Introduced here is a network-accessible platform (or simply "platform") that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.
APPROACHES TO LEARNING BEHAVIORAL NORMS THROUGH AN ANALYSIS OF DIGITAL ACTIVITIES PERFORMED ACROSS DIFFERENT SERVICES AND USING THE SAME FOR DETECTING THREATS
Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.
Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.
APPROACHES TO DOCUMENTING AND VISUALIZING INDICATIONS OF RISK DISCOVERED THROUGH AN ANALYSIS OF DIGITAL ACTIVITIES PERFORMED ACROSS DIFFERENT SERVICES AND USING THE SAME FOR DETECTING THREATS
Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.
APPROACHES TO ASCERTAINING BEHAVIORAL DEVIATIONS BASED ON AN ANALYSIS OF MULTIPLE DIGITAL ACTIVITIES PERFORMED ON THE SAME SERVICE OR ACROSS DIFFERENT SERVICES TO DETECT THREATS
Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.
Access to emails delivered to an employee of an enterprise is received. An incoming email addressed to the employee is acquired. A primary attribute is extracted from the incoming email by parsing at least one of: (1) content of the incoming email or (2) metadata associated with the incoming email. It is determined whether the incoming email deviates from past email activity, at least in part by determining, as a secondary attribute, a mismatch between a previous value for the primary attribute and a current value for the primary attribute, using a communication profile associated with the employee, and providing a measured deviation to at least one machine learning model.
A generated training set comprising a plurality of training samples is received. The generated training set includes at least one training sample constructed using one or more linguistic hints, comprising at least one keyword of phrase, about an attack for which malicious textual communications associated with the attack, when processed by a natural language processing model could be classified as benign textual communications before being trained using the generated training set. The natural language processing model is trained at least in part by using the generated training set, wherein the trained natural language processing model is configured to determine a likelihood that a received communication transmitted by a sender to a recipient poses a risk.
It is determined that a first email is present in a mailbox where emails deemed suspicious are placed for analysis. In response to determining that the first email is present in the mailbox, it is determined whether the first email is representative of a threat to an enterprise based at least in part by applying a trained model to the first email. In response to determining that the first email represents a threat to the enterprise, a record of the threat is generated by populating a data structure with information related to the first email. The data structure is applied to inboxes of a plurality of the employees to determine whether the first email is part of a campaign. In response to determining that the first email is part of a campaign, a filter associated with the data structure is applied to inbound emails addressed to employees of the enterprise.
A message addressed to a user is received. A first model is applied to the message to produce a first output indicative of whether the message is representative of a non-malicious message. The first model is trained using past messages that have been verified as non-malicious messages. It is determined, based on the first output, that the message is potentially a malicious message. Responsive to determining that the message is potentially a malicious email based on the first output, apply a second model to the message to produce a second output indicative of whether the message is representative of a given type of attack. The second model is one of a plurality of models. At least one model included in the plurality of models is associated with characterizing a goal of the malicious message. An action is performed with respect to the message based on the second output.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing online non-downloadable software that utilizes machine learning in the field of cybersecurity; Providing online non-downloadable software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; Computer services for analyzing digital activities to discover security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, remediating instances of account takeover by restricting unauthorized access to accounts for email and messaging management services; Computer security services, namely, monitoring of computer systems to detect instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; Computer security consultancy; Computer security services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring via computer conduct of those fraudulent individuals and entities on an ongoing basis; Computer services for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving individuals and entities to identify security threats; Computer services for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities, namely, monitoring digital communications involving individuals and entities determined to be fraudulent to identify security threats; Computer services for generating a federated collection of individuals and entities to prevent security threats, namely, identifying and cataloging individuals' and entities' behaviors through analysis of digital communications
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing online non-downloadable software that utilizes machine learning in the field of cybersecurity; Providing online non-downloadable software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; Computer services for analyzing digital activities to discover security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, remediating instances of account takeover by restricting unauthorized access to accounts for email and messaging management services; Computer security services, namely, monitoring of computer systems to detect instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; Computer security consultancy; Computer security services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring via computer conduct of those fraudulent individuals and entities on an ongoing basis; Computer services for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving individuals and entities to identify security threats; Computer services for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities, namely, monitoring digital communications involving individuals and entities determined to be fraudulent to identify security threats; Computer services for generating a federated collection of individuals and entities to prevent security threats, namely, identifying and cataloging individuals' and entities' behaviors through analysis of digital communications
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing online non-downloadable software that utilizes machine learning in the field of cybersecurity; Providing online non-downloadable software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; Computer services for analyzing digital activities to discover security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, remediating instances of account takeover by restricting unauthorized access to accounts for email and messaging management services; Computer security services, namely, monitoring of computer systems to detect instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; Computer security consultancy; Computer security services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring via computer conduct of those fraudulent individuals and entities on an ongoing basis; Computer services for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving individuals and entities to identify security threats; Computer services for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities, namely, monitoring digital communications involving individuals and entities determined to be fraudulent to identify security threats; Computer services for generating a federated collection of individuals and entities to prevent security threats, namely, identifying and cataloging individuals' and entities' behaviors through analysis of digital communications
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer services for evaluating communications, including email and messages, and relational items to identify security threats and then monitor those security threats on an ongoing basis; Computer services for recording behaviors of Software-as-a-Service (SaaS) accounts for security purposes, namely, identifying and examining digital activities performed with SaaS accounts to identify security threats; Computer services for generating a federated collection of security threats posed to a company; Computer services for identifying and cataloging behaviors of SaaS accounts to discover patterns of unusual behavior; Computer services for generating a federated list of digital accounts for which behavior is unusual to prevent fraud; Computer services for creating, populating, and managing lists of SaaS accounts determined to be security threats due to involvement in past digital activities; Computer services for analyzing digital activities performed with SaaS accounts to discover security threats, namely, examining the content and context of digital activities to identify security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats, namely, examining the content and context of digital communications to identify security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, monitoring, detecting, and remediating instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy
Techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise are disclosed. In one example, a threat detection platform determines the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. To understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.
Selectively rewriting URLs is disclosed. An indication is received that a message has arrived at a user message box. A determination is made that the message includes a first link to a first resource. The first link is analyzed to determine whether the first link is classified as a non-rewrite link. In response to determining that the first link is not classified as a non-rewrite link, a first replacement link is generated for the first link.
Adapting detection of security threats, including by retraining computer-implemented models is disclosed. An indication is received that a natural language processing model should be retrained. A list of training samples is generated that includes at least one synthetic training sample. The natural language processing model is retrained at least in part by using the set of generated training samples. The retrained natural language processing model is used to determine a likelihood that a message poses a risk.
Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.
Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.
A plurality of features associated with a message are determined. At least one feature included in the plurality of features is associated with a payload of the message. A determination is made that supplemental analysis should be performed on the message. The determination is based at least in part on performing behavioral analysis using at least some of the features included in the plurality of features. Supplemental analysis is performed.
Techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises are disclosed. Such techniques can be used to ensure that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review.
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
Techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise are disclosed. In one example, a threat detection platform determines the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. To understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.
Techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication are disclosed. These models can be stored in profiles that are associated with the employees. Such profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Remediation can be performed if an account is determined to be compromised based on its recent activity.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/55 - Detecting local intrusion or implementing counter-measures
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing non-downloadable computer software that utilizes
machine learning in the field of cybersecurity; providing
non-downloadable computer software that utilizes machine
learning to determine the normal communication behavior of
individuals to identify unusual communication behavior;
computer services for analyzing digital activities to
discover security threats; computer services for analyzing
digital communications occurring across email and messaging
platforms to discover security threats; security services,
namely, online scanning, detecting, quarantining, and
eliminating of viruses, worms, trojans, spyware, adware,
malware, social engineering based instructions and exploits,
and unauthorized data and programs from digital
communications including emails and messages; security
services, namely, monitoring, detecting, and remediating
instances of account takeover; software as a service (SaaS)
featuring software for the analysis and protection of
digital activities, communications, and accounts; platform
as a service (PaaS) featuring software-implemented platforms
for the analysis and protection of digital activities,
communications, and accounts; email and messaging management
services for others, namely, threat protection in the nature
of monitoring computing systems to detect unauthorized
access, data breach, and data exfiltration and storing
digital communications recorded in electronic media;
software as a service (SaaS) featuring software for the
analysis and protection of the security of network
communications, cybersecurity, email management virus
protection, email archiving, email continuity, and email
security; computer security consultancy; computer services
for evaluating emails to identify fraudulent individuals and
entities, such as vendors, and then monitoring conduct of
those fraudulent individuals and entities on an ongoing
basis; computer services for recording behaviors of
individuals and entities deemed to be fraudulent in a
blacklist for security purposes; computer services for
tracking digital activities of individuals and entities
determined to be fraudulent based on an analysis of emails
sent by those individuals and entities; computer services
for generating a federated collection of individuals and
entities to prevent security threats Intent to Use: the
applicant has a bona fide intention, and is entitled, to use
the mark in commerce on or in connection with the identified
goods/services (term considered too vague by the
International Bureau - Rule 13 (2) (b) of the Regulations).
42 - Scientific, technological and industrial services, research and design
Goods & Services
Non-downloadable software that utilizes machine learning in
the field of cybersecurity; non-downloadable software that
utilizes machine learning to determine the normal
communication behavior of individuals to identify unusual
communication behavior; computer services for analyzing
digital activities to discover security threats; computer
services for analyzing digital communications occurring
across email and messaging platforms to discover security
threats; computer security services, namely, online
scanning, detecting, quarantining, and eliminating of
viruses, worms, trojans, spyware, adware, malware, social
engineering based instructions and exploits, and
unauthorized data and programs from digital communications
including emails and messages; computer security services,
namely, monitoring, detecting, and remediating instances of
account takeover; software as a service (saas) featuring
software for the analysis and protection of digital
activities, communications, and accounts; platform as a
service (paas) featuring software-implemented platforms for
the analysis and protection of digital activities,
communications, and accounts; design and development of
software for management of emails and messaging services
namely, threat protection in the nature of monitoring
computing systems to detect unauthorized access, data
breach, and data exfiltration and storing digital
communications recorded in electronic media; software as a
service (saas) featuring software for the analysis and
protection of the security of network communications,
cybersecurity, email management virus protection, email
archiving, email continuity, and email security; computer
security consultancy; computer security system monitoring
services for evaluating emails to identify fraudulent
individuals and entities, such as vendors, and then
monitoring conduct of those fraudulent individuals and
entities on an ongoing basis; computer services for securing
personal information for recording behaviors of individuals
and entities deemed to be fraudulent in a blacklist for
security purposes; identity validation services [computer
security] for tracking digital activities of individuals and
entities determined to be fraudulent based on an analysis of
emails sent by those individuals and entities; providing
security services for computer networks, computer access and
computerized transactions for generating a federated
collection of individuals and entities to prevent security
threats.
25.
Discovering email account compromise through assessments of digital activities
Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 51/212 - Monitoring or handling of messages using filtering or selective blocking
H04L 51/222 - Monitoring or handling of messages using geographical location information, e.g. messages transmitted or received in proximity of a certain spot or area
26.
Multistage analysis of emails to identify security threats
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Techniques for identifying and processing graymail are disclosed. An electronic message store is accessed. A determination is made that a first message included in the electronic message store represents graymail, including by accessing a profile associated with an addressee of the first message. A remedial action is taken in response to determining that the first message represents graymail.
Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an “abuse mailbox” or “phishing mailbox.” The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.
Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.
Techniques for identifying and processing graymail are disclosed. An electronic message store is accessed. A determination is made that a first message included in the electronic message store represents graymail, including by accessing a profile associated with an addressee of the first message. A remedial action is taken in response to determining that the first message represents graymail.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Non-downloadable software that utilizes machine learning in the field of cybersecurity; non-downloadable software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; computer services for analyzing digital activities to discover security threats; computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; computer security services, namely, monitoring, detecting, and remediating instances of account takeover; software as a service (saas) featuring software for the analysis and protection of digital activities, communications, and accounts; platform as a service (paas) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; design and development of software for management of emails and messaging services namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; software as a service (saas) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy; computer security system monitoring services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring conduct of those fraudulent individuals and entities on an ongoing basis; computer services for securing personal information for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes; identity validation services [computer security] for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities; providing security services for computer networks, computer access and computerized transactions for generating a federated collection of individuals and entities to prevent security threats.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Providing non-downloadable computer software that utilizes machine learning in the field of cybersecurity; providing non-downloadable computer software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; computer services for analyzing digital activities to discover security threats; computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; security services, namely, monitoring, detecting, and remediating instances of account takeover; software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy; computer services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring conduct of those fraudulent individuals and entities on an ongoing basis; computer services for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes; computer services for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities; computer services for generating a federated collection of individuals and entities to prevent security threats Intent to Use: the applicant has a bona fide intention, and is entitled, to use the mark in commerce on or in connection with the identified goods/services (term considered too vague by the International Bureau - Rule 13 (2) (b) of the Regulations).
33.
Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise are disclosed. In one example, a threat detection platform determines the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. To understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.
Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.
Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.
Introduced here are computer programs and computer-implemented techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise. A threat detection platform may determine the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. For example, to understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.
Introduced here are computer programs and computer-implemented techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise. A threat detection platform may determine the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. For example, to understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient.
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing online non-downloadable software using artifical intelligence for machine learning in the field of cybersecurity; Providing online non-downloadable software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; Computer services for analyzing digital activities to discover security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, remediating instances of account takeover by restricting unauthorized access to accounts for email and messaging management services; Computer security services, namely, monitoring of computer systems to detect instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; Computer security consultancy; Computer security services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring via computer conduct of those fraudulent individuals and entities on an ongoing basis; Computer services for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving individuals and entities to identify security threats; Computer services for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities, namely, monitoring digital communications involving individuals and entities determined to be fraudulent to identify security threats; Computer services for generating a federated collection of individuals and entities to prevent security threats, namely, identifying and cataloging individuals' and entities' behaviors through analysis of digital communications
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing online non-downloadable software using artificial intelligence for machine learning in the field of cybersecurity; Providing online non-downloadable software that utilizes machine learning to determine the normal communication behavior of individuals to identify unusual communication behavior; Computer services for analyzing digital activities to discover security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, remediating instances of account takeover by restricting unauthorized access to accounts for email and messaging management services; Computer security services, namely, monitoring of computer systems to detect instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; Computer security consultancy; Computer services for evaluating emails to identify fraudulent individuals and entities, such as vendors, and then monitoring via computer conduct of those fraudulent individuals and entities on an ongoing basis; Computer services for recording behaviors of individuals and entities deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving individuals and entities to identify security threats; Computer services for tracking digital activities of individuals and entities determined to be fraudulent based on an analysis of emails sent by those individuals and entities, namely, monitoring digital communications involving individuals and entities determined to be fraudulent to identify security threats; Computer services for generating a federated collection of individuals and entities to prevent security threats, namely, identifying and cataloging individuals' and entities' behaviors through analysis of digital communications
42.
PROGRAMMATIC DISCOVERY, RETRIEVAL, AND ANALYSIS OF COMMUNICATIONS TO IDENTIFY ABNORMAL COMMUNICATION ACTIVITY
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Introduced here are computer programs and computer-implemented techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises. Such an approach ensures that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review.
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
44.
IMPROVED INVESTIGATION OF THREATS USING QUERYABLE RECORDS OF BEHAVIOR
Introduced here are computer programs and computer-implemented techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises. Such an approach ensures that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review.
Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an "abuse mailbox" or "phishing mailbox." The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.
Introduced here are computer programs and computer-implemented techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication. These models can be stored in profiles that are associated with the employees. At a high level, these profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Moreover, remediation may be performed if an account is determined to be compromised based on its recent activity.
Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.
Introduced here are computer programs and computer-implemented techniques for generating and then managing a federated database that can be used to ascertain the risk in interacting with vendors. At a high level, the federated database allows knowledge regarding the reputation of vendors to be shared amongst different enterprises with which those vendors may interact. A threat detection platform may utilize the federated database when determining how to handle incoming emails from vendors.
Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an “abuse mailbox” or “phishing mailbox.” The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.
Introduced here are computer programs and computer-implemented techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication. These models can be stored in profiles that are associated with the employees. At a high level, these profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Moreover, remediation may be performed if an account is determined to be compromised based on its recent activity.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/55 - Detecting local intrusion or implementing counter-measures
51.
Discovering email account compromise through assessments of digital activities
Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 51/212 - Monitoring or handling of messages using filtering or selective blocking
H04L 51/222 - Monitoring or handling of messages using geographical location information, e.g. messages transmitted or received in proximity of a certain spot or area
52.
DISCOVERING EMAIL ACCOUNT COMPROMISE THROUGH ASSESSMENTS OF DIGITAL ACTIVITIES
Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a "login event"). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer services for evaluating email and relational items
to identify fraudulent individuals and then monitoring
conduct of those fraudulent individuals on an ongoing basis;
computer services for recording behaviors of individuals
deemed to be fraudulent in a blacklist for security
purposes; computer services for tracking digital activities
of individuals determined to be fraudulent based on an
analysis of emails sent by those vendors; computer services
for generating a federated collection of individual
behaviors to prevent security threats; computer services for
generating a federated blacklist of individuals and
associated behaviors to prevent fraud; computer services for
creating, populating, and managing blacklists of individuals
determined to be security threats due to involvement in past
digital activities; computer services for analyzing digital
activities to discover security threats; computer services
for analyzing digital communications occurring across email
and messaging platforms to discover security threats;
security services, namely, online scanning, detecting,
quarantining, and eliminating of viruses, worms, trojans,
spyware, adware, malware, social engineering based
instructions and exploits, and unauthorized data and
programs from digital communications including emails and
messages; security services, namely, monitoring, detecting,
and remediating instances of account takeover; software as a
service (SaaS) featuring software for the analysis and
protection of digital activities, communications, and
accounts; platform as a service (PaaS) featuring
software-implemented platforms for the analysis and
protection of digital activities, communications, and
accounts; email and messaging management services for
others, namely, threat protection in the nature of
monitoring computing systems to detect unauthorized access,
data breach, and data exfiltration and storing digital
communications recorded in electronic media; software as a
service (SaaS) featuring software for the analysis and
protection of the security of network communications,
cybersecurity, email management virus protection, email
archiving, email continuity, and email security; computer
security consultancy.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer services for evaluating email and relational items
to identify fraudulent vendors and then monitoring conduct
of those fraudulent vendors on an ongoing basis; computer
services for recording behaviors of vendors deemed to be
fraudulent in a blacklist for security purposes; computer
services for tracking digital activities of vendors
determined to be fraudulent based on an analysis of emails
sent by those vendors; computer services for generating a
federated collection of vendor behaviors to prevent security
threats; computer services for generating a federated
blacklist of vendors and associated behaviors to prevent
fraud; computer services for creating, populating, and
managing blacklists of vendors determined to be security
threats due to involvement in past digital activities;
computer services for analyzing digital activities to
discover security threats; computer services for analyzing
digital communications occurring across email and messaging
platforms to discover security threats; security services,
namely, online scanning, detecting, quarantining, and
eliminating of viruses, worms, trojans, spyware, adware,
malware, social engineering based instructions and exploits,
and unauthorized data and programs from digital
communications including emails and messages; security
services, namely, monitoring, detecting, and remediating
instances of account takeover; software as a service (SaaS)
featuring software for the analysis and protection of
digital activities, communications, and accounts; platform
as a service (PaaS) featuring software-implemented platforms
for the analysis and protection of digital activities,
communications, and accounts; email and messaging management
services for others, namely, threat protection in the nature
of monitoring computing systems to detect unauthorized
access, data breach, and data exfiltration and storing
digital communications recorded in electronic media;
software as a service (SaaS) featuring software for the
analysis and protection of the security of network
communications, cybersecurity, email management virus
protection, email archiving, email continuity, and email
security; computer security consultancy.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Computer services for evaluating email and relational items to identify fraudulent vendors and then monitoring conduct of those fraudulent vendors on an ongoing basis, namely, providing a computer program featuring technology for evaluating email and relational items to identify security threats; computer services for recording behaviors of vendors deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving vendors to identify security threats; computer services for tracking digital activities of vendors determined to be fraudulent based on an analysis of emails sent by those vendors, namely, monitoring digital communications involving vendors determined to be fraudulent to identify security threats; computer services for generating a federated collection of vendor behaviors to prevent security threats, namely, identifying and cataloging vendor behaviors through analysis of digital communications; computer services for generating a federated blacklist of vendors and associated behaviors to prevent fraud, namely, establishing a federated blacklist by analyzing digital communications involving vendors; computer services for creating, populating, and managing blacklists of vendors determined to be security threats due to involvement in past digital activities, namely, maintaining blacklists of vendors for the purpose of identifying security threats; computer services for analyzing digital activities to discover security threats, namely, examining the content and context of digital activities to identify security threats; computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats, namely, examining the content and context of digital communications to identify security threats; computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; computer security services, namely, monitoring, detecting, and remediating instances of account takeover; software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Computer services for evaluating email and relational items to identify fraudulent individuals and then monitoring conduct of those fraudulent individuals on an ongoing basis, namely, providing a computer program featuring technology for evaluating email and relational items to identify security threats; computer services for recording behaviors of individuals deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving individuals to identify security threats; computer services for tracking digital activities of individuals determined to be fraudulent based on an analysis of emails sent by those vendors; computer services for generating a federated collection of individual behaviors to prevent security threats, namely, identifying and cataloging individual behaviors through analysis of digital communications; computer services for generating a federated blacklist of individuals and associated behaviors to prevent fraud; computer services for creating, populating, and managing blacklists of individuals determined to be security threats due to involvement in past digital activities; computer services for analyzing digital activities to discover security threats; computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats; security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; security services, namely, monitoring, detecting, and remediating instances of account takeover; software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy.
57.
Discovering email account compromise through assessments of digital activities
Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 29/06 - Communication control; Communication processing characterised by a protocol
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer services for evaluating email and relational items to identify fraudulent individuals and then monitoring conduct of those fraudulent individuals on an ongoing basis, namely, providing a computer program featuring technology for evaluating email and relational items to identify security threats; Computer services for recording behaviors of individuals deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications to identify security threats; Computer services for tracking digital activities of individuals determined to be fraudulent based on an analysis of emails sent by those individuals, namely, monitoring digital communications involving individuals determined to be fraudulent to identify security threats; Computer services for generating a federated collection of individual behaviors to prevent security threats, namely, identifying and cataloging individual behaviors through analysis of digital communications; Computer services for generating a federated blacklist of individuals and associated behaviors to prevent fraud, namely, establishing a federated blocklist by analyzing digital communications; Computer services for creating, populating, and managing blacklists of individuals determined to be security threats due to involvement in past digital activities, namely, maintaining blacklists of individuals for the purpose of identifying security threats; Computer services for analyzing digital activities to discover security threats, namely, examining the content and context of digital activities to identify security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats, namely, examining the content and context of digital communications to identify security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, monitoring, detecting, and remediating instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer services for evaluating email and relational items to identify fraudulent vendors and then monitoring conduct of those fraudulent vendors on an ongoing basis, namely, providing a computer program featuring technology for evaluating email and relational items to identify security threats; Computer services for recording behaviors of vendors deemed to be fraudulent in a blacklist for security purposes, namely, identifying and examining digital communications involving vendors to identify security threats; Computer services for tracking digital activities of vendors determined to be fraudulent based on an analysis of emails sent by those vendors, namely, monitoring digital communications involving vendors determined to be fraudulent to identify security threats; Computer services for generating a federated collection of vendor behaviors to prevent security threats, namely, identifying and cataloging vendor behaviors through analysis of digital communications; Computer services for generating a federated blacklist of vendors and associated behaviors to prevent fraud, namely, establishing a federated blacklist by analyzing digital communications involving vendors; Computer services for creating, populating, and managing blacklists of vendors determined to be security threats due to involvement in past digital activities, namely, maintaining blacklists of vendors for the purpose of identifying security threats; Computer services for analyzing digital activities to discover security threats, namely, examining the content and context of digital activities to identify security threats; Computer services for analyzing digital communications occurring across email and messaging platforms to discover security threats, namely, examining the content and context of digital communications to identify security threats; Computer security services, namely, online scanning, detecting, quarantining, and eliminating of viruses, worms, trojans, spyware, adware, malware, social engineering based instructions and exploits, and unauthorized data and programs from digital communications including emails and messages; Computer security services, namely, monitoring, detecting, and remediating instances of account takeover; Software as a service (SaaS) featuring software for the analysis and protection of digital activities, communications, and accounts; Platform as a service (PaaS) featuring software-implemented platforms for the analysis and protection of digital activities, communications, and accounts; Email and messaging management services for others, namely, threat protection in the nature of monitoring computing systems to detect unauthorized access, data breach, and data exfiltration and storing digital communications recorded in electronic media; Software as a service (SaaS) featuring software for the analysis and protection of the security of network communications, cybersecurity, email management virus protection, email archiving, email continuity, and email security; computer security consultancy
62.
Multistage analysis of emails to identify security threats
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.
09 - Scientific and electric apparatus and instruments
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software for ensuring the security of electronic mail;
electronic mail and messaging software; computer software
for collection, storage, analysis and presentation of data
for forensic analysis of security events and for security
compliance; computer software for the administration,
monitoring, management, assessment and quantification of
security and data breach vulnerability risks. Secure e-mail services. Computer services, namely, electronic mail protection and
security services; Software as a service (SaaS) featuring
software for use in the analysis and protection of the
security of email and network communications and data;
Platform as a service (PAAS) for use in the analysis and
protection of the security of email and network
communications and data; Email and messaging management
services for others, namely, threat protection in the nature
of computer virus protection services, monitoring of
computer systems for detecting unauthorized access or data
breach, and electronic storage of data and emails recorded
in electronic media; Software as a service (SAAS) featuring
software for use in the analysis and protection of the
security of email and network communications and data,
cybersecurity, email management virus protection, email
archiving, and email continuity and email security; design
and development of antivirus software; computer security
consultancy.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Electronic mail (email) protection and security services, namely, on-line scanning, detecting, quarantining and elimination of viruses, worms, trojans, spyware, adware, malware, social engineering based intrusions and exploits, and unauthorized data and programs from user electronic mails; Software as a service (SaaS) featuring software for the analysis and protection of the security of email and network communications and data; Platform as a service (PAAS) featuring computer software platforms for the analysis and protection of the security of email and network communications and data; email and messaging management services for others, namely, threat protection in the nature of computer virus protection services, monitoring of computer systems for detecting unauthorized access or data breach, and electronic storage of emails recorded in electronic media; Software as a service (SAAS) featuring software for the analysis and protection of the security of email and network communications and data, cybersecurity, email management virus protection, email archiving, email continuity and email security; computer security consultancy; none of the aforementioned related to data encryption services, design and development of downloadable mobile computer applications for computer devices or electronic data storage.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Electronic mail (email) protection and security services, namely, on-line scanning, detecting, quarantining and elimination of viruses, worms, trojans, spyware, adware, malware, social engineering based intrusions and exploits, and unauthorized data and programs from user electronic mails; Software as a service (SaaS) featuring software for the analysis and protection of the security of email and network communications and data; Platform as a service (PAAS) featuring computer software platforms for the analysis and protection of the security of email and network communications and data; Email and messaging management services for others, namely, threat protection in the nature of computer virus protection services, monitoring of computer systems for detecting unauthorized access or data breach, and electronic storage of emails recorded in electronic media; Software as a service (SAAS) featuring software for the analysis and protection of the security of email and network communications and data, cybersecurity, email management virus protection, email archiving, email continuity and email security; computer security consultancy; none of the aforementioned related to data encryption services, design and development of downloadable mobile computer applications for computer devices or electronic data storage
42 - Scientific, technological and industrial services, research and design
Goods & Services
Electronic mail (email) protection and security services, namely, on-line scanning, detecting, quarantining and elimination of viruses, worms, trojans, spyware, adware, malware, social engineering based intrusions and exploits, and unauthorized data and programs from user electronic mails; Software as a service (SaaS) featuring software for the analysis and protection of the security of email and network communications and data; Platform as a service (PAAS) featuring computer software platforms for the analysis and protection of the security of email and network communications and data; Email and messaging management services for others, namely, threat protection in the nature of computer virus protection services, monitoring of computer systems for detecting unauthorized access or data breach, and electronic storage of emails recorded in electronic media; Software as a service (SAAS) featuring software for the analysis and protection of the security of email and network communications and data, cybersecurity, email management virus protection, email archiving, email continuity and email security; computer security consultancy; none of the aforementioned related to data encryption services, design and development of downloadable mobile computer applications for computer devices or electronic data storage
