US 12,206,698 B2
Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
Tomer Weingarten, Mountain View, CA (US); and Almog Cohen, Tel Aviv (IL)
Assigned to Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed by Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed on Nov. 28, 2023, as Appl. No. 18/521,782.
Application 18/521,782 is a continuation of application No. 17/660,191, filed on Apr. 21, 2022, granted, now 11,838,306.
Application 17/660,191 is a continuation of application No. 17/069,415, filed on Oct. 13, 2020, granted, now 11,522,894, issued on Dec. 6, 2022.
Application 17/069,415 is a continuation of application No. 16/525,415, filed on Jul. 29, 2019, granted, now 10,841,325, issued on Nov. 17, 2020.
Application 16/525,415 is a continuation of application No. 16/058,810, filed on Aug. 8, 2018, granted, now 10,462,171, issued on Oct. 29, 2019.
Claims priority of provisional application 62/550,439, filed on Aug. 25, 2017.
Claims priority of provisional application 62/545,917, filed on Aug. 15, 2017.
Claims priority of provisional application 62/542,288, filed on Aug. 8, 2017.
Prior Publication US 2024/0171600 A1, May 23, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 8/61 (2018.01); G06F 9/445 (2018.01); H04L 41/046 (2022.01); H04L 41/0893 (2022.01); H04L 41/16 (2022.01); H04L 67/00 (2022.01); H04L 67/10 (2022.01); H04L 41/12 (2022.01); H04L 41/14 (2022.01)
CPC H04L 63/1425 (2013.01) [G06F 8/61 (2013.01); G06F 9/44526 (2013.01); H04L 41/046 (2013.01); H04L 41/0893 (2013.01); H04L 41/16 (2013.01); H04L 63/08 (2013.01); H04L 63/102 (2013.01); H04L 63/104 (2013.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 63/205 (2013.01); H04L 67/10 (2013.01); H04L 67/34 (2013.01); H04L 41/12 (2013.01); H04L 41/145 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A dynamic endpoint-based edge networking system for protecting security and integrity of an elastic computer network, the system comprising:
a plurality of agents, wherein each agent of the plurality of agents is installed on a target endpoint device, the target endpoint device being one of a plurality of endpoint devices forming an elastic computer network, and wherein, for each agent of the plurality of agents, the agent is configured to:
access an operating system of the target endpoint device on which the agent is installed to obtain visibility of operating system processes and network communications of the target endpoint device;
monitor the operating system processes and the network communications of the target endpoint device to obtain target endpoint data, the target endpoint data comprising information regarding at least one of the system processes or network processes of the target endpoint device;
transmit the target endpoint data to a central server system;
identify, using a local security protocol, one or more local anomalous indicators on the target endpoint device based at least in part on the target endpoint data; and
respond to the one or more local anomalous indicators on an endpoint-level based at least in part on the local security protocol,
wherein the local security protocol comprises one or more rule sets, policies, or access rights designed to ensure local security of each of the plurality of endpoint devices; and
a central server system comprising:
one or more computer readable storage devices configured to store a plurality of computer executable instructions; and
one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the central server system to:
receive the target endpoint data from each of the plurality of agents installed on a target endpoint device;
analyze the target endpoint data received from each of the plurality of agents to identify network-wide activity patterns;
identify, using a network-wide security protocol, one or more network-wide anomalous indicators on a network level across the plurality of endpoint devices based at least in part on the identified network-wide activity patterns; and
respond to the one or more network-wide anomalous indicators on the network level across the plurality of endpoint devices based at least in part on the network-wide security protocol.