API 220 allows for remote control, alerts and updates from Snoopwall client systems in the same WAN, LAN or multi-VLAN segments through authentication.Dashboard 214 displays in real-time the status of the ports in each Snoopwall client and which Snoopwall clients have changed their profile.Command center 212 allows making changes in single Snoopwall clients or creating groups and pushing changes to these groups. The Snoopwall Server code also includes industry standard logging using SYSLOG format about the key events of Snoopwall clients and the server itself. As was mentioned above,Snoopwall application 200 may be written using any programming language, and the code is customized so that it can run on one or more operating systems including Windows™2000, Windows™ NT, Windows™ XP, Windows™7 and Windows™8 as well as Linux, BSD and Unix, among others. - Referring to
FIG. 5 andFIG. 6 ,Snoopwall application 200A for amobile phone 92C includes aGUI screen 120 that depicts aprivacy meter indicator 122, the amount of CPU used124, the battery voltage used126, the storage capacity used127, the memory capacity used125, and thebattery power level 123.GUI 120 also includes atoolbar 121, a button for initiating aprivacy audit function 128 and atake control button 129. Activating thetake control button 129 presents anew GUI screen 130, shown inFIG. 7 .GUI screen 130 depicts the status of all high riskports including microphone 131,Bluetooth interface 132,GPS 133,storage 134,USB 135,Infrared interface 136, Wi-Fi interface 137,camera 138,SMS messaging port 139 and thephone port 140. Next to each port there is a slidably activatedbutton 150 that can be set to theOn position 150aor theOff position 150band thereby to enable or disable the corresponding port.Screen 130 also includes images of theactive applications 145 and allows the user to turn on or off the applications by slidingbutton 150 to theOn position 150aor theOff position 150b, as shown inFIG. 8 . - In operation, every
networked computing device Snoopwall application 200, that complements all existing firewalls and all anti-virus programs. With theSnoopwall application 200 installed, a user can easily see which data ports are open, which ports are closed and if there is unauthorized data leakage (eavesdropping) across a port. The user receives visual alerts when there is unauthorized eavesdropping across a port and has the option to select which ports to keep open and which port to disable. Ports may be disabled completely and remain closed until the user unlocks them with a secret password. As was mentioned above, there are two versions of the Snoopwall application, the consumer (also known as the “standalone” configuration) edition and the enterprise edition (also known as the “client-server” configuration). The enterprise edition includes acommand center 212,dashboard 214 andremote management API 220. Whether operating in the standalone or in the client-server configuration, the Snoopwall application enables computing device managers and owners to finally take control of these devices and truly know if there is any attempt to eavesdrop on them through high risk data leakage ports. - Several embodiments of the present invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. Accordingly, other embodiments are within the scope of the following claims.
Claims (23)
1. A computer implemented method for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices comprising:
providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device;
providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device;
providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device;
monitoring status of each available hardware device interface and data traffic across each available hardware device interface;
upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal; and
turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
2. The method ofclaim 1 , further comprising upon resolving the unauthorized change of status or unauthorized data traffic across the specific hardware device interface, turning on the specific hardware device interface by activating the turn-on switch for the specific hardware device interface or the turn-on-off switch.
3. The method ofclaim 1 , wherein activation of the turn-on, turn-off, turn-all-on, turn-all-off switches is initiated locally by a user of the networked computing device.
4. The method ofclaim 1 , wherein activation of the turn-on, turn-off, turn-all-on, turn-all-off switches is initiated remotely by an administrator of the networked computing device.
5. The method ofclaim 1 , wherein said networked computing device comprises a central processing unit (CPU), a security application, and a display, wherein the security application provides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware across all available hardware device interfaces in each of the networked computing device; wherein the CPU executes the computer implemented instruction provided by the security application, and wherein the display displays the GUI.
6. The method ofclaim 1 , further comprising providing a first table comprising a list of applications and authorized status of each available hardware device interface for each application and storing said first table in a database.
7. The method ofclaim 6 , further comprising providing a second table comprising a list of known malicious applications and storing said second table in said database.
8. The method ofclaim 1 further comprising providing a server configured to access the one or more networked computing devices via a network connection and wherein said server comprises a command center, a dashboard, a toolbar, a taskbar, a standalone GUI and an application programmers interface (API), and wherein said command center is configured to manage remotely security applications in the one or more networked computing devices.
9. The method ofclaim 8 , further comprising creating rules and policies and installing them in the security applications of the one or more networked computing devices and the server via the command center.
10. The method ofclaim 8 , further comprising summarizing and presenting in the dashboard real-time events occurring in the one or more networked computing devices and the server.
11. The method ofclaim 8 , further comprising displaying the status of all available hardware device interfaces in the toolbar for the one or more networked computing devices and the server.
12. The method ofclaim 8 , wherein communications between the server and the one or more networked computing devices comprise secure communications protocols.
13. The method ofclaim 12 , wherein said secure communication protocols comprise one of secure socket layer (SSL), or transport layer security (TLS).
14. The method ofclaim 8 , wherein the server further comprises a real-time kernel driver and a rootkit ‘system’ healer, and wherein the real-time kernel constantly monitors the status of all controlling interfaces and settings and in the event a hacker or malicious code tampers with the security applications, the rootkit “system” healer restores the security applications.
15. The method ofclaim 1 , wherein the available hardware device interfaces comprise one or more of keyboard, mouse, touchscreen, webcam, USB hardware device interface, microphone, Flash memory, Infrared, Bluetooth, Ethernet, Wireless, LAN, WAN, VPN, text messaging interfaces, telephone interfaces, modem, cellular, GPS interfaces, gesture based interfaces or eye-motion based interfaces.
16. The method ofclaim 1 , wherein the turn-on, turn-off, turn-all-on, turn-all-off switches comprise slidably activated switches.
17. The method ofclaim 1 , wherein the turn-on, turn-off, turn-all-on, turn-all-off switches comprise pressure activated switches.
18. The method ofclaim 1 , wherein the networked computing devices comprise one of personal computers, servers, desktops, laptops, mobile phones, iPhones™, iPads™, iTouches™, Droids™, Blackberry™ devices, Windows™ phone, Android™ phones, personal digital assistants (PDAs), or tablet devices.
19. The method ofclaim 1 , wherein the warning signal comprises a visual warning signal or an acoustical warning signal.
20. The method ofclaim 11 , wherein the visual warning signal comprises flashing of the specific hardware device interface image in the GUI.
21. The method ofclaim 1 , further comprising, prior to installing a new application in any of the one or more networked computing devices, sending a message comprising the hardware device interfaces to which the new application requests access and asking for installation permission and which hardware device interfaces should be blocked.
22. A system for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices comprising:
a graphical user interface (GUI) displaying all available hardware device interfaces in each networked computing device;
a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device;
a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device;
a security application configured to monitor status of each available hardware device interface and data traffic across each available hardware device interface, and upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal and turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
23. A computer program product for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices, wherein said computer program product is stored on a computer readable medium and comprises:
computer code for providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device;
computer code for providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device;
computer code for providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device;
computer code for monitoring status of each available hardware device interface and data traffic across each available hardware device interface;
computer code for providing a warning signal, upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface; and
computer code for turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US13/904,547US20140143864A1 (en) | 2012-11-21 | 2013-05-29 | System and method for detecting, alerting and blocking data leakage, eavesdropping and spyware |
| PCT/US2013/043240WO2014081468A1 (en) | 2012-11-21 | 2013-05-30 | System and method for detecting, alerting and blocking data leakage, eavesdropping and spyware |
| US14/285,769US9942269B2 (en) | 2012-11-21 | 2014-05-23 | Effectively preventing data leakage, spying and eavesdropping through a networked computing device by controlling access to a plurality of its device interfaces |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201261729202P | 2012-11-21 | 2012-11-21 | |
| US13/904,547US20140143864A1 (en) | 2012-11-21 | 2013-05-29 | System and method for detecting, alerting and blocking data leakage, eavesdropping and spyware |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US14/285,769ContinuationUS9942269B2 (en) | 2012-11-21 | 2014-05-23 | Effectively preventing data leakage, spying and eavesdropping through a networked computing device by controlling access to a plurality of its device interfaces |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20140143864A1true US20140143864A1 (en) | 2014-05-22 |
Family
ID=50729261
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/904,547AbandonedUS20140143864A1 (en) | 2012-11-21 | 2013-05-29 | System and method for detecting, alerting and blocking data leakage, eavesdropping and spyware |
| US14/285,769Expired - Fee RelatedUS9942269B2 (en) | 2012-11-21 | 2014-05-23 | Effectively preventing data leakage, spying and eavesdropping through a networked computing device by controlling access to a plurality of its device interfaces |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US14/285,769Expired - Fee RelatedUS9942269B2 (en) | 2012-11-21 | 2014-05-23 | Effectively preventing data leakage, spying and eavesdropping through a networked computing device by controlling access to a plurality of its device interfaces |
Country Status (2)
| Country | Link |
|---|---|
| US (2) | US20140143864A1 (en) |
| WO (1) | WO2014081468A1 (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150215330A1 (en)* | 2014-01-30 | 2015-07-30 | Shine Security Ltd. | Methods and systems of controlling distribution of personal data over network(s) |
| US20150215804A1 (en)* | 2014-01-30 | 2015-07-30 | Shine Security Ltd. | Network traffic event management at the client terminal level |
| WO2016064930A1 (en)* | 2014-10-21 | 2016-04-28 | Proofpoint, Inc. | Systems and methods for application security analysis |
| US20170083705A1 (en)* | 2015-09-22 | 2017-03-23 | Electronics And Telecommunications Research Institute | Apparatus and method for analyzing malicious code in multi-core environment |
| WO2017075087A1 (en) | 2015-10-27 | 2017-05-04 | Blackberry Limited | Detecting resource access |
| US9838391B2 (en) | 2014-10-31 | 2017-12-05 | Proofpoint, Inc. | Systems and methods for privately performing application security analysis |
| US9866572B2 (en) | 2014-11-20 | 2018-01-09 | International Business Machines Corporation | Monitoring use of a sensor of a computing device |
| US9954873B2 (en) | 2015-09-30 | 2018-04-24 | The Mitre Corporation | Mobile device-based intrusion prevention system |
| US10008814B1 (en)* | 2017-02-15 | 2018-06-26 | Holster Lab LLC | Microphone muting device |
| US10270804B2 (en)* | 2014-08-13 | 2019-04-23 | F-Secure Corporation | Detection of webcam abuse |
| WO2019164623A1 (en)* | 2018-02-22 | 2019-08-29 | Motorola Solutions, Inc. | Disabling a digital assistant during a conference call based on security level |
| US20190361917A1 (en)* | 2018-05-25 | 2019-11-28 | Bao Tran | Smart device |
| WO2019246024A1 (en)* | 2018-06-18 | 2019-12-26 | A7Technology Inc. | Systems and methods for computer security |
| US10764860B2 (en) | 2015-10-27 | 2020-09-01 | Blackberry Limited | Monitoring resource access |
| CN113986985A (en)* | 2021-12-24 | 2022-01-28 | 深圳市聚能优电科技有限公司 | IO reading method, system, equipment and storage medium for energy management |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201521137D0 (en)* | 2015-12-01 | 2016-01-13 | Qatar Foundation For Education Science And Community Dev | Honeybot: Mobile Honeypot detection and isolation techniques for adhoc malicious communications |
| US10333949B1 (en)* | 2016-03-15 | 2019-06-25 | Symantec Corporation | Proactive protection of mobile operating system malware via blocking of infection vector |
| US12153674B2 (en) | 2016-04-15 | 2024-11-26 | Sophos Limited | Tracking malware root causes with an event graph |
| US9928366B2 (en) | 2016-04-15 | 2018-03-27 | Sophos Limited | Endpoint malware detection using an event graph |
| US9967267B2 (en) | 2016-04-15 | 2018-05-08 | Sophos Limited | Forensic analysis of computing activity |
| CN106454498B (en)* | 2016-11-03 | 2019-06-04 | 四川长虹电器股份有限公司 | The method of Android platform management USB device |
| WO2018227559A1 (en)* | 2017-06-16 | 2018-12-20 | 深圳市海和高新技术有限公司 | Wireless communication device |
| CN108683662B (en)* | 2018-05-14 | 2020-08-14 | 深圳市联软科技股份有限公司 | Individual online equipment risk assessment method and system |
| US11552962B2 (en) | 2018-08-31 | 2023-01-10 | Sophos Limited | Computer assisted identification of intermediate level threats |
| CN113132381B (en)* | 2021-04-19 | 2022-08-02 | 何文刚 | Computer network information safety controller |
| US11921842B2 (en)* | 2021-06-14 | 2024-03-05 | Kyndryl, Inc. | Multifactor authorization on accessing hardware resources |
| US12130923B2 (en) | 2022-03-31 | 2024-10-29 | Sophos Limited | Methods and apparatus for augmenting training data using large language models |
| US12204870B2 (en) | 2022-03-31 | 2025-01-21 | Sophos Limited | Natural language analysis of a command line using a machine learning model to generate a natural language description of the command line |
| US12265526B2 (en) | 2022-03-31 | 2025-04-01 | Sophos Limited | Methods and apparatus for natural language interface for constructing complex database queries |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060253712A1 (en)* | 2003-05-13 | 2006-11-09 | Francois-Dominique Armingaud | System for real-time healing of vital computer files |
| US7353538B2 (en)* | 2002-11-08 | 2008-04-01 | Federal Network Systems Llc | Server resource management, analysis, and intrusion negation |
| US20090106834A1 (en)* | 2007-10-19 | 2009-04-23 | Andrew Gerard Borzycki | Systems and methods for enhancing security by selectively opening a listening port when an incoming connection is expected |
| US8271642B1 (en)* | 2007-08-29 | 2012-09-18 | Mcafee, Inc. | System, method, and computer program product for isolating a device associated with at least potential data leakage activity, based on user input |
| US20130054962A1 (en)* | 2011-08-31 | 2013-02-28 | Deepak Chawla | Policy configuration for mobile device applications |
| US20130055347A1 (en)* | 2011-08-31 | 2013-02-28 | Deepak Chawla | Hardware interface access control for mobile applications |
| US8590033B2 (en)* | 2008-09-25 | 2013-11-19 | Fisher-Rosemount Systems, Inc. | One button security lockdown of a process control network |
| US8650620B2 (en)* | 2010-12-20 | 2014-02-11 | At&T Intellectual Property I, L.P. | Methods and apparatus to control privileges of mobile device applications |
Family Cites Families (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0610677A3 (en) | 1993-02-12 | 1995-08-02 | Ibm | Bimodal communications device driver. |
| JP2000503154A (en)* | 1996-01-11 | 2000-03-14 | エムアールジェイ インコーポレイテッド | System for controlling access and distribution of digital ownership |
| US6189050B1 (en)* | 1998-05-08 | 2001-02-13 | Compaq Computer Corporation | Method and apparatus for adding or removing devices from a computer system without restarting |
| TWI281107B (en)* | 2001-08-13 | 2007-05-11 | Qualcomm Inc | Using permissions to allocate device resources to an application |
| US20030084340A1 (en) | 2001-10-31 | 2003-05-01 | Schertz Richard L. | System and method of graphically displaying data for an intrusion protection system |
| US7269851B2 (en)* | 2002-01-07 | 2007-09-11 | Mcafee, Inc. | Managing malware protection upon a computer network |
| US7146638B2 (en)* | 2002-06-27 | 2006-12-05 | International Business Machines Corporation | Firewall protocol providing additional information |
| US6782000B2 (en) | 2002-10-31 | 2004-08-24 | Ciena Corporation | Method, system and storage medium for providing a cross connect user interface |
| US7739693B2 (en) | 2002-11-25 | 2010-06-15 | Sap Ag | Generic application program interface for native drivers |
| US8127359B2 (en)* | 2003-04-11 | 2012-02-28 | Samir Gurunath Kelekar | Systems and methods for real-time network-based vulnerability assessment |
| US7310664B1 (en)* | 2004-02-06 | 2007-12-18 | Extreme Networks | Unified, configurable, adaptive, network architecture |
| CN1934822A (en)* | 2004-03-17 | 2007-03-21 | 皇家飞利浦电子股份有限公司 | Method of and device for generating authorization status list |
| US7417953B2 (en)* | 2004-11-01 | 2008-08-26 | Alcatel Lucent | Port re-enabling by monitoring link status |
| US8291063B2 (en)* | 2005-03-04 | 2012-10-16 | Netapp, Inc. | Method and apparatus for communicating between an agent and a remote management module in a processing system |
| US8140664B2 (en) | 2005-05-09 | 2012-03-20 | Trend Micro Incorporated | Graphical user interface based sensitive information and internal information vulnerability management system |
| US7421625B2 (en)* | 2005-05-26 | 2008-09-02 | Microsoft Corporation | Indicating data connection and status conditions |
| CN1852129A (en)* | 2005-07-08 | 2006-10-25 | 华为技术有限公司 | Apparatus port monitoring system and method |
| US7752436B2 (en) | 2005-08-09 | 2010-07-06 | Intel Corporation | Exclusive access for secure audio program |
| US7712132B1 (en) | 2005-10-06 | 2010-05-04 | Ogilvie John W | Detecting surreptitious spyware |
| US8554748B1 (en)* | 2005-11-30 | 2013-10-08 | Netapp, Inc. | Method and apparatus for differential file based update for embedded systems |
| US8011013B2 (en)* | 2006-07-19 | 2011-08-30 | Quickvault, Inc. | Method for securing and controlling USB ports |
| IL186275A0 (en)* | 2007-09-25 | 2008-08-07 | Newvaltech Knowledge Services | Telecommunication policy program systems, processes and devices |
| US8935741B2 (en) | 2008-04-17 | 2015-01-13 | iAnywhere Solutions, Inc | Policy enforcement in mobile devices |
| GB0815587D0 (en)* | 2008-08-27 | 2008-10-01 | Applied Neural Technologies Ltd | Computer/network security application |
| US9043919B2 (en)* | 2008-10-21 | 2015-05-26 | Lookout, Inc. | Crawling multiple markets and correlating |
| CA2722980C (en)* | 2009-12-01 | 2019-01-08 | Inside Contactless | Process for controlling access to a contactless interface in a contact and contactless double communication interface integrated circuit |
| US8539584B2 (en)* | 2010-08-30 | 2013-09-17 | International Business Machines Corporation | Rootkit monitoring agent built into an operating system kernel |
| KR20120096983A (en)* | 2011-02-24 | 2012-09-03 | 삼성전자주식회사 | Malware detection method and mobile terminal therefor |
| US9053337B2 (en)* | 2011-06-07 | 2015-06-09 | Blackberry Limited | Methods and devices for controlling access to a computing resource by applications executable on a computing device |
| WO2013022655A1 (en) | 2011-08-08 | 2013-02-14 | Intel Corporation | Delivering data from a range of input devices over a secure path to trusted services in a secure element |
| US9507967B2 (en) | 2012-02-15 | 2016-11-29 | Blackberry Limited | Thwarting attacks that involve analyzing hardware sensor output |
| US8595489B1 (en)* | 2012-10-29 | 2013-11-26 | Google Inc. | Grouping and ranking of application permissions |
| EP2784714B1 (en) | 2013-03-28 | 2021-04-28 | Alcatel Lucent | Method of preventing access to sensitive data of a computing device |
| US9208349B1 (en) | 2015-01-13 | 2015-12-08 | Snoopwall, Inc. | Securing data gathering devices of a personal computing device while performing sensitive data gathering activities to prevent the misappropriation of personal user data gathered therewith |
- 2013
- 2013-05-29USUS13/904,547patent/US20140143864A1/ennot_activeAbandoned
- 2013-05-30WOPCT/US2013/043240patent/WO2014081468A1/enactiveApplication Filing
- 2014
- 2014-05-23USUS14/285,769patent/US9942269B2/ennot_activeExpired - Fee Related
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7353538B2 (en)* | 2002-11-08 | 2008-04-01 | Federal Network Systems Llc | Server resource management, analysis, and intrusion negation |
| US20060253712A1 (en)* | 2003-05-13 | 2006-11-09 | Francois-Dominique Armingaud | System for real-time healing of vital computer files |
| US8271642B1 (en)* | 2007-08-29 | 2012-09-18 | Mcafee, Inc. | System, method, and computer program product for isolating a device associated with at least potential data leakage activity, based on user input |
| US20090106834A1 (en)* | 2007-10-19 | 2009-04-23 | Andrew Gerard Borzycki | Systems and methods for enhancing security by selectively opening a listening port when an incoming connection is expected |
| US8590033B2 (en)* | 2008-09-25 | 2013-11-19 | Fisher-Rosemount Systems, Inc. | One button security lockdown of a process control network |
| US8650620B2 (en)* | 2010-12-20 | 2014-02-11 | At&T Intellectual Property I, L.P. | Methods and apparatus to control privileges of mobile device applications |
| US20130054962A1 (en)* | 2011-08-31 | 2013-02-28 | Deepak Chawla | Policy configuration for mobile device applications |
| US20130055347A1 (en)* | 2011-08-31 | 2013-02-28 | Deepak Chawla | Hardware interface access control for mobile applications |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9807639B2 (en)* | 2014-01-30 | 2017-10-31 | Shine Security Ltd. | Network traffic event management at the client terminal level |
| US20150215804A1 (en)* | 2014-01-30 | 2015-07-30 | Shine Security Ltd. | Network traffic event management at the client terminal level |
| US20150215330A1 (en)* | 2014-01-30 | 2015-07-30 | Shine Security Ltd. | Methods and systems of controlling distribution of personal data over network(s) |
| US20180070261A1 (en)* | 2014-01-30 | 2018-03-08 | Shine Security Ltd. | Network traffic event management at the client terminal level |
| US10270804B2 (en)* | 2014-08-13 | 2019-04-23 | F-Secure Corporation | Detection of webcam abuse |
| WO2016064930A1 (en)* | 2014-10-21 | 2016-04-28 | Proofpoint, Inc. | Systems and methods for application security analysis |
| US11336678B2 (en) | 2014-10-21 | 2022-05-17 | Proofpoint, Inc. | Methods and systems for security analysis of applications on mobile devices brought into an enterprise network environment |
| US9967278B2 (en) | 2014-10-21 | 2018-05-08 | Proofpoint, Inc. | Systems and methods for application security analysis |
| US10623435B2 (en) | 2014-10-21 | 2020-04-14 | Proofpoint, Inc. | Application security analysis |
| US10097576B2 (en)* | 2014-10-21 | 2018-10-09 | Proofpoint, Inc. | Systems and methods for application security analysis |
| US9838391B2 (en) | 2014-10-31 | 2017-12-05 | Proofpoint, Inc. | Systems and methods for privately performing application security analysis |
| US11540133B2 (en) | 2014-10-31 | 2022-12-27 | Proofpoint, Inc. | Systems and methods for security analysis of applications on user mobile devices while maintaining user application privacy |
| US11032711B2 (en) | 2014-10-31 | 2021-06-08 | Proofpoint, Inc. | Systems and methods for security analysis of applications on user mobile devices while maintaining user application privacy |
| US10505933B2 (en)* | 2014-10-31 | 2019-12-10 | Proofpoint, Inc. | Systems and methods for security analysis of applications on user mobile devices while maintaining user application privacy |
| US20190182247A1 (en)* | 2014-10-31 | 2019-06-13 | Proofpoint, Inc. | Systems and Methods for Security Analysis of Applications on User Mobile Devices While Maintaining User Application Privacy |
| US10270769B2 (en) | 2014-10-31 | 2019-04-23 | Proofpoint, Inc. | Privately performing application security analysis |
| US10778698B2 (en) | 2014-11-20 | 2020-09-15 | International Business Machines Corporation | Monitoring use of a sensor of a computing device |
| US9866572B2 (en) | 2014-11-20 | 2018-01-09 | International Business Machines Corporation | Monitoring use of a sensor of a computing device |
| US10225267B2 (en) | 2014-11-20 | 2019-03-05 | International Business Machines Corporation | Monitoring use of a sensor of a computing device |
| US20170083705A1 (en)* | 2015-09-22 | 2017-03-23 | Electronics And Telecommunications Research Institute | Apparatus and method for analyzing malicious code in multi-core environment |
| US9965631B2 (en)* | 2015-09-22 | 2018-05-08 | Electronics And Telecommunications Research Institute | Apparatus and method for analyzing malicious code in multi-core environment using a program flow tracer |
| US9954873B2 (en) | 2015-09-30 | 2018-04-24 | The Mitre Corporation | Mobile device-based intrusion prevention system |
| WO2017075087A1 (en) | 2015-10-27 | 2017-05-04 | Blackberry Limited | Detecting resource access |
| US10764860B2 (en) | 2015-10-27 | 2020-09-01 | Blackberry Limited | Monitoring resource access |
| CN108370499A (en)* | 2015-10-27 | 2018-08-03 | 黑莓有限公司 | Resource is detected to access |
| US10952087B2 (en) | 2015-10-27 | 2021-03-16 | Blackberry Limited | Detecting resource access |
| EP3369191A4 (en)* | 2015-10-27 | 2019-05-22 | BlackBerry Limited | DETECTION OF ACCESS TO A RESOURCE |
| US10008814B1 (en)* | 2017-02-15 | 2018-06-26 | Holster Lab LLC | Microphone muting device |
| WO2019164623A1 (en)* | 2018-02-22 | 2019-08-29 | Motorola Solutions, Inc. | Disabling a digital assistant during a conference call based on security level |
| GB2585771A (en)* | 2018-02-22 | 2021-01-20 | Motorola Solutions Inc | Disabling a digital assistant during a conference call based on security level |
| US20190361917A1 (en)* | 2018-05-25 | 2019-11-28 | Bao Tran | Smart device |
| US20210133310A1 (en)* | 2018-06-18 | 2021-05-06 | A7Technology Inc. | Systems and methods for computer security |
| WO2019246024A1 (en)* | 2018-06-18 | 2019-12-26 | A7Technology Inc. | Systems and methods for computer security |
| CN113986985A (en)* | 2021-12-24 | 2022-01-28 | 深圳市聚能优电科技有限公司 | IO reading method, system, equipment and storage medium for energy management |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2014081468A1 (en) | 2014-05-30 |
| US20170324775A9 (en) | 2017-11-09 |
| US20140359768A1 (en) | 2014-12-04 |
| US9942269B2 (en) | 2018-04-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9942269B2 (en) | Effectively preventing data leakage, spying and eavesdropping through a networked computing device by controlling access to a plurality of its device interfaces | |
| US12099596B2 (en) | Mobile device policy enforcement | |
| US20230208879A1 (en) | Detecting phishing attacks | |
| US10657277B2 (en) | Behavioral-based control of access to encrypted content by a process | |
| US12021831B2 (en) | Network security | |
| US10650154B2 (en) | Process-level control of encrypted content | |
| US20180359272A1 (en) | Next-generation enhanced comprehensive cybersecurity platform with endpoint protection and centralized management | |
| US10728269B2 (en) | Method for conditionally hooking endpoint processes with a security agent | |
| US20170206351A1 (en) | Mobile device security monitoring and notification | |
| US10122753B2 (en) | Using reputation to avoid false malware detections | |
| US9392015B2 (en) | Advanced persistent threat detection | |
| US12388795B2 (en) | Encrypted cache protection | |
| US20170346824A1 (en) | Methods and systems for mobile device risk management | |
| US11368361B2 (en) | Tamper-resistant service management for enterprise systems | |
| GB2549546A (en) | Boot security | |
| US20160373447A1 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
| US10951642B2 (en) | Context-dependent timeout for remote security services | |
| GB2574283A (en) | Detecting triggering events for distributed denial of service attacks | |
| WO2022208045A1 (en) | Encrypted cache protection | |
| WO2019211592A1 (en) | Locally securing endpoints in an enterprise network using remote network resources | |
| WO2019122832A1 (en) | Electronic mail security using a user-based inquiry | |
| US12399990B2 (en) | Variable timeouts between operating modes of a computer for detecting malicious software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:SNOOPWALL LLC, NEW HAMPSHIRE Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MILIEFSKY, GARY S.;REEL/FRAME:030664/0359 Effective date:20130614 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |