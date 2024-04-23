Cybereason‘s patented method involves generating baseline behavior on a single endpoint to detect Pass-the-Hash attacks by comparing real-time system activity to baseline fingerprints. This allows for accurate detection of PTH attacks originating from non-standard NTLM implementations in tools like Impacket and Metasploit. GlobalData’s report on Cybereason gives a 360-degree view of the company including its patenting strategy. Buy the report here.

According to GlobalData’s company profile on Cybereason, IoT network security was a key innovation area identified from patents. Cybereason's grant share as of February 2024 was 65%. Grant share is based on the ratio of number of grants to total number of patents.

Preventing pass-the-hash attacks on networked systems

Source: United States Patent and Trademark Office (USPTO). Credit: Cybereason Inc

A recently granted patent (Publication Number: US11916953B2) outlines a computer-implemented method designed to prevent malicious attacks on networked systems. The method involves generating baseline fingerprints of system activity, monitoring real-time system activity, and detecting deviations that may indicate a Pass-the-Hash (PTH) attack. By comparing real-time fingerprints to baseline fingerprints, the system can flag suspicious activities associated with the detected deviation, allowing for timely intervention to prevent potential security breaches.



Additionally, the patented method includes features such as collecting information on operating system libraries, examining cryptographic techniques, detecting inconsistencies in process identities using HTTP user-agent strings, and identifying non-standard implementations of New Technology LAN Manager (NTLM). The system also allows for the modification of baseline fingerprints based on feedback received, enabling continuous improvement in detecting and preventing malicious attacks. Overall, this innovative approach offers a comprehensive solution to enhance network security by proactively identifying and addressing potential threats in real-time, ultimately safeguarding networked systems from malicious activities.

