US 12,244,626 B2
Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
Tomer Weingarten, Mountain View, CA (US); and Almog Cohen, Tel Aviv (IL)
Assigned to Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed by Sentinel Labs Israel Ltd., Tel Aviv (IL)
Filed on Nov. 30, 2023, as Appl. No. 18/525,113.
Application 18/525,113 is a continuation of application No. 17/660,187, filed on Apr. 21, 2022, granted, now 11,838,305.
Application 17/660,187 is a continuation of application No. 17/069,415, filed on Oct. 13, 2020, granted, now 11,522,894, issued on Dec. 6, 2022.
Application 17/069,415 is a continuation of application No. 16/525,415, filed on Jul. 29, 2019, granted, now 10,841,325, issued on Nov. 17, 2020.
Application 16/525,415 is a continuation of application No. 16/058,810, filed on Aug. 8, 2018, granted, now 10,462,171, issued on Oct. 29, 2019.
Claims priority of provisional application 62/550,439, filed on Aug. 25, 2017.
Claims priority of provisional application 62/545,917, filed on Aug. 15, 2017.
Claims priority of provisional application 62/542,288, filed on Aug. 8, 2017.
Prior Publication US 2024/0187437 A1, Jun. 6, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 8/61 (2018.01); G06F 9/445 (2018.01); H04L 41/046 (2022.01); H04L 41/0893 (2022.01); H04L 41/16 (2022.01); H04L 67/00 (2022.01); H04L 67/10 (2022.01); H04L 41/12 (2022.01); H04L 41/14 (2022.01)
CPC H04L 63/1425 (2013.01) [G06F 8/61 (2013.01); G06F 9/44526 (2013.01); H04L 41/046 (2013.01); H04L 41/0893 (2013.01); H04L 41/16 (2013.01); H04L 63/08 (2013.01); H04L 63/102 (2013.01); H04L 63/104 (2013.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 63/205 (2013.01); H04L 67/10 (2013.01); H04L 67/34 (2013.01); H04L 41/12 (2013.01); H04L 41/145 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
monitoring, by a software agent operating on an endpoint of a computer network, one or more processes or network communications of the endpoint to obtain endpoint data,
wherein at least one endpoint of the computer network is located outside of a computer network firewall,
wherein the software agent is configured to perform a point-in-time validation of the endpoint, and
wherein the point-in-time validation comprises a verification that no anomalous indicators are present on the endpoint;
identifying, by the software agent, an anomalous indicator on the endpoint based at least in part on the endpoint data, wherein identifying the anomalous indicator comprises comparing activity on the endpoint to prior activity on the endpoint; and
responding, by the software agent, to the anomalous indicator on an endpoint-level by limiting one or more operating system processes or network communications of the endpoint.