Patents by Inventor Boris FIGOVSKY
Boris FIGOVSKY has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230195914Abstract: A method for use in granting access to a target to a user device, comprising: receiving at a proxy a request to access the target; forwarding by the proxy the access request to a security broker when the user device is verified by the proxy to know a prescribed secret, wherein the request is forwarded so as to appear to originate from a prescribed set of internet protocol (IP) addresses that the security broker recognizes as trusted; receiving by the proxy from the security broker (i) an access token, the access token being submittable to the target by the user device to gain access thereto and (ii) instructions for transmission to the user device for causing the user device to be redirected to an address indicating the requested target; and transmitting by the proxy toward the user device the access token and the instructions.Type: ApplicationFiled: December 13, 2022Publication date: June 22, 2023Applicant: Perception Point Ltd.Inventors: Tal ZAMIR, Boris FIGOVSKY, Oren ZOMER
-
Patent number: 11531749Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).Type: GrantFiled: May 20, 2020Date of Patent: December 20, 2022Assignee: Perception Point Ltd.Inventors: Boris Figovsky, Tal Zamir, Oleg Zlotnik, Nir Adler
-
Publication number: 20220004623Abstract: A method and system for method for providing a managed and isolated workspace on a user device are provided. The method creating a secured workspace in the user device, wherein the secured workspace is separated from a host operating system and includes a guest operating system; monitoring activity performed in the secured workspace and host operating system; determining, based on a security policy, if the monitored activity is risky; and causing execution of any determined risky activity in the secured workspace, thereby defending the host operating system from the determined risky activity, wherein the host operating system executes sensitive applications to an organization.Type: ApplicationFiled: July 6, 2021Publication date: January 6, 2022Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Nir ADLER, Boris FIGOVSKY, Oleg ZLOTNIK, Tal ZAMIR
-
Publication number: 20200285734Abstract: A method for operating an air-gapped endpoint is provided. The method includes initializing, on the endpoint, a hypervisor for execution over a primitive operating system (OS) of the endpoint; creating an isolated security zone by instantiating a virtual machine using the hypervisor, wherein the security zone includes a plurality of applications executed over a guest OS; and auditing, by the hypervisor, any action performed by any application executed in the security zone.Type: ApplicationFiled: May 20, 2020Publication date: September 10, 2020Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Oleg ZLOTNIK, Boris FIGOVSKY, Nir ADLER
-
Publication number: 20200285735Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).Type: ApplicationFiled: May 20, 2020Publication date: September 10, 2020Applicant: Hysolate Ltd.Inventors: Boris FIGOVSKY, Tal ZAMIR, Oleg ZLOTNIK, Nir ADLER
-
Patent number: 10699005Abstract: A method and system for controlling access to external networks by an air-gapped endpoint are provided. The method includes identifying a type of an external network being connected, upon detection of a new network connection to the air-gapped endpoint; determining for each security zone of a plurality of isolated security zones at least one access rule to access the network, wherein the plurality of isolated security zones is operable in a virtual environment instantiated on the air-gapped endpoint; allowing a connection between a security zone and the external network based on the at least one access rule; and monitoring all traffic between the security zone and the external network to at least maintain compliance with a security policy set for the respective security zone.Type: GrantFiled: January 22, 2018Date of Patent: June 30, 2020Assignee: Hysolate Ltd.Inventors: Boris Figovsky, Tal Zamir
-
Patent number: 10699003Abstract: An air-gapped computing system includes at least network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: initialize a hypervisor for execution over a primitive OS; create a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using the hypervisor, wherein each of the plurality of security zones includes a plurality of applications executed over a guest OS; instantiate a networking virtual machine using the hypervisor; control, by the networking virtual machine, access of each application in each of the plurality of security zones to an external network resource; and monitor execution of the guest OS and each application in at least one activated security zone of the plurality of security zones, wherein the monitoring is performed to maintain compliance with a security policy corresponding to each activated security zone being monitored.Type: GrantFiled: November 9, 2017Date of Patent: June 30, 2020Assignee: HYSOLATE LTD.Inventors: Tal Zamir, Oleg Zlotnik, Boris Figovsky
-
Publication number: 20180213001Abstract: An air-gapped computing system includes at least network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: initialize a hypervisor for execution over a primitive OS; create a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using the hypervisor, wherein each of the plurality of security zones includes a plurality of applications executed over a guest OS; instantiate a networking virtual machine using the hypervisor; control, by the networking virtual machine, access of each application in each of the plurality of security zones to an external network resource; and monitor execution of the guest OS and each application in at least one activated security zone of the plurality of security zones, wherein the monitoring is performed to maintain compliance with a security policy corresponding to each activated security zone being monitored.Type: ApplicationFiled: November 9, 2017Publication date: July 26, 2018Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Oleg ZLOTNIK, Boris FIGOVSKY
-
Publication number: 20180213002Abstract: A method and system for controlling access to external networks by an air-gapped endpoint are provided. The method includes identifying a type of an external network being connected, upon detection of a new network connection to the air-gapped endpoint; determining for each security zone of a plurality of isolated security zones at least one access rule to access the network, wherein the plurality of isolated security zones is operable in a virtual environment instantiated on the air-gapped endpoint; allowing a connection between a security zone and the external network based on the at least one access rule; and monitoring all traffic between the security zone and the external network to at least maintain compliance with a security policy set for the respective security zone.Type: ApplicationFiled: January 22, 2018Publication date: July 26, 2018Applicant: Hysolate Ltd.Inventors: Boris FIGOVSKY, Tal ZAMIR
-
Patent number: 9866525Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.Type: GrantFiled: March 20, 2017Date of Patent: January 9, 2018Assignee: Ravello Systems LtdInventors: Boris Figovsky, Alexander Fishman
-
Publication number: 20170230330Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.Type: ApplicationFiled: March 20, 2017Publication date: August 10, 2017Applicant: Ravello Systems LtdInventors: Boris Figovsky, Alexander Fishman
-
Patent number: 9648121Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.Type: GrantFiled: May 27, 2015Date of Patent: May 9, 2017Assignee: Ravello Systems Ltd.Inventors: Boris Figovsky, Alexander Fishman
-
Publication number: 20150350157Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.Type: ApplicationFiled: May 27, 2015Publication date: December 3, 2015Applicant: Ravello Systems Ltd.Inventors: Boris FIGOVSKY, Alexander FISHMAN