MAT KADI TORA TUTTA LA LA LA LA LA MAWALA KA
`III IIIIIIII a mui uiu imi !jilt 1101211111011111)1111IIIIIIIIIIIIIIIIIIIIIIIIIIII
`US 20170251013A1
`( 19 ) United States
`(19) United States
`( 12 ) Patent Application Publication ( 10 ) Pub . No . : US 2017 / 0251013 A1
`(12) Patent Application Publication (10) Pub. No.: US 2017/0251013 Al
`( 43 ) Pub . Date :
`Aug . 31 , 2017
`Aug. 31, 2017
`Kirti et al .
`Kirti et al.
`(43) Pub. Date:
`
`( 54 ) TECHNIQUES FOR DISCOVERING AND
`(54) TECHNIQUES FOR DISCOVERING AND
`MANAGING SECURITY OF APPLICATIONS
`MANAGING SECURITY OF APPLICATIONS
`@ ( 71 ) Applicant : Oracle International Corporation ,
`(71) Applicant: Oracle International Corporation,
`Redwood Shores , CA ( US )
`Redwood Shores, CA (US)
`@ ( 72 ) Inventors : Ganesh Kirti , San Jose , CA ( US ) ;
`(72)
`Inventors: Ganesh Kirti, San Jose, CA (US);
`Kamalendu Biswas , San Ramon , CA
`Kamalendu Biswas, San Ramon, CA
`( US ) ; Sumedha Nalin Perera , San
`(US); Sumedha Nalin Perera, San
`Mateo , CA ( US ) ; Adina Florina Simu ,
`Mateo, CA (US); Adina Florina Simu,
`Menlo Park , CA ( US )
`Menlo Park, CA (US)
`
`@ ( 73 ) Assignee : Oracle International Corporation ,
`(73) Assignee: Oracle International Corporation,
`Redwood Shores , CA ( US )
`Redwood Shores, CA (US)
`
`@ ( 21 ) Appl . No . : 15 / 441 , 154
`(21) Appl. No.: 15/441,154
`( 22 ) Filed :
`Feb . 23 , 2017
`(22) Filed:
`Feb. 23, 2017
`Related U . S . Application Data
`Related U.S. Application Data
`Provisional application No . 62 / 300 , 715 , filed on Feb .
`( 60 ) Pro
`(60) Provisional application No. 62/300,715, filed on Feb.
`26 , 2016 , provisional application No . 62 / 460 , 716 ,
`26, 2016, provisional application No. 62/460,716,
`filed on Feb . 17 , 2017 .
`filed on Feb. 17, 2017.
`
`Publication Classification
`Publication Classification
`
`( 51 ) Int . CI .
`(51) Int. Cl.
`H04L 29 / 06
`( 2006 . 01 )
`(2006.01)
`H04L 29/06
`( 52 )
`U . S . CI .
`(52) U.S. Cl.
`CPC . . . . . H04L 63 / 1441 ( 2013 . 01 ) ; H04L 63 / 20
`H04L 63/1441 (2013.01); H04L 63/20
`CPC
`( 2013 . 01 ) ; H04L 63 / 1416 ( 2013 . 01 )
`(2013.01); H04L 63/1416 (2013.01)
`ABSTRACT
`( 57 )
`ABSTRACT
`(57)
`Techniques for discovery and management of applications in
`Techniques for discovery and management of applications in
`a computing environment of an organization are disclosed .
`a computing environment of an organization are disclosed.
`A security management system discovers use of applications
`A security management system discovers use of applications
`within a computing environment to manage access to appli
`within a computing environment to manage access to appli-
`cations for minimizing security threats and risks in a com
`cations for minimizing security threats and risks in a com-
`puting environment of the organization . The security man
`puting environment of the organization. The security man-
`agement system can obtain network data about network
`agement system can obtain network data about network
`traffic to identify unique applications . The security manage
`traffic to identify unique applications. The security manage-
`ment system can perform analysis and correlation , including
`ment system can perform analysis and correlation, including
`use of one or more data sources , to determine information
`use of one or more data sources, to determine information
`about an application . The system can compute a measure of
`about an application. The system can compute a measure of
`security for an application ( “ an application risk score ” ) and
`security for an application ("an application risk score") and
`a user ( " a user risk score ” ) . The score may be analyzed to
`a user ("a user risk score"). The score may be analyzed to
`determine a threat of security posed by the application based
`determine a threat of security posed by the application based
`on use of the application . The security system can perform
`on use of the application. The security system can perform
`one or more instructions to configure access permitted by an
`one or more instructions to configure access permitted by an
`application , whether access is denied or restricted .
`application, whether access is denied or restricted.
`
`Service Provider
`Service Provider
`210
`210
`
`3rd Party App
`3rd Party App
`214
`214
`
`Cloud Service Provider
`Cloud Service Provider
`212
`212
`
`Interface
`Interface
`220 220
`220
`
`Security
`Security
`Information
`Information
`282
`282
`
`Organization
`Organization
`Information
`Information
`284
`284
`
`Data Analysis
`Data Analysis
`System 236
`System 236
`
`Control
`Control
`Manager
`Manager
`272
`272
`
`626
`m
`ontage
`Log Collector 234 6
`244 22
`
`-
`Network
`Network
`Device ( s )
`Device(s)
`242
`242
`Computing Environment 240
`Computing Environment 240
`-
`- -
`-
`
`Network ( s ) 160
`Network(s) 160
`
`Firewall
`Firewall
`230
`23d
`
`!
`
`-
`
`•
`
`wwwwww
`
`Agent ( s )
`Agent(s)
`244
`
`Log
`Log
`Manager
`Manager
`246
`246
`
`Law
`-
`-
`-
`
`Agent ( s ) 1
`Agent(s)
`264
`264
`
`_
`
`—
`
`—
`
`Log
`Network
`Network
`Log
`Manager
`Device ( s )
`Device(s)
`Manager
`266
`262
`262
`266
`Computing Environment 260
`Computing Environment 260
`
`-
`
`-
`
`-
`
`-
`
`200
`200
`
`min
`
`Client
`Client
`Device ( s )
`Device(s)
`106
`106
`106 - 1 !
`106-1
`
`106-21
`
`-
`
`-
`
`-
`
`106 - N
`
`-
`
`-
`
`-
`
`-
`
`- -
`
`- -
`
`-
`
`-
`
`- -
`
`- -
`
`- -
`
`-
`
`- -
`
`- -
`
`- -
`
`-
`
`-
`
`- -
`
`- -
`
`-
`
`- -
`
`- -
`
`- -
`
`-
`
`-
`
`- -
`
`-
`
`Domain
`Domain
`Information
`Information
`286
`286
`Data Store ( s ) 280
`Data Store(s) 280
`Security Monitoring and Control System 102
`Security Monitoring and Control System 102
`Storage 222
`Security
`Domain
`Storage 222
`Security Domain
`App Info
`App Info
`Tenant Config
`Info
`Info
`Tenant Config
`Info
`Info
`232
`232
`Info 224
`226
`228
`Info 224
`226
`228
`Info
`| Security
`Info
`Secu ity
`Handler
`Analyzer
`Handler
`Analyzer
`238
`270
`238
`270
`Log Collector na
`-
`-
`-
`-
`-
`
`-
`
`-
`
`-
`
`WIZ, Inc. EXHIBIT - 1096
`WIZ, Inc. v. Orca Security LTD.
`
`
`III IIIIIIII a mui uiu imi !jilt 1101211111011111)1111IIIIIIIIIIIIIIIIIIIIIIIIIIII
`US 20170251013A1
`( 19 ) United States
`(19) United States
`( 12 ) Patent Application Publication ( 10 ) Pub . No . : US 2017 / 0251013 A1
`(12) Patent Application Publication (10) Pub. No.: US 2017/0251013 Al
`( 43 ) Pub . Date :
`Aug . 31 , 2017
`Aug. 31, 2017
`Kirti et al .
`Kirti et al.
`(43) Pub. Date:
`
`( 54 ) TECHNIQUES FOR DISCOVERING AND
`(54) TECHNIQUES FOR DISCOVERING AND
`MANAGING SECURITY OF APPLICATIONS
`MANAGING SECURITY OF APPLICATIONS
`@ ( 71 ) Applicant : Oracle International Corporation ,
`(71) Applicant: Oracle International Corporation,
`Redwood Shores , CA ( US )
`Redwood Shores, CA (US)
`@ ( 72 ) Inventors : Ganesh Kirti , San Jose , CA ( US ) ;
`(72)
`Inventors: Ganesh Kirti, San Jose, CA (US);
`Kamalendu Biswas , San Ramon , CA
`Kamalendu Biswas, San Ramon, CA
`( US ) ; Sumedha Nalin Perera , San
`(US); Sumedha Nalin Perera, San
`Mateo , CA ( US ) ; Adina Florina Simu ,
`Mateo, CA (US); Adina Florina Simu,
`Menlo Park , CA ( US )
`Menlo Park, CA (US)
`
`@ ( 73 ) Assignee : Oracle International Corporation ,
`(73) Assignee: Oracle International Corporation,
`Redwood Shores , CA ( US )
`Redwood Shores, CA (US)
`
`@ ( 21 ) Appl . No . : 15 / 441 , 154
`(21) Appl. No.: 15/441,154
`( 22 ) Filed :
`Feb . 23 , 2017
`(22) Filed:
`Feb. 23, 2017
`Related U . S . Application Data
`Related U.S. Application Data
`Provisional application No . 62 / 300 , 715 , filed on Feb .
`( 60 ) Pro
`(60) Provisional application No. 62/300,715, filed on Feb.
`26 , 2016 , provisional application No . 62 / 460 , 716 ,
`26, 2016, provisional application No. 62/460,716,
`filed on Feb . 17 , 2017 .
`filed on Feb. 17, 2017.
`
`Publication Classification
`Publication Classification
`
`( 51 ) Int . CI .
`(51) Int. Cl.
`H04L 29 / 06
`( 2006 . 01 )
`(2006.01)
`H04L 29/06
`( 52 )
`U . S . CI .
`(52) U.S. Cl.
`CPC . . . . . H04L 63 / 1441 ( 2013 . 01 ) ; H04L 63 / 20
`H04L 63/1441 (2013.01); H04L 63/20
`CPC
`( 2013 . 01 ) ; H04L 63 / 1416 ( 2013 . 01 )
`(2013.01); H04L 63/1416 (2013.01)
`ABSTRACT
`( 57 )
`ABSTRACT
`(57)
`Techniques for discovery and management of applications in
`Techniques for discovery and management of applications in
`a computing environment of an organization are disclosed .
`a computing environment of an organization are disclosed.
`A security management system discovers use of applications
`A security management system discovers use of applications
`within a computing environment to manage access to appli
`within a computing environment to manage access to appli-
`cations for minimizing security threats and risks in a com
`cations for minimizing security threats and risks in a com-
`puting environment of the organization . The security man
`puting environment of the organization. The security man-
`agement system can obtain network data about network
`agement system can obtain network data about network
`traffic to identify unique applications . The security manage
`traffic to identify unique applications. The security manage-
`ment system can perform analysis and correlation , including
`ment system can perform analysis and correlation, including
`use of one or more data sources , to determine information
`use of one or more data sources, to determine information
`about an application . The system can compute a measure of
`about an application. The system can compute a measure of
`security for an application ( “ an application risk score ” ) and
`security for an application ("an application risk score") and
`a user ( " a user risk score ” ) . The score may be analyzed to
`a user ("a user risk score"). The score may be analyzed to
`determine a threat of security posed by the application based
`determine a threat of security posed by the application based
`on use of the application . The security system can perform
`on use of the application. The security system can perform
`one or more instructions to configure access permitted by an
`one or more instructions to configure access permitted by an
`application , whether access is denied or restricted .
`application, whether access is denied or restricted.
`
`Service Provider
`Service Provider
`210
`210
`
`3rd Party App
`3rd Party App
`214
`214
`
`Cloud Service Provider
`Cloud Service Provider
`212
`212
`
`Interface
`Interface
`220 220
`220
`
`Security
`Security
`Information
`Information
`282
`282
`
`Organization
`Organization
`Information
`Information
`284
`284
`
`Data Analysis
`Data Analysis
`System 236
`System 236
`
`Control
`Control
`Manager
`Manager
`272
`272
`
`626
`m
`ontage
`Log Collector 234 6
`244 22
`
`-
`Network
`Network
`Device ( s )
`Device(s)
`242
`242
`Computing Environment 240
`Computing Environment 240
`-
`- -
`-
`
`Network ( s ) 160
`Network(s) 160
`
`Firewall
`Firewall
`230
`23d
`
`!
`
`-
`
`•
`
`wwwwww
`
`Agent ( s )
`Agent(s)
`244
`
`Log
`Log
`Manager
`Manager
`246
`246
`
`Law
`-
`-
`-
`
`Agent ( s ) 1
`Agent(s)
`264
`264
`
`_
`
`—
`
`—
`
`Log
`Network
`Network
`Log
`Manager
`Device ( s )
`Device(s)
`Manager
`266
`262
`262
`266
`Computing Environment 260
`Computing Environment 260
`
`-
`
`-
`
`-
`
`-
`
`200
`200
`
`min
`
`Client
`Client
`Device ( s )
`Device(s)
`106
`106
`106 - 1 !
`106-1
`
`106-21
`
`-
`
`-
`
`-
`
`106 - N
`
`-
`
`-
`
`-
`
`-
`
`- -
`
`- -
`
`-
`
`-
`
`- -
`
`- -
`
`- -
`
`-
`
`- -
`
`- -
`
`- -
`
`-
`
`-
`
`- -
`
`- -
`
`-
`
`- -
`
`- -
`
`- -
`
`-
`
`-
`
`- -
`
`-
`
`Domain
`Domain
`Information
`Information
`286
`286
`Data Store ( s ) 280
`Data Store(s) 280
`Security Monitoring and Control System 102
`Security Monitoring and Control System 102
`Storage 222
`Security
`Domain
`Storage 222
`Security Domain
`App Info
`App Info
`Tenant Config
`Info
`Info
`Tenant Config
`Info
`Info
`232
`232
`Info 224
`226
`228
`Info 224
`226
`228
`Info
`| Security
`Info
`Secu ity
`Handler
`Analyzer
`Handler
`Analyzer
`238
`270
`238
`270
`Log Collector na
`-
`-
`-
`-
`-
`
`-
`
`-
`
`-
`
`WIZ, Inc. EXHIBIT - 1096
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 1 of 31
`i£ Jo I Jamis LJOZ `i£ tinT
`
`US 2017 / 0251013 A1
`IV £i0ISZO/LIOZ SR
`
`Control System rs
`
`Security Monitoring and
`102
`
`and Control
`Monitoring
`102 Security
`
`Wireless tower
`
`
`
`Wireless tower
`
`I
`
`service
`
`service
`
`104
`
`104
`
`service
`
`service
`
`106
`
`106
`
`112
`
`112
`
`110
`
`110
`
`110
`
`110
`
`100
`
`100
`
`FIG. 1A
`
`FIG . 1A
`
`Client
`
`Client
`
`. .
`
`106
`
`106
`
`Network
`
`Network
`
`System
`
`Client
`
`Client
`
`Client
`
`Client
`
`106 -
`
`106
`
`Client
`
`Client
`
`106
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 2 of 31
`i£ JO Z wits Lioz `i£ tnv
`
`US 2017 / 0251013 A1
`IV £i0TSZO/LTOZ SR
`
`Intranet 170
`
`Intranet
`
`170
`
`106 Client
`
`
`
`106 Client
`
`Firewall
`
`142
`Firewall
`
`142
`
`106 Client
`
`
`
`106 Client
`
`Service Provider
`
`Third Party
`
`
`Party Service Provider 124
`Third
`
`FIG. 1B
`
`FIG . 1B
`
`106 Client
`
`
`
`106 Client
`
`124
`
`User 140
`
`User 140
`
`Network(s) 160
`
`Network ( s ) 160
`
`Unknown Apps Provider
`
`
`
`
`
`Unknown Apps Provider 122 122
`
`122
`
`and Control System
`Security Monitoring
`102
`
`
`Security Monitoring and
`
`Control System
`
`102
`
`150 ,\
`
`106 Client
`
`
`
`106 Client
`
`Trusted Apps Provider
`
`
`
`
`
`Trusted Apps Provider 120
`
`120
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 3 of 31
`i£ JO £ Jamis LJOZ `i£ tnv
`
`US 2017 / 0251013 A1
`TV £i0TSZO/LTOZ SR
`
`.
`
`.
`
`...,
`
`i.
`
`Internet 160
`
`
`
`Internet 160
`
`FIG. 1C
`
`FIG . 1C
`
`Intranet 170
`
`Intranet 170
`
`Service Provider System(s) 180
`
`
`
`
`
`Service Provider System ( s ) 180
`
`Application Usage Tracking
`
`
`
`
`
`Application Usage Tracking Server 184
`
`Server 184
`
`Management (MDM)
`
`Management ( MDM )
`
`Service 182
`
`Service 182
`
`Mobile Device
`
`
`
`Mobile Device
`
`Third-Party Unauthorized Apps 124
`
`Third - Party Unauthorized Apps 124
`
`
`
`
`
`
`
`Unauthorized Apps 122
`
`
`
`Unauthorized Apps 122
`
`* * *
`
`* *
`
`* * * *
`
`Firewall 142
`
`Network Firewall 142
`
`Network
`
`4444444444444444444444444444444
`
`App Firewall
`
`Firewall App Firewall App
`
`
`144
`4
`
`144
`
`Client Devices 106
`
`(outside office)
`
`
`
`Client Devices 106 ( outside
`office ) * *
`
`000
`
`000 000
`
`.
`
`2000 . 000 . 000
`
`VP
`
`Client Devices 106
`
`(inside office)
`
`
`
`
`
`Client Devices 106 ( inside
`office )
`
`150 -
`
`150
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 4 of 31
`i£ JO 17 Jamis LJOZ `i£ tnv
`
`US 2017 / 0251013 A1
`IV £i0TSZO/LTOZ SR
`
`i
`
`-
`
`- -
`
`Log Manager 246
`
`Manager
`
`Log
`
`246
`
`- -
`
`Control Manager
`
`272
`
`272
`
`Manager
`Control
`
`App Info
`
`App Info
`
`232
`
`232
`
`Data Store(s) 280
`
`
`
`Data Store ( s ) 280
`
`Manager 266
`
`266
`
`Log
`
`r om
`
`nome f
`
`o
`
`Log
`
`Manager
`
`
`
`-
`
`-
`
`-
`
`-
`
`
`
`Computing Environment 240
`
`264
`
`
`
`momento com
`
`- -
`
`- -
`
`Agent(s)
`
`Agent ( s ) 244
`
`244
`
`270
`
`Analyzer
`Securi y
`
`238
`
`Handler
`
`Info
`
`
`Security Handler Analyzer 238 270 Log Collector 234
`Info
`
`- - - - -
`
`Log Collector 234
`
`
`
`
`
`228
`Info
`
`Info
`
`226
`Info
`
`
`
`Security Domain
`
`Security Domain
`
`
`
`
`
`
`
`
`
`Security Monitoring and Control System 102
`
`286
`
`Information
`
`Domain
`
`284
`
`284
`
`Information
`Organization
`
`Info 224 | 226 228
`
`
`Tenant Config Info
`Storage 222
`
`Tenant Config
`
`Storage 222
`
`System 236
`Data Analysis
`
`Info 224
`
`236 Data Analysis System
`
`
`Interface 220
`
`220
`
`Interface
`
`Security Monitoring and Control System 102
`
`Domain Information 286
`Organization Information
`Security Information
`
`282
`
`282
`
`Information
`Security
`
`3rd Party App
`
`3rd Party App
`
`214
`
`214
`
`
`
`212
`
`Service Provider
`
`
`
`210
`
`210
`
`Service Provider
`
`Device(s)
`
`Client
`
`Client Device ( s )
`
`2000
`
`200
`
`Computing Environment 260
`
`
`
`Computing Environment 260
`
`- -
`
`- -
`
`- - -
`
`- - -
`
`Agent(s)
`
`Agent ( s )
`264
`- - - - - - - - - - -
`
`- -
`
`Computing Environment 240
`
`Network
`
`Device(s)
`Network
`
`Device ( s )
`262
`
`262
`
`Network Device ( s ) 1242
`
`Device(s)
`Network
`1
`
`242
`
`2309
`Firewall
`
`Firewall
`
`FIG. 2
`
`FIG . 2
`
`Network(s) 160
`
`Network ( s ) 160
`
`www
`
`www www www
`
`106-N
`
`pe 106 - N
`
`- .
`
`-
`
`106-21
`
`06 - 2
`
`106-1
`
`106 - 1 !
`
`<Z;),
`
`106
`
`106
`
`Format HEDE 212
`
`Cloud Service Provider
`
`
`
`
`
`Cloud Service Provider
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 5 of 31
`i£ JO S wits Lioz `i£ tnv
`
`US 2017 / 0251013 A1
`IV £i0TSZO/LTOZ SR
`
`OPT - 1
`
`318
`
`318
`
`Third party feed
`
`Third party feed
`
`
`
`
`
` J
`317 I
`
`Tenant base lines i
`
`
`- - - - - 311
`
`Tenant base lines
`
`w
`
`w
`
`w
`
`w
`
`ww mw w
`
`316
`Analytics Visualization
`
`
`
`Analytics Visualization
`
`316
`
`FIG. 3
`
`FIG . 3
`
`processor 302
`
`processor
`
`302
`
`Analytics & Threat Intelligence Repository
`Landing Repository
`
`Repository
`Landing
`
`3'10
`
`310
`
`Repository
`Intelligence
`
`Analytics & Threat
`
`311
`
`311
`
`Identity Repository
`User
`
`Repository
`User Identity
`
`(Operational Data)
`Application Catalog
`
`
`
`Application Catalog ( Operational
`
`Data )
`
`
`
`309
`
`309
`
`308
`
`308
`
`314
`
`
`
`Console : Controls Administration Management
`
`314
`Controls Management
`Administration Console:
`
`
`
`User Interface Components
`
`
`
`
`
`User Interface Components
`
`313
`Incident Remediation Application
`
`
`
`
`
`Incident Remediation Application
`
`313
`
`Threat Detection and Prediction
`
`Analytics Application
`
`
`Prediction Analytics Application
`Threat Detection and
`
`
`
`312
`
`312
`
`Analytics Application 313
`Descriptive
`
`Application
`
`Descriptive Analytics
`
`313
`
`306
`
`306
`
`Loader application
`Data
`
`application
`Data Loader
`
`304
`
`Seeder application 304
`Cloud
`
`application
`Cloud Seeder
`
`302
`
`302
`
`application
`
`Crawler application
`Cloud
`
`Cloud Crawler
`
`300
`
`300
`
`321
`
`321
`
`Third party feed
`
`
`
`
`
`Third party feed
`
`320
`
`320
`Third party feed
`
`Third party feed
`
`
`
`
`
`O
`O
`O
`
`wwwwwwwwwwwwwww
`
`
`
`Patent Application Publication Aug . 31 , 2017 Sheet 6 of 31
`Patent Application Publication Aug. 31, 2017 Sheet 6 of 31
`
`US 2017 / 0251013 A1
`US 2017/0251013 Al
`
`400
`400
`Tho
`
`(
`
`START
`START )
`
`Connect to cloud
`Connect to cloud
`
`402
`402
`
`Collect information about cloud
`Collect information about cloud
`application security controls
`application security controls
`( software defined security
`(software defined security
`configuration data )
`configuration data)
`
`- 404
`..,,,,,,--- 404
`
`Generate security controls
`Generate security controls
`metadata
`metadata
`
`- 406
`,_____,-- 406
`
`Categorize security controls
`Categorize security controls
`metadata
`metadata
`
`- 408
`__________ 408
`
`Load security controls metadata
`Load security controls metadata
`into application catalog database
`into application catalog database
`
`- 410
`,.______--- 410
`
`(
`
`)
`
`END
`END
` END
`FIG . 4
`FIG. 4
`
`
`
`Patent Application Publication Aug . 31 , 2017 Sheet 7 of 31
`Patent Application Publication Aug. 31, 2017 Sheet 7 of 31
`
`US 2017 / 0251013 A1
`US 2017/0251013 Al
`
`500
`500
`ti
`
`C START )
`
`START
`
`Connect to one or more clouds
`Connect to one or more clouds
`
`502
`
`- Catatron target V 504
`cloud ( s ) U
`
`Retrieve activity data from target
`Retrieve activity data from target
`cloud(s)
`
`Store activity data in analytics
`Store activity data in analytics
`database
`database
`
`Categorize and structure activity
`Categorize and structure activity
`data
`data
`
`-
`-
`-
`-
`-
`-
`-
`-
`-
`-
`-
`-
`I
`| Generate system reports and / or
`I Generate system reports and/or
`threat intelligence
`I
`threat intelligence
`I
`
`me 506
`
`508
`
`510
`510
`
`END
`END
`
`FIG . 5
`FIG. 5
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 8 of 31
`i£ Jo 8 taallS LJOZ `i£ 't "V
`
`US 2017 / 0251013 A1
`IV £i0TSZO/LTOZ SR
`
`Alerts : Messages HLUT -
`
`318
`
`318
`
`
`Third party feed
`
`Third party feed
`
`Alerts: Messages
`
`workflows; approval
`
`Integration: IT
`
`Integration : IT workflows ; approval systems
`
`systems
`
`321
`
`
`Third party feed
`
`321
`
`Third party feed
`
`O
`O
`O
`
`320
`
`320
`
`
`Third party feed
`
`Third party feed
`
`FIG. 6
`
`FIG . 6
`
`Analytics & Threat Intelligence Repository
`
`Repository
`Intelligence
`
`► Analytics & Threat
`
`611
`
`611
`
` J
`I
`_
`
`617 1
`
`
`
`617
`Tenant base lines
`
`
`
`
`
`L - - - - 611 | Tenant base lines
`
`-
`
`-
`
`-
`
`Visualization : remediation
`
`remediation
`Visualization:
`
`Automated Remediation
`
`
`
`Automated Remediation
`
`User and applications
`
`activity data
`
`data User and applications activity
`
`
`
`
`
`Analyze
`
`Analyze
`
`incidents; integration
`Report actionable
`
`enterprise systems
`Report actionable incidents ; integration into
`
`systems
`
`into enterprise
`
`
`
`learning techniques
`risks using machine
`Discover threats and
`
`
`machine learning techniques
`using Discover threats and risks
`
`
`
`Commercial sources
`
`
`
`Commercial sources
`
`intelligence research
`
`and threat
`
`Proprietary attack
`
`
`threat intelligence research
`
`Proprietary attack and
`
`source community
`Open
`
`community
`Open source
`
`Assert
`
`Assert
`
`600
`
`600
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 9 of 31
`i£ Jo 6 Jaaus Lioz `i£ tinT
`
`US 2017 / 0251013 A1
`IV £i0TSZO/LTOZ SR
`
`Third-party app
`
`registry 706
`
`app registry 706
`Third - party
`
`score feed 740—
`App details & risk
`
`
`details & risk score feed 740
`App
`
`event details 736
`User names and
`risk score 734
`Evaluate user
`
`
`Evaluate user risk
`
`
`details 736 score 734 User names and event
`
`
`Sorter
`
`remontering
`
`unique app names 728
`List
`
`List unique app
`
`names 728
`
`Download app events 722
`
`Discover third-party apps
`
`wovens 2
`
`
`
`Download app events 722
`
`
`Discover third - party apps 724
`
`
`apps 726 Store events from third party
`
`
`
`
`
`
`724 y;
`
`FIG. 7
`
`FIG . 7
`
`registry 704
`App risk score
`
`score registry 704 App risk
`
`
`
`
`
`Control System 102
`Security Monitoring and
`
`
`
`
`
`
`
`Security Monitoring and Control System 102
`
`Store events from third-
`
`party apps 726
`
`event details 732
`Display user and
`
`
`
`
`
`
`
`
`
`Display e en Display user and event details 732
`
`REST Service
`
`
`
`REST Service
`
`third-party apps 730
`Display discovered
`
`
`Display discovered third - party
`apps 730 bis la discovered
`
`A
`
`REST Service
`
`
`
`REST Service
`
`Register an app 720
`
`Register an apo 720
`Register an app 720
`
`
`Client Console 702
`
`Client Console 702
`
`700
`
`700
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 10 of 31
`i£ JO ca wits LJOZ `i£ tinT
`
`US 2017 / 0251013 A1
`IV £i01SZ0/L1OZ SR
`
`FIG. 8
`
`FIG . 8
`
`,....__
`
`registry 806
`
`risk score registry 806
`App
`
`score
`App risk
`
`score feed 846
`App details & risk
`
`
`
`details & risk score feed 846
`App
`
`—,-
`
`___--
`
`.........
`
`apps registry
`Third-party
`
`
`
`Third - party apps registry 804
`
`804
`
`Control System 102
`Security Monitoring and
`
`
`
`
`
`System 102 Security Monitoring and Control
`
`
`
`
`
`User names and event details 844
`
`
`
`
`
`Discover third-party apps
`
`Discover third - party apps
`
`
`826
`
`826
`
`Parse logs 824
`
`
`
`
`
`Parse logs 824
`
`/
`
`Ingest logs 820
`
`
`
`
`
`Ingest logs 820
`
`Client Console 802
`
`
`
`Client Console 802
`
`800
`
`800
`
`
`
`
`
`User names and event details 844
`
`risk score 842
`Evaluate user
`
`
`
`Evaluate user risk
`score 842
`
`User details
`
`
`
`User details 834
`
`834
`
`with appnames 832
`Log discovery report
`
`
`Log discovery report with
`
`appnames 832
`
`Log processing
`
`4
`
`'-
`
`status 830
`
`
`Log processing status
`830
`
`List unique app names 840
`
`
`
`
`unique app names 240 List unique app names 840 Lis
`
`
`
`
`
`
`
`Stage logs 822
`
`
`
`Stage logs 822
`
`REST Service
`
`
`
`REST Service
`
`I REST Service
`
`
`
`REST Service
`
`1
`
`REST Service
`
`
`
`REST Service
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 11 of 31
`i£ Jo H taallS LLOZ `i£ tIlV
`
`US 2017 / 0251013 A1
`TV £i0TSZO/LTOZ SR
`
`It'_•
`
`Feedback 910
`
`910
`Feedback
`
`\
`
`FIG. 9
`
`FIG . 9
`
`In(Wn) ) I ( Wi +W2 + Wn )
`
`
`
`Combined Score = ( 11 ( W1 ) + 12 ( W2 ) + . . . . . In ( WA ) ) / ( Wa + W2 + . . . WA )
`
`Adjusted Score 912
`
`
`
`Adjusted Score 912
`
`Regression Analysis
`914
`
`Analysis 914
`Regression
`
`908
`Combined Score = ( II(W) +12(W2) +
`
`908
`
`Wi..Wn: Weights 906
`11..ln: Indicators 904
`Si..Sn: Data sources 902
`
`
`
`
`
`S . . . S : Data sources 902 1 . . : Indicators 904 W . . W : Weights 906
`
`Combined Score 908
`
`
`
`Combined Score 908
`
`W2, • • • Wn)
`
`Weights 906
`
`Weights 906 ( W2 , W2 , . . . Wn )
`
`444444
`
`r
`
`S„
`
`"
`
`Sz
`
`S2
`
`Si
`
`S ,
`
`202
`
`
`
`Risk Score Feeds 902
`
`Risk Score Feeds 902
`
`900
`
`900
`
`
`
`Patent Application Publication Aug . 31 , 2017 Sheet 12 of 31
`US 2017 / 0251013 A1
`Patent Application Publication Aug. 31, 2017 Sheet 12 of 31 US 2017/0251013 Al
`
`1000
`1000
`
`START
`START
`
`l'.
`Collect application information
`Collect application information
`1002
`1002
`
`r
`
`Combine information to detect
`Combine information to detect
`application ( s ) with one or more
`application(s) with one or more
`security vulnerabilities
`security vulnerabilities
`1004
`1004
`
`Determine security features
`Determine security features
`1006
`1006
`
` •
`
`Compute security score of
`Compute security score of
`| application { s )
`application(s)
`1008
`1008
`
`END
`END
`1010
`1010
`
`FIG . 10
`FIG. 10
`
`
`
`Patent Application Publication
`Aug . 31 , 2017 Sheet 13 of 31
`US 2017 / 0251013 A1
`Patent Application Publication Aug. 31, 2017 Sheet 13 of 31 US 2017/0251013 Al
`
`1100
`1100
`
`(
`
`START
`START
`
`)
`
`•
`OBTAIN DATA ABOUT NETWORK ACTIVITY BY A USER ON A NETWORK 1102
`OBTAIN DATA ABOUT NETWORK ACTIVITY BY A USER ON A NETWORK 1102
`
`v.
`USING THE INFORMATION, DETERMINE ONE OR MORE APPLICATIONS THAT HAVE BEEN ACCESSED BY
`USING THE INFORMATION , DETERMINE ONE OR MORE APPLICATIONS THAT HAVE BEEN ACCESSED BY
`THE USER 1104
`THE USER 1104
`
`DETERMINE ACCESS INFORMATION FOR EACH OF THE ONE OR MORE APPLICATIONS THAT HAVE BEEN
`DETERMINE ACCESS INFORMATION FOR EACH OF THE ONE OR MORE APPLICATIONS THAT HAVE BEEN
`ACCESSED BY THE USER 1106
`ACCESSED BY THE USER 1106
`
`•
`DETERMINE DOMAIN INFORMATION ABOUT A PROVIDER SYSTEM THAT PROVIDES EACH OF THE ONE
`DETERMINE DOMAIN INFORMATION ABOUT A PROVIDER SYSTEM THAT PROVIDES EACH OF THE ONE
`OR MORE APPLICATIONS 1108
`OR MORE APPLICATIONS 1108
`
`DETERMINE ORGANIZATION INFORMATION FOR
`DETERMINE ORGANIZATION INFORMATION FOR
`EACH OF THE ONE OR MORE APPLICATIONS
`EACH OF THE ONE OR MORE APPLICATIONS
`1110
`1110
`
`DETERMINE SECURITY INFORMATION ABOUT
`DETERMINE SECURITY INFORMATION ABOUT
`EACH OF THE ONE OR MORE APPLICATIONS
`EACH OF THE ONE OR MORE APPLICATIONS
`1112
`1112
`
`++
`COMPUTE A MEASURE OF SECURITY FOR EACH OF THE ONE OR MORE APPLICATIONS THAT HAVE
`COMPUTE A MEASURE OF SECURITY FOR EACH OF THE ONE OR MORE APPLICATIONS THAT HAVE
`BEEN ACCESSED 1114
`
`www ww www www
`- www
`PROVIDE AN INTERACTIVE DISPLAY OF INFORMATION ABOUT EACH OF THE APPLICATION THAT HAVE
`(-PROVIDE AN INTERACTIVE DISPLAY OF INFORMATION ABOUT EACH OF THE APPLICATION THAT HAVE
`BEEN ACCESSED 1116
`BEEN ACCESSED 1116
`
`BEEN ACCESSED 1114 L
`
` •
`
` 4
`
`•
`PERFORM A REMEDIATION ACTION FOR EACH OF THE ONE OR MORE APPLICATIONS THAT HAVE BEEN
`PERFORM A REMEDIATION ACTION FOR EACH OF THE ONE OR MORE APPLICATIONS THAT HAVE BEEN
`ACCESSED 1118
`ACCESSED 1118
`♦
`END 1120
`END 1120
`FIG . 11
`FIG. 11
`
`(
`
`)
`
`
`
`Patent Application Publication
`Aug . 31 , 2017 Sheet 14 of 31
`US 2017 / 0251013 A1
`Patent Application Publication Aug. 31, 2017 Sheet 14 of 31 US 2017/0251013 Al
`
`1200
`1200
`
`C
`
`Twe
`
`START
`START
`
`OBTAIN , FROM A FIRST SERVICE PROVIDER SYSTEM , FIRST DATA ABOUT ONE OR MORE APPLICATIONS
`OBTAIN, FROM A FIRST SERVICE PROVIDER SYSTEM, FIRST DATA ABOUT ONE OR MORE APPLICATIONS
`ACCESSED BY A USER FROM THE FIRST SERVICE PROVIDER SYSTEM ON A NETWORK 1202
`ACCESSED BY A USER FROM THE FIRST SERVICE PROVIDER SYSTEM ON A NETWORK 1202
`
`•
`OBTAIN, FROM A SECOND SERVICE PROVIDER SYSTEM, SECOND DATA ABOUT ONE OR MORE
`OBTAIN , FROM A SECOND SERVICE PROVIDER SYSTEM , SECOND DATA ABOUT ONE OR MORE
`APPLICATIONS ACCESSED BY THE USER FROM THE SECOND SERVICE PROVIDER SYSTEM ON THE
`APPLICATIONS ACCESSED BY THE USER FROM THE SECOND SERVICE PROVIDER SYSTEM ON THE
`NETWORK 1204
`NETWORK 1204
`
`DETERMINE , USING THE FIRST DATA AND THE SECOND DATA , ACCESS INFORMATION FOR AN
`DETERMINE, USING THE FIRST DATA AND THE SECOND DATA, ACCESS INFORMATION FOR AN
`APPLICATION THAT HAS BEEN ACCESSED BY A USER 1206
`APPLICATION THAT HAS BEEN ACCESSED BY A USER 1206
`
`•
`DETERMINE DOMAIN INFORMATION ABOUT A PROVIDER SYSTEM THAT PROVIDES THE APPLICATION
`DETERMINE DOMAIN INFORMATION ABOUT A PROVIDER SYSTEM THAT PROVIDES THE APPLICATION
`1208
`1208
`
` •
`
`DETERMINE ORGANIZATION INFORMATION FOR
`DETERMINE ORGANIZATION INFORMATION FOR
`THE APPLICATION 1210
`THE APPLICATION 1210
`
`DETERMINE SECURITY INFORMATION ABOUT
`DETERMINE SECURITY INFORMATION ABOUT
`THE APPLICATION 1212
`THE APPLICATION 1212
`
` •
`
`COMPUTE A MEASURE OF SECURITY FOR THAT APPLICATION THAT HAS BEEN ACCESSED 1214
`COMPUTE A MEASURE OF SECURITY FOR THAT APPLICATION THAT HAS BEEN ACCESSED 1214
`
`r- PROVIDE AN INTERACTIVE DISPLAY OF INFORMATION ABOUT THE APPLICATION THAT HAS BEEN
`PROVIDE AN INTERACTIVE DISPLAY OF INFORMATION ABOUT THE APPLICATION THAT HAS BEEN
`ACCESSED 1216
`ACCESSED 1216
`
`PERFORM A REMEDIATION ACTION FOR THE APPLICATION THAT HAS BEEN ACCESSED 1218
`PERFORM A REMEDIATION ACTION FOR THE APPLICATION THAT HAS BEEN ACCESSED 1218
`END 1220
`FIG . 12
`FIG. 12
`
`♦
`END 1220 )
`
`(
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 15 of 31
`i£ JO Si Jaaus Lioz `i£ tnv
`
`US 2017 / 0251013 A1
`IV £i0TSZO/LTOZ SR
`
`FIG. 13
`
`FIG . 13
`
`In(M) ) / ( Wi + W2 + Wn )
`
`
`
`Combined Score = ( 11 ( W1 ) + 12 ( W2 ) + . . . . . In ( Wn ) ) / ( W4 + W2 + . . . Wr )
`
`2
`
`'','7 < Adjusted score 1312
`
`
`
`
`
`Adjusted score 1312
`
`Regression Analysis
`1314
`
`\Regression
`
`Analysis 1314
`
`\
`
`Feedback 1310
`
`1310
`Feedback
`
`\
`
`* * *
`
`1308
`Combined score
`
`
`
`Combined score
`
`1308
`
`????????????????????????????????????????
`
`(WI, W2, ...Wn)
`Weights 1306
`
`
`
`Weights 1306 ( W , , W2 , . . . W )
`
`1308
`Combined Score = ( li(Wi) + I2(W2) +
`
`1308
`
`Wi..Wn: Weights 1308
`Indicators 1304
`
`
`
`
`1308 14 . . . p : Indicators 1304 W . . W , : Weights
`
`Indicator In 1304
`
`Indicator I , 1304
`
`1
`
`1
`
`1
`
`Indicator 12 1304
`
`Indicator 12 1304
`
`Indicator 1304
`
`Indicator 14 1304
`1300 $
`
`1300
`
`
`
`1402 ?? ( 01
`
`X, Y, and Z
`Cluster2 -- Users accessing apps
`
`Z
`
`Y
`
`X
`
`1404
`1404
`
`1404
`
`U
`
`(
`
`U
`
`U
`
`B
`
`A
`
`U
`
`U
`
`U
`
`1402
`
`Thil
`
`1400
`
`1400
`
`X , Y , and Z
`
`i
`1
`
`1
`
`I
`
`U
`
`A and B
`Clusterl -- Users accessing apps
`
`Clusterl - - Users act
`
`A and B
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 16 of 31
`i£ JO 91 taallS LJOZ `i£ tIlV
`
`US 2017 / 0251013 A1
`IV £i01SZO/L1OZ SR
`
`U
`
`U
`
`FIG. 14
`
`FIG . 14
`
`
`
`
`
`Cluster2 - - Users accessing apps
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 17 of 31
`i£ JO a Jaaus Lioz `i£ tnv
`
`US 2017 / 0251013 A1
`IV £i0ISZO/LIOZ SR
`
`1510
`rt To CS-1-D
`
`1508
`
`-
`
`1508 Export To CSV )
`po 1510 Syslog Setup a 10
`
`ACTION Action
`
`Syslo Setup c 1 (i)
`
`[t'> (----, E)---
`
`(
`
`[D Help v I qatest2 Test_automation_account@company.com v
`
`
`
`
`
`Test automation account @ company . com
`
`E Help o l gatest2
`
`1500
`
`15
`
`.,)
`
`\,[
`.,1
`..)
`
`,[
`
`\,]
`
`Action
`
`[ Action
`
`Action
`
`[ Action
`
`Action
`
`Action
`
`Action
`
`Action
`
`Create
`Create
`
`Create
`
`Create
`
`Create
`
`Create
`
`Create
`
`Create
`
`Create
`
`Action
`74997000002
`
`74997000002
`
`[ Action
`
`Action Action Action
`74997000003
`74997000004
`
`Action
`
`Create
`
`Create
`
`[ Action
`
`74997000004
`
`Action
`
`74997000003
`
`Action
`
`ACTION
`
`() INCIDENT
`
`Create
`0 INCIDENT
`
`Create
`
`FIG. 15
`
`FIG . 15
`
`
`Social engineering , Patching cadence , Network Security , Leaked information , IP reputation
`
`
`
`
`
`
`
`Social engineering , Patching cadence , Network Security , Leaked information , IP
`
`
`
`
`Social engineering , Patching cadence , Network Security , Leaked information , IP
`
`
`
`
`
`Social engineering , Patching cadence , Network Security , Leaked information , IP
`
`
`
`
`Social engineering , Patching cadence , Network Security , Leaked information , IP
`
`
`
`
`IP reputation , Hacker chatter , Network Security , Endpoint security , Leaked information
`
`
`
`
`
`Social engineering , Patching cadence , Network Security , Leaked information , IP
`
`
`
`
`
`dents Provider4 . com Patching cadence , Network security , IP reputation , Hacker chatter , Application security
`
`
`
`
`
`
`
`
`
`
`
`
`
`Company Cloud Service discovers apps by two different methods : from registered apps or from logs
`
`
`
`
`
`
`
`
`
`reputation
`Social engineering, Patching cadence, Network security, Leaked information, IP
`reputation
`Social engineering, Patching cadence, Network security, Leaked information, IP
`Social engineering, Patching cadence, Network security, Leaked information, IP reputation
`
`
`
`
`
`reputation
`
`reputation
`
`Provider9.com
`
`Provider8.com
`
`Providery . com
`Provider8 . com
`
`Provider7.com
`
`Provider7 . com
`Confiauration
`
`Configuration
`
`reputation
`
`reputation
`
`reputation
`
`Provider6.net
`
`Provider5.cn
`
`Providers . cn
`
`Provider3.com
`
`Provider3 . com
`
`Provider4.com
`
`Provider2.com
`
`Provider2 . com
`
`Provider1.com
`DISCOVERED APPS NAME U TOP RISK(S)
`Discovered apps (73)
`[Filter by December •,}(--- 1506
`Company Cloud Service discovers apps by two different methods: from registered apps or from logs
`
`
`
`
`
`
`
`
`
`DISCOVERED APPS NAME OTOP RISK ( S )
`
`- 1506
`
`
`Discovered apps ( 73 )
`Filter by December v
`
`Patching cadence, Network security, DNS health, Application security
`reputation
`Social engineering, Patching cadence, Network security, Leaked information, IP
`Patching cadence, Network security, IP reputation, Hacker chatter, Application security
`reputation
`Social engineering, Patching cadence, Network security, Leaked information, IP
`reputation
`Social engineering, Patching cadence, Network security, Leaked information, IP
`IP reputation, Hacker chatter, Network security, Endpoint security, Leaked information
`
`
`
`
`
`
`
`Providero . net Patching cadence , Network Security , DNS health , Application security
`
`1504
`
` 1504
`
`
`
`
`
`
`
`Summary App Discovery Key Security Indicators
`
`1502
`
`- 1502
`
`
`
`
`
`
`
`From registered apps Fromlogs
`Summary I App Discovery I Key Security Indicators
`Dashboard: App Discovery
`
`
`
`Applications From registered apps Fromlogs
`
`,-
`
`
`. @ Dashboard : App Discovery
`Dashboard
`
`Dashboard
`
`COMPANY Cloud Service
`
`
`
`
`
`COMPANY Cloud Service
`
`O
`
`)
`
`I-7
`
`Jobs
`
`Incidents
`
`Users
`O a
`
`Reports
`
`Rr
`
`oris
`(-Q
`Risk Events
`QI\
`Applications
`
`
`
`Risk Events
`
`c)
`
`
`
`Patent Application Publication
`Patent Application Publication
`
`Aug . 31 , 2017 Sheet 18 of 31
`LIOZ IC tnNt
`1£ Jo 8I
`
`US 2017 / 0251013 A1
`IV £IOISZO/LIOZ Sfl
`
`Action
`
`ACt:i0
`
`* *
`
`* *
`
`* *
`
`*
`
`* *
`
`* *
`
`* * *
`
`yyy
`
`- - - -
`
`- - - - - - - - - -
`
`y
`
`- - - - - - - - -
`
`yyyyyyyyyyy - - - - - - - -
`Action
`
`- - - - -
`
`y
`
`I
`I Act
`
`74007002
`
`149470M02
`
`7
`
`CiDaa
`
`yyyy
`
`2222222222222222222222222222222222222222222
`
`Artio
`
`78070IIN
`
`749VIVM-
`
`perro001, IP
`
`wwiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
`747000013
`
`("eat
`
`Acte
`
`70VMM
`
`EEEEEEEEEEEEEEEEEEEEE
`
`agtvation Ailetia-4,
`
`1606
`
`Al4ort onmotttiik gliOixwiraita%
`
`€
`
`1606 Ces comme
`
`?? ???? ??? . ?? ????
`
`okay, sote rOkao. volni lrs016 VeSi3;;d$ MO*.
`
`O
`
`* * * * * * * * * * * * *
`
`*
`
`*
`
`* * * * * *
`
`* *
`
`* * *
`
`
`dnes bosks
`
`NodeNT ACTION
`
`AK
`
`ante
`
`I ACTION
`
`Cmt,*
`INCIDENT
`
`SON SreItip
`kW, ITorifirCf
`
`wwwwww
`
`ofiest2 Tiest„automabo„accotmtgcompanytom
`
`2 Volautomate
`
`lisOv
`
`Me
`
`
`
`con company com x
`
`4: WAS thativ
`
`
`
`Hacker cutie
`
`• Oatoti— 1604
`
`
`Preputation 1604
`
`
`Potential security Concen
`FEECEFFER
`E PO BESE 1
`FFFFFFFFFF
`
`San
`
`44 so0s.gavloy*wotAbt"
`
`ut the end
`
`abwitte
`
`Nds
`&NM apt,tutim itArfA(:: woath: pdtoole wit*,
`LOlkod infrostiko
`
`
`
`
`
`& Apollo Soudy
`
` •
`
`.a
`
`ofqfro*.m
`
`Sestre del exonOCOE TE
`
`
`
`Vesses crty leaders en
`Check
`Leidinio m odo
`endon
`
`A ONS health
`
`A Appiitgfal Seer-
`Cii*;
`
`A DNS two
`
`0 Endpolltt *wily
`Che03 ktw..0:61
`
`qr,*et,&rt Pattiliee Mlertto. NowrAsPtIseity
`
`Sodia e Paco Xence S t , Leated broma
`
`Providerlcom
`
`rex:teem
`SoCfa WOAaat9. Patclang calaftte NesKit s"
`wistim
`
`
`
`
`
`
`
`Patching d e Mewark only pre Macker clanx Apa kata seorty Cent
`
`
`
`
`
`Soos eneming . Pengence Norwerk Security Leaked homlon , 19
`www
`
`
`
`$ec4M,.-a'aked oloMalienst,
`
`wwwwwwwww
`
` P reptte.26, I-faker thorier, Applicutioe security
`
`FIG. 16
`
`FIG . 16
`
`sewity
`
`palata
`
`DVS
`
`YYYYYYYYY
`
`Nation W
`
`Patthltg oadlnct, Nem)* W<Way, DNS haat ,
`
`febkezIkm
`WCW OgrOen. Pc1149 -fAMMe, Net
`
`Provider6.com
`
`Provider5.com
`
`
`Patching can
`won
`- - YYYYYYYYYYYYYYYY
`Providers . com
`Provider6 . com
`Provider5 . com
`
`Pi tdog Caae(a: NeNkcit S'£3
`
`Provider& com
`
`Wakatos
`
`Providerlcom
`
`Provider3 . com
`
`YA
`
`i Ortnrgy,
`
`*
`
`af?,t36ilre,gti,t6h1 sf
`
`Http : / / www . Provider1 . com
`
`Wakas sa CABACO , USA
`
`Httplhinvw.Providerl.com
`tAttor
`13% tiakt St, Sa halt= CA W, V3,
`
`Providertcom , !rt.
`
`Provider1 . com
`
`tfmrfve4 stveforiAt
`
`Category;
`
`Venda dtuription
`M:b3it6;
`5=qift.
`
`SIP
`Potential:taw/4 C0MM:
`
`FFFFFFFFF
`
`W
`
`P tortiMoo, itoxier dtAlef, Negt* meily, Up* mg*, infol ifformakv
`
`
`DISCOVERED APP NAME | TOP RISKIS )
`
`
`
`Provider1 . com 1512 Par ko chut
`
`1600
`
`1600
`
`?????????????????? | _ | ???????
`
`00
`
`2118
`1416
`
`Coirwy iarnatiox
`Oala riownbadet
`Data tiploaded.:
`Ettntstl ttutgeo of of* waa:
`
`Provided . comr— 1512
`DISCOVERED APP NAME 8 TOP WS}
`
`Company Clwd -Swyice disc„oefs_ apps by t:e.w diffaroI mathols:i from •:agisIerec.; apps of- from t_gs
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Company Cloud Service di cos apos by Woolerent methods from registered apps on com x
`
`TTTTTT
`
`DitcoYefed olyps
`
`0a,rn:txr
`
`Pak, Ewa
`
`ARRA
`
`T
`
`1500
`
`1500
`
`COVPANY Cis ttd Serie*
`
`
`Bed Bata SA VW US 1
`
`Company intumaton
`Per by December Oscovered w
`Noder
`
`Venta descrita
`Category : Provider2 . com
`COMPANY Covo Ser
`
`18 do 30 * off
`
`
`
`Patent Application Publication
`Aug . 31 , 2017 Sheet 19 of 31
`US 2017 / 0251013 A1
`Patent Application Publication Aug. 31, 2017 Sheet 19 of 31 US 2017/0251013 Al
`
`
`
`eu 1210 punc , sem expetos elemewy vozduosad
`
`u o papawo sa S uogepuowa
`
`beno suposassaupe de
`
`
`
`
`
`Recommendation Investigate the devices connected
`Se o ano puno , sex axes demeu yuo puosad
`
`
`
`
`
`
`Vome even uw o cuadro e Sappe al peu
`
`aroma::
`
`4,•
`
`•
`
`•
`
`
`
`
`Sugezwoeg vod eno para paroda
`
`
`mga wag sey au puno pa posun uo dupsal
`
`my
`
`moja wao pung semanas cenouy voyduosad
`
`
`
`
`spejg bumodel w wywoo zvogepuautoga
`
`
`LUCE
`
`ert,41(S.
`
`s
`
`kes
`
`At;
`
`conected
`
`
`
`
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
