US 12,353,526 B2
Use of multifactor authentication in assessing suspicious activity
Marina Simakov, Ashdod (IL); and Yaron Zinar, Petah Tikva (IL)
Assigned to CrowdStrike, Inc., Sunnyvale, CA (US)
Filed by CrowdStrike, Inc., Sunnyvale, CA (US)
Filed on Jan. 20, 2023, as Appl. No. 18/157,667.
Prior Publication US 2024/0250943 A1, Jul. 25, 2024
Int. Cl. G06F 21/31 (2013.01); G06F 21/62 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/31 (2013.01) [G06F 21/62 (2013.01); H04L 63/10 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
determining, by a security agent on a computing device, that a security trigger has occurred on the computing device;
delaying, by the security agent, action of a process associated with the security trigger;
providing a prompt to a display of a user of the computing device asking if the security trigger resulted from an action of the user;
initiating, by the security agent, a multifactor authentication (MFA) with an MFA provider to authenticate the user;
taking action, by the security agent, based on a user answer to the prompt and on a result of the MFA, wherein the user answer is provided separately from the MFA or through successful completion of the MFA; and at least one of:
whitelisting the process when the result of the MFA indicates successful authentication of the user and the user answer indicates that the security trigger resulted from an action of the user; or
blacklisting the process when the result of the MFA indicates successful authentication of the user and the user answer indicates that the security trigger did not result from an action of the user.