Patents by Inventor Andrew A. Furtak
Andrew A. Furtak has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11941119Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.Type: GrantFiled: October 6, 2020Date of Patent: March 26, 2024Assignee: McAfee, LLCInventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
-
Patent number: 11347840Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.Type: GrantFiled: July 30, 2019Date of Patent: May 31, 2022Assignee: MCAFEE, LLCInventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Publication number: 20210019411Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.Type: ApplicationFiled: October 6, 2020Publication date: January 21, 2021Applicant: McAfee, LLCInventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
-
Patent number: 10831893Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.Type: GrantFiled: July 14, 2016Date of Patent: November 10, 2020Assignee: McAfee, LLCInventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
-
Publication number: 20190354678Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.Type: ApplicationFiled: July 30, 2019Publication date: November 21, 2019Inventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Patent number: 10437990Abstract: In an embodiment, a processor for Return Oriented Programming (ROP) detection includes at least one execution unit; a plurality of event counters, each event counter associated with a unique type of a plurality of types of control transfer events; and a ROP detection unit. The ROP detection unit may be to: adjust a first event counter in response to detection of a first type of control transfer events; in response to a determination that the first event counter exceeds a first threshold, access a first configuration register associated with the first event counter to read configuration data; identify a set of ROP heuristic checks based on the configuration data read from the first configuration register; and perform each ROP heuristic check of the identified set of ROP heuristic checks. Other embodiments are described and claimed.Type: GrantFiled: September 30, 2016Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Yuriy Bulygin, Gideon Gerzon, Sameer Desai, Hisham Shafi, Andrew A. Furtak, Oleksandr Bazhaniuk, Mikhail V. Gorobets, Ravi L. Sahita, Ofer Levy
-
Patent number: 10387642Abstract: A predetermined standard set of detection algorithms and content and a selected set of enhanced detection algorithms and content provide an improved technique for detecting security exploits. The detection algorithms and content are executed on a Platform Exploit Detection Module. Standard detection algorithms and content are deployed across all endpoints. Enhanced detection algorithms and content are selected from an available set of enhanced detection algorithms and content to improve detection capability without the performance impacts of deploying every enhanced detection algorithm and content on every endpoint. A network of endpoints may deploy an entire set of detection algorithms and content across all endpoints, with individual endpoints configured to with different subsets of the enhanced detection algorithms and content.Type: GrantFiled: December 27, 2016Date of Patent: August 20, 2019Assignee: McAfee, LLCInventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Publication number: 20180181747Abstract: A predetermined standard set of detection algorithms and content and a selected set of enhanced detection algorithms and content provide an improved technique for detecting security exploits. The detection algorithms and content are executed on a Platform Exploit Detection Module. Standard detection algorithms and content are deployed across all endpoints. Enhanced detection algorithms and content are selected from an available set of enhanced detection algorithms and content to improve detection capability without the performance impacts of deploying every enhanced detection algorithm and content on every endpoint. A network of endpoints may deploy an entire set of detection algorithms and content across all endpoints, with individual endpoints configured to with different subsets of the enhanced detection algorithms and content.Type: ApplicationFiled: December 27, 2016Publication date: June 28, 2018Inventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Publication number: 20180096140Abstract: In an embodiment, a processor for Return Oriented Programming (ROP) detection includes at least one execution unit; a plurality of event counters, each event counter associated with a unique type of a plurality of types of control transfer events; and a ROP detection unit. The ROP detection unit may be to: adjust a first event counter in response to detection of a first type of control transfer events; in response to a determination that the first event counter exceeds a first threshold, access a first configuration register associated with the first event counter to read configuration data; identify a set of ROP heuristic checks based on the configuration data read from the first configuration register; and perform each ROP heuristic check of the identified set of ROP heuristic checks. Other embodiments are described and claimed.Type: ApplicationFiled: September 30, 2016Publication date: April 5, 2018Inventors: YURIY BULYGIN, GIDEON GERZON, SAMEER DESAI, HISHAM SHAFI, ANDREW A. FURTAK, OLEKSANDR BAZHANIUK, MIKHAIL V. GOROBETS, RAVI L. SAHITA, OFER LEVY
-
Publication number: 20180018458Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.Type: ApplicationFiled: July 14, 2016Publication date: January 18, 2018Applicant: McAfee, Inc.Inventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
-
Patent number: 9864629Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.Type: GrantFiled: October 28, 2016Date of Patent: January 9, 2018Assignee: McAfee, Inc.Inventors: Igor Muttik, Alex Nayshtut, Yuriy Bulygin, Andrew A. Furtak, Roman Dementiev
-
Publication number: 20170091454Abstract: Existing performance monitoring and last branch recording processor hardware may be configured and used for detection of return-oriented and jump-oriented programming exploits with less performance impact that software-only techniques. Upon generation of a performance monitoring interrupt indicating that a predetermined number of mispredicted branches have occurred, the control flow and code may be analyzed to detect a return-oriented or jump-oriented exploit.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Inventors: Vadim Sukhomlinov, Oleksandr Bazhaniuk, Igor Muttik, Yuriy Bulygin, Alex Nayshtut, Andrew A. Furtak
-
Publication number: 20170046196Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.Type: ApplicationFiled: October 28, 2016Publication date: February 16, 2017Inventors: Igor Muttik, Alex Nayshtut, Yuriy Bulygin, Andrew A. Furtak, Roman Dementiev
-
Patent number: 9507938Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.Type: GrantFiled: December 23, 2014Date of Patent: November 29, 2016Assignee: McAfee, Inc.Inventors: Igor Muttik, Alex Nayshtut, Yuriy Bulygin, Andrew A. Furtak, Roman Dementiev
-
Publication number: 20160180085Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Inventors: Igor Muttik, Alex Nayshtut, Yuriy Bulygin, Andrew A. Furtak, Roman Dementiev