公开(公告)号：US10791142B2

公开(公告)日：2020-09-29

申请号：US16200812

申请日：2018-11-27

Applicant: Tenable, Inc.

Inventor： Marcus J. Ranum ,  Ron Gula

IPC: G06F21/56 ,  H04L29/06 ,  G06F16/903 ,  H04L29/12 ,  H04L29/08

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

公开(公告)号：US11057422B2

公开(公告)日：2021-07-06

申请号：US16748533

申请日：2020-01-21

Applicant: Tenable, Inc.

Inventor： Marcus J. Ranum ,  Ron Gula

IPC: G06F21/56 ,  H04L29/06 ,  G06F16/903 ,  H04L29/12 ,  H04L29/08

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

公开(公告)号：US10447654B2

公开(公告)日：2019-10-15

申请号：US15718370

申请日：2017-09-28

Applicant: Tenable, Inc.

Inventor： Ron Gula ,  Marcus Ranum

IPC: H04L29/06 ,  G06F21/64 ,  G06F12/0864 ,  G06F16/13 ,  G06F16/14

Abstract: In some embodiments, a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system, may be obtained. An additional subset of hashes (included in the set of hashes and not included in the reference set of hashes) may be obtained based on a comparison between the set of hashes and the reference set of hashes. A file may be predicted to be exclusive for certain users or user systems, where the file is associated with a hash included in the additional subset of hashes. Other user systems may be scanned to determine what files are on the other user systems, where each of the other user systems is assigned to another user or is not one of the user systems. An alert indicating unauthorized activity may be generated based on the scan.

公开(公告)号：US10581899B2

公开(公告)日：2020-03-03

申请号：US16200797

申请日：2018-11-27

Applicant: Tenable, Inc.

Inventor： Marcus J. Ranum ,  Ron Gula

IPC: G06F21/56 ,  H04L29/06 ,  G06F16/903 ,  H04L29/12 ,  H04L29/08

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.