Patents by Inventor George Robert Kurtz
George Robert Kurtz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240028717Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: October 3, 2023Publication date: January 25, 2024Inventors: Adam S. Meyers, David F. Diehl, Dmitri Alperovitch, George Robert Kurtz, Sven Krasser
-
Patent number: 11809555Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: GrantFiled: May 27, 2020Date of Patent: November 7, 2023Assignee: CrowdStrike, Inc.Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Publication number: 20210117544Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.Type: ApplicationFiled: June 28, 2019Publication date: April 22, 2021Inventors: George Robert Kurtz, Dmitri Alperovitch, Amol Kulkarni, Jan Miller, Daniel Radu
-
Patent number: 10853491Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: June 13, 2018Date of Patent: December 1, 2020Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Publication number: 20200285739Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: May 27, 2020Publication date: September 10, 2020Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Publication number: 20200285740Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: May 27, 2020Publication date: September 10, 2020Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Patent number: 10713356Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: GrantFiled: March 4, 2013Date of Patent: July 14, 2020Assignee: CrowdStrike, Inc.Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Publication number: 20190138723Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: June 13, 2018Publication date: May 9, 2019Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 10002250Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: December 29, 2016Date of Patent: June 19, 2018Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9904784Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: April 10, 2017Date of Patent: February 27, 2018Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9858626Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: GrantFiled: July 6, 2015Date of Patent: January 2, 2018Assignee: CrowdStrike, Inc.Inventors: Dmitri Alperovitch, George Robert Kurtz, David Frederick Diehl, Sven Krasser, Adam S. Meyers
-
Publication number: 20170213031Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: April 10, 2017Publication date: July 27, 2017Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Publication number: 20170109530Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: December 29, 2016Publication date: April 20, 2017Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9621515Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: May 12, 2015Date of Patent: April 11, 2017Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9571453Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: December 24, 2013Date of Patent: February 14, 2017Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9292881Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: GrantFiled: June 29, 2012Date of Patent: March 22, 2016Assignee: CrowdStrike, Inc.Inventors: Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser, Adam S. Meyers
-
Publication number: 20150326614Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: ApplicationFiled: July 6, 2015Publication date: November 12, 2015Inventors: Dmitri Alperovitch, George Robert Kurtz, David Frederick Diehl, Sven Krasser, Adam S. Meyers
-
Publication number: 20150244679Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: May 12, 2015Publication date: August 27, 2015Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9043903Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: June 8, 2012Date of Patent: May 26, 2015Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Publication number: 20140250524Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: March 4, 2013Publication date: September 4, 2014Applicant: CROWDSTRIKE, INC.Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser