Patents by Inventor Elvis Hovor
Elvis Hovor has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10944772Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for obtaining, processing, and presenting data related to security events, and for implementing courses of action to protect assets in response to the security events. An event management module identifies malicious activity present on a first network domain and/or a second network domain based on received network domain activity. A threat intelligence module receives data identifying the malicious activity in first data constructs of a predefined data structure. The threat intelligence module obtains additional data related to the identified malicious activity and generates second data constructs that include enriched data regarding the malicious activity. The enriched data includes data describing a campaign in which at least a portion of the malicious activity is involved and one or more courses of action. A course of action module receives the second data constructs and implements a given course of action.Type: GrantFiled: November 15, 2018Date of Patent: March 9, 2021Assignee: Accenture Global Solutions LimitedInventors: Shaan Mulchandani, Amin Hassanzadeh, Elvis Hovor, Shimon Modi, Walid Negm
-
Patent number: 10880320Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.Type: GrantFiled: July 26, 2018Date of Patent: December 29, 2020Assignee: Accenture Global Services LimitedInventors: Elvis Hovor, Shimon Modi, Shubhashis Sengupta, Roshni Ramesh Ramnani, Annervaz Karukapadath Mohamedrasheed
-
Patent number: 10681062Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for incident response are disclosed. In one aspect, a system includes a cognitive engine that is configured to receive data identifying actions performed in response to a computer security threat. Based on the data identifying the actions performed in response to the computer security threat, the system generates one or more workflows and a particular workflow that are associated with the computer security threat and that each identify one or more actions to remediate the computer security threat. The system also includes a scoring system and event triage engine that is configured to analyze the actions of the one or more workflows and of the particular workflow, and based on analyzing the actions of the one or more workflows and of the particular workflow, select a primary workflow as a workflow to respond to the computer security threat.Type: GrantFiled: October 31, 2017Date of Patent: June 9, 2020Assignee: Accenture Global Solutions LimitedInventors: Matthew Carver, Mohamed H. El-Sharkawi, Elvis Hovor
-
Patent number: 10554674Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for incident response are disclosed. In one aspect, a computer-implemented method includes receiving data identifying two or more groups of actions performed to remediate a computer security threat. The method includes determining first unique paths from a first action of each of the two or more groups of actions to a second action of each of the two or more groups of actions, and determining second unique paths from the second action of each of the two or more groups of actions to a third action of each of the two or more groups of actions. The method also includes combining common paths among the first unique paths and the second unique paths, identifying one of the common paths that appears most frequently, and determining a core path that includes a subset of the actions of the two or more groups of actions based on the one of the common paths that appears most frequently.Type: GrantFiled: November 17, 2017Date of Patent: February 4, 2020Assignee: Accenture Global Solutions LimitedInventors: Matthew Carver, Mohamed H. El-Sharkawi, Elvis Hovor
-
Patent number: 10313389Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and determining a change to the asset topology to reduce the probability that the second computer-related asset will be compromised by an adversary.Type: GrantFiled: March 6, 2018Date of Patent: June 4, 2019Assignee: Accenture Global Services LimitedInventors: Elvis Hovor, Shaan Mulchandani, Matthew Carver
-
Publication number: 20190089727Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for obtaining, processing, and presenting data related to security events, and for implementing courses of action to protect assets in response to the security events. An event management module identifies malicious activity present on a first network domain and/or a second network domain based on received network domain activity. A threat intelligence module receives data identifying the malicious activity in first data constructs of a predefined data structure. The threat intelligence module obtains additional data related to the identified malicious activity and generates second data constructs that include enriched data regarding the malicious activity. The enriched data includes data describing a campaign in which at least a portion of the malicious activity is involved and one or more courses of action. A course of action module receives the second data constructs and implements a given course of action.Type: ApplicationFiled: November 15, 2018Publication date: March 21, 2019Inventors: Shaan Mulchandani, Amin Hassanzadeh, Elvis Hovor, Shimon Modi, Walid Negm
-
Publication number: 20180359267Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.Type: ApplicationFiled: July 26, 2018Publication date: December 13, 2018Inventors: Elvis Hovor, Shimon Modi, Shubhashis Sengupta, Roshni Ramesh Ramnani, Annervaz Karukapadath Mohamedrasheed
-
Patent number: 10148679Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for obtaining, processing, and presenting data related to security events, and for implementing courses of action to protect assets in response to the security events. An event management module identifies malicious activity present on a first network domain and/or a second network domain based on received network domain activity. A threat intelligence module receives data identifying the malicious activity in first data constructs of a predefined data structure. The threat intelligence module obtains additional data related to the identified malicious activity and generates second data constructs that include enriched data regarding the malicious activity. The enriched data includes data describing a campaign in which at least a portion of the malicious activity is involved and one or more courses of action. A course of action module receives the second data constructs and implements a given course of action.Type: GrantFiled: February 23, 2016Date of Patent: December 4, 2018Assignee: Accenture Global Solutions LimitedInventors: Shaan Mulchandani, Amin Hassanzadeh, Elvis Hovor, Shimon Modi, Walid Negm
-
Patent number: 10063573Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.Type: GrantFiled: February 13, 2017Date of Patent: August 28, 2018Assignee: Accenture Global Services LimitedInventors: Elvis Hovor, Shimon Modi, Shubhashis Sengupta, Roshni Ramesh Ramnani, Annervaz Karukapadath Mohamedrasheed
-
Patent number: 10051010Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: GrantFiled: October 25, 2017Date of Patent: August 14, 2018Assignee: Accenture Global Services LimitedInventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Publication number: 20180198815Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and determining a change to the asset topology to reduce the probability that the second computer-related asset will be compromised by an adversary.Type: ApplicationFiled: March 6, 2018Publication date: July 12, 2018Inventors: Elvis Hovor, Shaan Mulchandani, Matthew Carver
-
Patent number: 9979743Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and determining a change to the asset topology to reduce the probability that the second computer-related asset will be compromised by an adversary.Type: GrantFiled: August 31, 2015Date of Patent: May 22, 2018Assignee: Accenture Global Services LimitedInventors: Elvis Hovor, Shaan Mulchandani, Matthew Carver
-
Publication number: 20180124077Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for incident response are disclosed. In one aspect, a computer-implemented method includes receiving data identifying two or more groups of actions performed to remediate a computer security threat. The method includes determining first unique paths from a first action of each of the two or more groups of actions to a second action of each of the two or more groups of actions, and determining second unique paths from the second action of each of the two or more groups of actions to a third action of each of the two or more groups of actions. The method also includes combining common paths among the first unique paths and the second unique paths, identifying one of the common paths that appears most frequently, and determining a core path that includes a subset of the actions of the two or more groups of actions based on the one of the common paths that appears most frequently.Type: ApplicationFiled: November 17, 2017Publication date: May 3, 2018Inventors: Matthew Carver, Mohamed H. El-Sharkawi, Elvis Hovor
-
Publication number: 20180124098Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for incident response are disclosed. In one aspect, a system includes a cognitive engine that is configured to receive data identifying actions performed in response to a computer security threat. Based on the data identifying the actions performed in response to the computer security threat, the system generates one or more workflows and a particular workflow that are associated with the computer security threat and that each identify one or more actions to remediate the computer security threat. The system also includes a scoring system and event triage engine that is configured to analyze the actions of the one or more workflows and of the particular workflow, and based on analyzing the actions of the one or more workflows and of the particular workflow, select a primary workflow as a workflow to respond to the computer security threat.Type: ApplicationFiled: October 31, 2017Publication date: May 3, 2018Inventors: Matthew Carver, Mohamed H. El-Sharkawi, Elvis Hovor
-
Publication number: 20180097847Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: ApplicationFiled: October 25, 2017Publication date: April 5, 2018Inventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Patent number: 9886582Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining threat data contextualization.Type: GrantFiled: August 31, 2015Date of Patent: February 6, 2018Assignee: Accenture Global Sevices LimitedInventors: Elvis Hovor, David William Rozmiarek, Robin Lynn Burkett, Matthew Carver, Mohamed H. El-Sharkawi
-
Patent number: 9807120Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: GrantFiled: June 29, 2016Date of Patent: October 31, 2017Assignee: Accenture Global Services LimitedInventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Patent number: 9716721Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.Type: GrantFiled: August 29, 2014Date of Patent: July 25, 2017Assignee: Accenture Global Services LimitedInventors: Elvis Hovor, Shimon Modi, Shubhashis Sengupta, Roshni Ramesh Ramnani, Annervaz Karukapadath Mohamedrasheed
-
Publication number: 20170171235Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for obtaining, processing, and presenting data related to security events, and for implementing courses of action to protect assets in response to the security events. An event management module identifies malicious activity present on a first network domain and/or a second network domain based on received network domain activity. A threat intelligence module receives data identifying the malicious activity in first data constructs of a predefined data structure. The threat intelligence module obtains additional data related to the identified malicious activity and generates second data constructs that include enriched data regarding the malicious activity. The enriched data includes data describing a campaign in which at least a portion of the malicious activity is involved and one or more courses of action. A course of action module receives the second data constructs and implements a given course of action.Type: ApplicationFiled: February 23, 2016Publication date: June 15, 2017Inventors: Shaan Mulchandani, Amin Hassanzadeh, Elvis Hovor, Shimon Modi, Walid Negm
-
Publication number: 20170155671Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating structured data using data received from unstructured textual data sources. One of the methods includes receiving unstructured textual data, identifying one or more keywords in the unstructured textual data, determining one or more patterns included in the unstructured textual data using the identified keywords, identifying one or more intelligence types that correspond with the unstructured textual data using the determined patterns, and associating, for each of the identified intelligence types, a data subset from the unstructured textual data with the respective intelligence type.Type: ApplicationFiled: February 13, 2017Publication date: June 1, 2017Inventors: Elvis Hovor, Shimon Modi, Shubhashis Sengupta, Roshni Ramesh Ramnani, Annervaz Karukapadath Mohamedrasheed