Patents by Inventor Dmitri Alperovitch
Dmitri Alperovitch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150326614Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: ApplicationFiled: July 6, 2015Publication date: November 12, 2015Inventors: Dmitri Alperovitch, George Robert Kurtz, David Frederick Diehl, Sven Krasser, Adam S. Meyers
-
Patent number: 9122877Abstract: A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection.Type: GrantFiled: March 21, 2011Date of Patent: September 1, 2015Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Sven Krasser
-
Publication number: 20150244679Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: May 12, 2015Publication date: August 27, 2015Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9106680Abstract: A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.Type: GrantFiled: June 27, 2011Date of Patent: August 11, 2015Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Zheng Bu, David Frederick Diehl, Sven Krasser
-
Patent number: 9043903Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: June 8, 2012Date of Patent: May 26, 2015Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9009321Abstract: Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data.Type: GrantFiled: June 4, 2012Date of Patent: April 14, 2015Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Tomo Foote-Lennox, Jeremy Gould, Paula Greve, Alejandro Manuel Hernandez, Paul Judge, Sven Krasser, Tim Lange, Phyllis Adele Schneck, Martin Stecher, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski
-
Publication number: 20150040218Abstract: Methods and systems for operation upon one or more data processors for detecting image spam by detecting an image and analyzing the content of the image to determine whether the incoming communication comprises an unwanted communication.Type: ApplicationFiled: June 16, 2014Publication date: February 5, 2015Inventors: Dmitri Alperovitch, Nick Black, Jeremy Gould, Paul Judge, Sven Krasser, Phyllis Adele Schneck, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski
-
Publication number: 20140366144Abstract: Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data.Type: ApplicationFiled: June 16, 2014Publication date: December 11, 2014Inventors: Dmitri Alperovitch, Tomo Foote-Lennox, Jeremy Gould, Paula Greve, Alejandro Manuel Hernandez, Paul Judge, Sven Krasser, Tim Lange, Phyllis Adele Schneck, Martin Stecher, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski
-
Publication number: 20140250524Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: March 4, 2013Publication date: September 4, 2014Applicant: CROWDSTRIKE, INC.Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Patent number: 8775619Abstract: A distributed proxy server system is operable to receive a request for Internet data from a user, obtain the user's identity, store at least one cookie on the user's web browser identifying the user, and filter undesired content before forwarding requested Internet data to the user. A master cookie is associated with the proxy server including user identity information, and an injected domain cookie is associated with the domain of the requested Internet data including user identity information.Type: GrantFiled: January 10, 2011Date of Patent: July 8, 2014Assignee: McAfee, Inc.Inventors: Sven Krasser, Dmitri Alperovitch, Martin Stecher, Peter Borgolte
-
Patent number: 8763114Abstract: Methods and systems for operation upon one or more data processors for detecting image spam by detecting an image and analyzing the content of the image to determine whether the incoming communication comprises an unwanted communication.Type: GrantFiled: January 24, 2007Date of Patent: June 24, 2014Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Nick Black, Jeremy Gould, Paul Judge, Sven Krasser, Phyllis Adele Schneck, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski
-
Patent number: 8762537Abstract: Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data.Type: GrantFiled: June 4, 2012Date of Patent: June 24, 2014Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Tomo Foote-Lennox, Jeremy Gould, Paula Greve, Alejandro Manuel Hernandez, Paul Judge, Sven Krasser, Tim Lange, Phyllis Adele Schneck, Martin Stecher, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski
-
Patent number: 8719352Abstract: A system derives a reputation for a plurality of network addresses, the reputation of each network address determined by analyzing a plurality of high-level email features related to one or more emails originating from the network address. The plurality of high-level email features include domain registration analysis, hashed term frequency indexing, persistent communication, address age, correlation analysis, zombie detection, and hash vault matching.Type: GrantFiled: January 29, 2010Date of Patent: May 6, 2014Assignee: McAfee, Inc.Inventors: Sven Krasser, Dmitri Alperovitch, Yuchun Tang, Yuanchen He, Jonathan Zdziarski, Mark Gilbert
-
Publication number: 20140109226Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: December 24, 2013Publication date: April 17, 2014Applicant: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 8635690Abstract: Methods and systems for processing electronic communications based upon reputation. Reputation of an entity associated with the electronic communication can be generated. The communication can be placed in a queue based upon the reputation. The queued communication can be processed based upon updated information about the entity.Type: GrantFiled: January 25, 2008Date of Patent: January 21, 2014Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Sven Krasser
-
Publication number: 20140007190Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: ApplicationFiled: June 29, 2012Publication date: January 2, 2014Applicant: CROWDSTRIKE, INC.Inventors: Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser, Adam S. Meyers
-
Patent number: 8621559Abstract: Methods and systems for managing data communications are described. The method includes receiving a data communication; analyzing the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication; assigning a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks; comparing the total risk level assigned to the data communication with a maximum total acceptable level of risk; and allowing the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.Type: GrantFiled: May 1, 2012Date of Patent: December 31, 2013Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Paula Greve, Sven Krasser, Tomo Foote-Lennox
-
Patent number: 8621638Abstract: Methods and systems for operation upon one or more data processors for biasing a reputation score. A communication having data that identifies a plurality of biasing characteristics related to a messaging entity associated with the communication is received. The identified plurality of biasing characteristics related to the messaging entity associated with the communication based upon a plurality of criteria are analyzed, and a reputation score associated with the messaging entity is biased based upon the analysis of the identified plurality of biasing characteristics related to the messaging entity associated with the communication.Type: GrantFiled: May 16, 2011Date of Patent: December 31, 2013Assignee: McAfee, Inc.Inventors: Paul Judge, Matt Moyer, Guru Rajan, Dmitri Alperovitch
-
Publication number: 20130333040Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: June 8, 2012Publication date: December 12, 2013Applicant: CROWDSTRIKE, INC.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 8606910Abstract: Methods, systems and apparatus, including computer programs encoded on a computer storage medium, for receiving, at a global server system, from each of a plurality of local network devices, network data specifying network communication activity at the local network device, wherein the plurality of local network devices collectively provide backbone communications facilities for multiple networks; aggregating, at the global server system, the network data from each of the local network devices; analyzing, at the global server system, the aggregated network data to identify network activities; generating, at the global server system, update data based on the analysis of the aggregated network data, the update data including instructions for the local network devices for processing network communications to or from the local network devices; and transmitting from the global server system the update data to the local network devices.Type: GrantFiled: December 15, 2011Date of Patent: December 10, 2013Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Sven Krasser, Phyllis Adele Schneck, Jonathan Torrez