ENDPOINT SECURITY ARCHITECTURE WITH PROGRAMMABLE LOGIC ENGINE

Organization Name

Nuix Limited

Inventor(s)

John Dwyer of Hampstead MD (US)

Benjamin Mcnichols of West Friendship MD (US)

Martin Pillion of Rancho Cordova CA (US)

Kevin Wenchel of Marriottsville MD (US)

ENDPOINT SECURITY ARCHITECTURE WITH PROGRAMMABLE LOGIC ENGINE - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240048571 titled 'ENDPOINT SECURITY ARCHITECTURE WITH PROGRAMMABLE LOGIC ENGINE

Simplified Explanation

The present invention is an integrated, context-aware security system that includes an adaptive endpoint security agent architecture model. This system continuously monitors and records activity across an enterprise, specifically focusing on activity on endpoints. It is designed to detect and block any malicious processes that may invade the enterprise and cause issues.

• The endpoint security agent architecture provides a well-defined, public interface to the event data generated by the endpoint security agent.
• The event data is exposed in the form of a custom programming language, allowing users to define the logic that the endpoint security agent executes in response to the event data.
• The endpoint security agent is capable of performing detection and response to suspicious activity based on the defined logic.

Potential applications of this technology:

• Enterprise security: The integrated security system can be used by enterprises to monitor and protect their endpoints from malicious processes.
• Threat detection: The system can help in detecting and blocking any suspicious activity that may pose a threat to the enterprise.
• Incident response: By continuously monitoring and recording activity, the system can aid in incident response by providing valuable data for analysis.

Problems solved by this technology:

• Endpoint security: The system addresses the need for a comprehensive and adaptive security solution specifically focused on endpoints.
• Malicious process detection: It solves the problem of detecting and blocking malicious processes that may otherwise invade the enterprise.
• Context-aware monitoring: The system provides context-aware monitoring, allowing for more accurate detection of suspicious activity.

Benefits of this technology:

• Enhanced security: The integrated system provides a robust security solution that continuously monitors and records activity, ensuring the protection of endpoints.
• Adaptive architecture: The endpoint security agent architecture is adaptive, allowing users to define the logic for detection and response based on their specific needs.
• Efficient incident response: By providing detailed event data, the system enables faster and more effective incident response, minimizing potential damage.

Original Abstract Submitted

the present invention provides an integrated, context-aware, security system that provides an adaptive endpoint security agent architecture model for a continuously monitoring and recording activity across an enterprise, specifically monitoring activity on endpoints, and subsequently detecting and blocking any malicious processes that may otherwise invade the enterprise and cause issues. the endpoint security agent architecture exposes a well-defined, public interface to the event data generated by the endpoint security agent in the form of a custom programming language by which a user can define the logic that the endpoint security agent executes in response to event data to perform detection of and response to suspicious activity.