Patents by Inventor Darien Kindlund
Darien Kindlund has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11949698Abstract: According to one embodiment, an non-transitory storage medium is configured to store a plurality of engines, which operate to conduct an analysis of a received object to determine if the object is associated with a malicious attack. The plurality of engines includes a first engine and a second engine. The first engine is configured to conduct a first analysis of the received object for anomalous behaviors including anomalous actions or omissions during virtual processing of the object that indicate the received object is malicious. The second engine is configured to conduct a second analysis corresponding to a classification of the object as being associated with a malicious attack. The analysis schemes conducted by the first engine and the second engine may be altered via configuration files, which adjusts (i) parameter value(s) or (ii) operation rules(s) to alter the analysis conducted by the first engine and/or second engine.Type: GrantFiled: March 31, 2022Date of Patent: April 2, 2024Assignee: Musarubra US LLCInventors: Michael Vincent, Emmanuel Thioux, Sai Vashisht, Darien Kindlund
-
Patent number: 11297074Abstract: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.Type: GrantFiled: July 1, 2019Date of Patent: April 5, 2022Assignee: FireEye Security Holdings, Inc.Inventors: Michael Vincent, Emmanuel Thioux, Sai Vashisht, Darien Kindlund
-
Patent number: 10848521Abstract: Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.Type: GrantFiled: March 5, 2018Date of Patent: November 24, 2020Assignee: FireEye, Inc.Inventors: Emmanuel Thioux, Muhammad Amin, Darien Kindlund, Alex Pilpenko, Michael Vincent
-
Patent number: 10467414Abstract: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.Type: GrantFiled: April 2, 2018Date of Patent: November 5, 2019Assignee: FireEye, Inc.Inventors: Darien Kindlund, Julia Wolf, James Bennett
-
Patent number: 10341363Abstract: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.Type: GrantFiled: December 28, 2015Date of Patent: July 2, 2019Assignee: FireEye, Inc.Inventors: Michael Vincent, Emmanuel Thioux, Sai Vashisht, Darien Kindlund
-
Patent number: 10335738Abstract: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.Type: GrantFiled: September 24, 2018Date of Patent: July 2, 2019Assignee: FireEye, Inc.Inventors: Sushant Paithane, Michael Vincent, Sai Vashisht, Darien Kindlund
-
Patent number: 10083302Abstract: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.Type: GrantFiled: December 29, 2016Date of Patent: September 25, 2018Assignee: FireEye, Inc.Inventors: Sushant Paithane, Michael Vincent, Sai Vashisht, Darien Kindlund
-
Patent number: 10075455Abstract: According to one embodiment, a threat detection platform features a housing, a communication interface, a processor coupled to the communication interface, and a data store. The data store includes (i) an event log, (ii) a first virtual machine, and (iii) a second virtual machine. The first virtual machine is provisioned with a first guest image that is based on an instrumented software profile that includes a first software component and activity monitors configured for the first software component. The second virtual machine is provisioned with a second guest image that is based on a temporary software profile that includes a second software component that is a more recent version of the first software component and the activity monitors configured for the first software component.Type: GrantFiled: June 30, 2015Date of Patent: September 11, 2018Assignee: FireEye, Inc.Inventors: Asim Zafar, Eirij Qureshi, Darien Kindlund
-
Patent number: 9934381Abstract: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.Type: GrantFiled: February 6, 2017Date of Patent: April 3, 2018Assignee: FireEye, Inc.Inventors: Darien Kindlund, Julia Wolf, James Bennett
-
Patent number: 9912698Abstract: Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.Type: GrantFiled: July 20, 2015Date of Patent: March 6, 2018Assignee: FireEye, Inc.Inventors: Emmanuel Thioux, Muhammad Amin, Darien Kindlund, Alex Pilipenko, Michael Vincent
-
Patent number: 9565202Abstract: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed within a virtual machine that simulates a target operating environment associated with the malicious content suspect. A packet inspection is performed on outbound network traffic initiated by the malicious content suspect to determine whether the outbound network traffic matches a predetermined network traffic pattern. An alert is generated indicating that the malicious content suspect should be declared as malicious, in response to determining that the outbound network traffic matches the predetermined network traffic pattern.Type: GrantFiled: March 13, 2013Date of Patent: February 7, 2017Assignee: FireEye, Inc.Inventors: Darien Kindlund, Julia Wolf, James Bennett
-
Patent number: 9536091Abstract: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.Type: GrantFiled: June 24, 2013Date of Patent: January 3, 2017Assignee: FireEye, Inc.Inventors: Sushant Paithane, Michael Vincent, Sai Vashisht, Darien Kindlund
-
Publication number: 20160191547Abstract: According to one embodiment, a threat detection platform features a housing, a communication interface, a processor coupled to the communication interface, and a data store. The data store includes (i) an event log, (ii) a first virtual machine, and (iii) a second virtual machine. The first virtual machine is provisioned with a first guest image that is based on an instrumented software profile that includes a first software component and activity monitors configured for the first software component. The second virtual machine is provisioned with a second guest image that is based on a temporary software profile that includes a second software component that is a more recent version of the first software component and the activity monitors configured for the first software component.Type: ApplicationFiled: June 30, 2015Publication date: June 30, 2016Inventors: Asim Zafar, Eirij Qureshi, Darien Kindlund
-
Patent number: 9223972Abstract: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with a malicious attack. The analysis may be altered upon receipt of a configuration file that is substantially lesser in size than the software forming the first detection module and includes information to alter one or more rules controlling the first capability.Type: GrantFiled: March 31, 2014Date of Patent: December 29, 2015Assignee: FireEye, Inc.Inventors: Michael Vincent, Emmanuel Thioux, Sai Vashisht, Darien Kindlund
-
Patent number: 9104867Abstract: Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.Type: GrantFiled: March 13, 2013Date of Patent: August 11, 2015Assignee: FireEye, Inc.Inventors: Emmanuel Thioux, Muhammad Amin, Darien Kindlund, Alex Pilipenko, Michael Vincent