Patents by Inventor Ehud DORON
Ehud DORON has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180288091Abstract: A method, system and a platform for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application. The method comprising receiving, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service; detecting, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application; and causing mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.Type: ApplicationFiled: March 29, 2018Publication date: October 4, 2018Applicant: RADWARE, LTD.Inventors: Ehud DORON, Nir ILANI, David AVIV, Yotam BEN EZRA, Amit BISMUT
-
Publication number: 20180255093Abstract: A method and system for protecting cloud-hosted applications against application-layer slow distributed denial-of-service (DDoS) attacks. The comprising collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing a set of rate-based and rate-invariant features based on the collected telemetries; evaluating each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and causing execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.Type: ApplicationFiled: July 24, 2017Publication date: September 6, 2018Applicant: RADWARE, LTD.Inventors: Ehud DORON, Nir Ilani, David AVIV, Yotam BEN EZRA, Amit BISMUT, Yuriy ARBITMAN
-
Publication number: 20180255094Abstract: A system and method for protecting cloud-hosted applications against hypertext transfer protocol (HTTP) flood distributed denial-of-service (DDoS) attacks are provided. The method includes collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing at least one rate-based feature and at least one rate-invariant feature based on the collected telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate behavior of at least HTTP traffic directed to the protected cloud-hosted application; evaluating the at least one rate-based feature and the at least one rate-invariant feature to determine whether the behavior of the at least HTTP traffic indicates a potential HTTP flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTP flood DDoS attack is determined.Type: ApplicationFiled: August 24, 2017Publication date: September 6, 2018Applicant: RADWARE, LTD.Inventors: Ehud DORON, Nir Ilani, David AVIV, Yotam BEN EZRA, Amit BISMUT, Yuriy ARBITMAN
-
Publication number: 20180255095Abstract: A defense platform for protecting a cloud-hosted application against distributed denial-of-services (DDoS) attacks, wherein the defense platform is deployed out-of-path of incoming traffic of the cloud-hosted application hosted in a plurality of cloud computing platforms, comprising: a detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the detector is configured to: receive telemetries related to behavior of the cloud-hosted application from sources deployed in the plurality of cloud computing platforms; and detect, based on the telemetries, a potential DDoS attack; wherein, the controller, upon detection of a potential DDoS attack, is configured to: divert traffic directed to the cloud-hosted application to the mitigator; cause the mitigator to perform at least one mitigation action to remove malicious traffic from the diverted traffic; and cause injection of clean traffic to at least one of the plurality of cloud computing platforms hosting the cloudType: ApplicationFiled: February 28, 2018Publication date: September 6, 2018Applicant: RADWARE, LTD.Inventors: Ehud DORON, Nir ILANI, David AVIV, Yotam BEN EZRA, Amit BISMUT
-
Patent number: 10033758Abstract: A method and system for operating protection services to provide defense against cyber-attacks. The comprises generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen; monitoring at least a plurality of protection resources to detect at least one trigger event; determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, thereby causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.Type: GrantFiled: April 10, 2017Date of Patent: July 24, 2018Assignee: Radware, Ltd.Inventors: Ehud Doron, Alon Tamir, Gershon Sokolsky, Asaf Oron, Yotam Ben-Ezra, David Aviv
-
Publication number: 20180020023Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.Type: ApplicationFiled: September 18, 2017Publication date: January 18, 2018Applicant: RADWARE, LTD.Inventors: Ehud DORON, David AVIV, Yotam BEN EZRA, Lev MEDVEDOVSKY
-
Publication number: 20170302686Abstract: A system and method for real-time tuning of inference systems based on quality of incoming data. The method comprises: periodically receiving traffic data collected by a plurality of collectors deployed in a network; determining at least a normalized variance of a current sample of the received traffic data; estimating, based in part on the normalized variance, a standard deviation of the received traffic data and a fading coefficient of a baseline filter; determining a current baseline value based on a previous baseline value, the fading coefficient, and the current sample of the traffic data; and dynamically setting at least one membership function of the inference system based in part on the current baseline value and the standard deviation.Type: ApplicationFiled: April 10, 2017Publication date: October 19, 2017Applicant: RADWARE, LTD.Inventors: Lev MEDVEDOVSKY, David AVIV, Ehud DORON, Asaf ORON, Yuriy ARBITMAN
-
Patent number: 9769201Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.Type: GrantFiled: March 6, 2015Date of Patent: September 19, 2017Assignee: Radware, Ltd.Inventors: Ehud Doron, David Aviv, Yotam Ben Ezra, Lev Medvedovsky
-
Publication number: 20170214713Abstract: A method and system for operating protection services to provide defense against cyber-attacks. The comprises generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen; monitoring at least a plurality of protection resources to detect at least one trigger event; determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, thereby causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.Type: ApplicationFiled: April 10, 2017Publication date: July 27, 2017Applicant: RADWARE, LTD.Inventors: Ehud DORON, Alon TAMIR, Gershon SOKOLSKY, Asaf ORON, Yotam BEN-EZRA, David AVIV
-
Patent number: 9647938Abstract: A method for providing value added services (VAS) in a software defined network (SDN). The method comprises determining which value added services and their order should be assigned to an incoming traffic; determining for each of the one or more value added services their respective servers providing the value added services and assigning a unique diversion value to each server; instructing at least one peer network element to set a diversion field in each packet in the incoming traffic with a diversion value corresponding to a server providing a first value added service of the one or more value added services; and instructing each edge network element to set the diversion field of each packet output by the server to designate a destination node for the packet, wherein the destination node is any one of the destination server and a server providing a subsequent value added service.Type: GrantFiled: June 10, 2013Date of Patent: May 9, 2017Assignee: Radware, Ltd.Inventors: Avi Chesla, Ehud Doron
-
Patent number: 9591011Abstract: A central controller and a method for separation of traffic processing in a software defined network (SDN). The method comprises: identifying, based on at least one zoning trigger parameter, a potential cyber-attack; triggering a zoning mode for mitigating the potential cyber-attack; dynamically allocating, based on a load profile, a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised; and causing at least one network element in the SDN to divert incoming traffic to the first group and to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.Type: GrantFiled: December 3, 2015Date of Patent: March 7, 2017Assignee: RADWARE, LTD.Inventors: Yehuda Zisapel, Avi Chesla, Shay Naeh, David Aviv, Ehud Doron
-
Publication number: 20170006092Abstract: A system and method for managing an application delivery controller (ADC) cluster including a plurality of ADCs are provided. The method includes creating a hash table including a plurality of buckets, wherein a number of the plurality of buckets is a multiple of a maximum number of active ADCs that can be supported by the ADC cluster; allocating, to each active ADC of the ADC cluster, one of the plurality of buckets; and instructing at least one network element to distribute traffic to and from the active ADCs based on the hash table.Type: ApplicationFiled: July 1, 2016Publication date: January 5, 2017Applicant: RADWARE, LTD.Inventors: Benny ROCHWERGER, Ehud DORON, Kobi SAMORAY
-
Publication number: 20160381069Abstract: A method and system for mitigating of cyber-attacks in a software defined network (SDN) are presented. The method comprises operating a central controller and the SDN in a peace mode; monitoring traffic addressed to at least one destination server to detect at least an attack performed against the at least one destination server; switching an operation of the central controller to an attack mode, upon detection of an attack against the at least one destination server; and instructing, by the central controller, network elements of the SDN to divert all suspicious incoming traffic addressed to the at least one destination server to a security server, thereby mitigating the detected attack.Type: ApplicationFiled: June 2, 2015Publication date: December 29, 2016Applicant: RADWARE, LTD.Inventors: Avi CHESLA, Ehud DORON
-
Patent number: 9450981Abstract: A method for efficient mitigation of denial of service (DoS) attacks in a virtual network. The method maintains a security service level agreement (SLA) guaranteed to protected objects. The method includes ascertaining that a denial of service (DoS) attack is performed in the virtual network; checking if the DoS attack affects at least one physical machine hosting at least one protected object, wherein the protected object is provisioned with at least a guaranteed security service level agreement (SLA); determining, by a central controller of the virtual network, an optimal mitigation action to ensure the at least one security SLA guaranteed to the least one protected object; and executing the determined optimal mitigation action to mitigate the DoS attack, wherein the optimal mitigation action is facilitated by resources of the virtual network.Type: GrantFiled: March 14, 2013Date of Patent: September 20, 2016Assignee: Radware, Ltd.Inventors: Ehud Doron, Avi Chesla
-
Publication number: 20160261628Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.Type: ApplicationFiled: March 6, 2015Publication date: September 8, 2016Applicant: RADWARE, LTD.Inventors: Ehud DORON, David AVIV, Yotam BEN EZRA, Lev MEDVEDOVSKY
-
Patent number: 9386085Abstract: A method for managing an application delivery controller (ADC) cluster operable in a software defined networking (SDN)-based network and including a plurality of ADC virtual appliances (VAs). The method comprises creating, by a central controller, a hash table including a plurality of buckets allocated to active VAs out of the plurality of VAs, each bucket is assigned to a range of a source internet protocol (IP) addresses of a client; and programming by the central controller at least one ingress network element connected to the ADC cluster and receive incoming traffic from clients to perform a balanced incoming traffic distribution among the plurality of VAs, wherein the traffic distribution is based in part on the allocation of the buckets to the plurality of VAs and the SIP addresses of the clients originating the incoming traffic. The plurality of VAs are virtual ADC instances operable i the plurality of physical devices.Type: GrantFiled: April 4, 2013Date of Patent: July 5, 2016Assignee: Radware, Ltd.Inventors: Ehud Doron, Masato Sekiguchi
-
Publication number: 20160156648Abstract: A central controller and a method for separation of traffic processing in a software defined network (SDN). The method comprises: identifying, based on at least one zoning trigger parameter, a potential cyber-attack; triggering a zoning mode for mitigating the potential cyber-attack; dynamically allocating, based on a load profile, a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised; and causing at least one network element in the SDN to divert incoming traffic to the first group and to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.Type: ApplicationFiled: December 3, 2015Publication date: June 2, 2016Applicant: RADWARE, LTD.Inventors: Yehuda ZISAPEL, Avi CHESLA, Shay NAEH, David AVIV, Ehud DORON
-
Patent number: 9210180Abstract: A method and system for separation of traffic processing in a software defined network (SDN). The method comprises allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first ADC and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert traffic from a trusted client to the first group of computing resources and traffic from an un-trusted client to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.Type: GrantFiled: January 17, 2013Date of Patent: December 8, 2015Assignee: Radware Ltd.Inventors: Yehuda Zisapel, Avi Chesla, Shay Naeh, David Aviv, Ehud Doron
-
Patent number: 9055006Abstract: A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN). The method comprises receiving a DoS attack indication performed against at least one destination server; programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication; instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server to allow diversion of the packet to a security server; and instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server.Type: GrantFiled: June 10, 2013Date of Patent: June 9, 2015Assignee: Radware, Ltd.Inventors: Avi Chesla, Ehud Doron
-
Publication number: 20140283051Abstract: A method for efficient mitigation of denial of service (DoS) attacks in a virtual network. The method maintains a security service level agreement (SLA) guaranteed to protected objects. The method comprises ascertaining that a denial of service (DoS) attack is performed in the virtual network; checking if the DoS attack affects at least one physical machine hosting at least one protected object, wherein the protected object is provisioned with at least a guaranteed security service level agreement (SLA); determining, by a central controller of the virtual network, an optimal mitigation action to ensure the at least one security SLA guaranteed to the least one protected object; and executing the determined optimal mitigation action to mitigate the DoS attack, wherein the optimal mitigation action is facilitated by means of resources of the virtual network.Type: ApplicationFiled: March 14, 2013Publication date: September 18, 2014Applicant: RADWARE, LTD.Inventors: Ehud DORON, Avi CHESLA