Prospective client identification using malware attack detection
US-9027135-B1 · May 5, 2015 · US
Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US12363151B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12363151-B2 |
| Application number | US-202318536232-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 12, 2023 |
| Priority date | Aug 8, 2017 |
| Publication date | Jul 15, 2025 |
| Grant date | Jul 15, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: accessing, by a central server, device data for a plurality of endpoint devices, wherein the plurality of endpoint devices forms a computer network, and wherein the device data is collected by a plurality of software agents, each software agent of the plurality of software agents operating on an endpoint device of the plurality of endpoint devices; aggregating, by the central server, the device data for the plurality of endpoint devices; and generating, by the central server, a visualization of the computer network based on the device data for the plurality of endpoint devices, wherein at least one endpoint device of the plurality of endpoint devices is located outside of a computer network firewall. 2. The computer-implemented method of claim 1 , wherein at least one of the plurality of endpoint devices comprises an Internet of Things (IoT) device. 3. The computer-implemented method of claim 1 , further comprising deriving, by the central server, a network map using a network topology. 4. The computer-implemented method of claim 1 , further comprising grouping, by the central server, the plurality of endpoint devices into one or more endpoint groupings. 5. The computer-implemented method of claim 4 , further comprising: deriving, from the visualization of the computer network, a model for the plurality of endpoint devices, wherein the model establishes a baseline of behavior or access restrictions for the one or more endpoint groupings; and transmitting the model from the central server to the plurality of software agents. 6. The computer-implemented method of claim 5 , further comprising assessing, by the plurality of software agents; activity of the plurality of endpoint devices to identify an anomaly relative to the baseline. 7. The computer-implemented method of claim 6 , further comprising applying, by the central server or the plurality of software agents, one or more group access rules to each endpoint grouping of the one or more endpoint groupings. 8. The computer-implemented method of claim 1 , further comprising scanning, by the central server or by the plurality of software agents, network communications of the plurality of endpoint devices to discover one or more additional endpoint devices without a corresponding autonomous software agent. 9. The computer-implemented method of claim 8 , further comprising: grouping, by the central server, the one or more additional endpoint devices into an endpoint grouping; and limiting an ability of the one or more additional endpoint devices to communicate with the plurality of endpoint devices forming the computer network. 10. The computer-implemented method of claim 1 , further comprising aggregating the device data for the plurality of endpoint devices with additional device data from one or more data centers or third-party services. 11. The computer-implemented method of claim 1 , wherein the visualization of the computer network is updated continuously in real-time based on the device data transmitted by the plurality of software agents. 12. The computer-implemented method of claim 1 , wherein the plurality of endpoint devices comprise one or more of a cellphone, server, virtual machine, laptop, tablet, desktop computer, Internet of Things (IoT) device, landline phone, wearable device, or smart home device. 13. The computer-implemented method of claim 1 , wherein at least one software agent of the plurality of software agents is configured to electronically communicate with the central server through a network firewall of the computer network. 14. The computer-implemented method of claim 1 , wherein the plurality of software agents are configured to scan the computer network to identify endpoint devices in or in proximity to the computer network. 15. The computer-implemented method of claim 1 , wherein the central server or the plurality of software agents is configured to analyze the device data to determine typical network access behaviors or processor behaviors of the plurality of endpoint devices. 16. The computer-implemented method of claim 1 , wherein the plurality of endpoint devices are grouped into endpoint clusters. 17. The computer-implemented method of claim 16 , wherein one or more endpoint devices of each endpoint cluster comprise one or more similar processing or network access patterns. 18. The computer-implemented method of claim 1 , wherein the plurality of software agents are configured to perform a point-in-time validation of the plurality of endpoint devices. 19. The computer-implemented method of claim 18 , wherein the point-in-time validation comprises a verification that no anomalous indicators are present on the plurality of endpoint devices.
Assignees
Inventors
Classifications
involving the movement of software or configuration parameters (network booting or remote initial program loading [RIPL] G06F9/4416) · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
- H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12363151B2 cover?
- Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can id…
- Who is the assignee on this patent?
- Sentinel Labs Israel Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 15 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).