Patents by Inventor Leonid Kuperman
Leonid Kuperman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240134770Abstract: A device launches a respective instance on each respective cloud service provider (CSP) of a plurality of CSPs. The device receives, from each respective instance, performance benchmark data for each CSP shape of the respective CSP on which the respective instance is launched. The device inputs the performance benchmark data from each respective instance into a model and receives, as output from the model, a determination of, for each CSP shape, group of a plurality of groups to which the CSP shape belongs. The device ranks each group based on a parameter, and provides for display to a user a recommended CSP shape based on the ranking.Type: ApplicationFiled: November 28, 2023Publication date: April 25, 2024Inventors: Leonid Kuperman, Laurent Gil
-
Patent number: 11868227Abstract: A device launches a respective instance on each respective cloud service provider (CSP) of a plurality of CSPs. The device receives, from each respective instance, performance benchmark data for each CSP shape of the respective CSP on which the respective instance is launched. The device inputs the performance benchmark data from each respective instance into a model and receives, as output from the model, a determination of, for each CSP shape, group of a plurality of groups to which the CSP shape belongs. The device ranks each group based on a parameter, and provides for display to a user a recommended CSP shape based on the ranking.Type: GrantFiled: May 17, 2021Date of Patent: January 9, 2024Assignee: CAST AI Group, Inc.Inventors: Leonid Kuperman, Laurent Gil
-
Publication number: 20230328114Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.Type: ApplicationFiled: June 5, 2023Publication date: October 12, 2023Applicant: Oracle International CorporationInventors: Igor Dozorets, Thoulfekar Alrahem, Jun Tong, Leonid Kuperman, Nachiketh Potlapally, Bala Ganesh Chandran, Brian Pratt, Nathaniel Martin Glass, Girish Nagaraja, Jonathan Jorge Nadal
-
Patent number: 11706260Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.Type: GrantFiled: August 3, 2021Date of Patent: July 18, 2023Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Igor Dozorets, Thoulfekar Alrahem, Jun Tong, Leonid Kuperman, Nachiketh Rao Potlapally, Bala Ganesh Chandran, Brian Pratt, Nathaniel Martin Glass, Girish Nagaraja, Jonathan Jorge Nadal
-
Publication number: 20230179522Abstract: A multi-cloud service system establishes tunnels and network overlays across multiple CSPs while meeting a criterion for a latency threshold. The system conducts a latency benchmarking evaluation across each cloud region for multiple CSPs and based on the latency bench marking evaluation results, the system may identify a group of cloud regions that satisfy a criterion such as predetermined maximum latency threshold or geographical restriction. The system may provision the group of cloud regions by provisioning a tunnel between nodes of the multiple CSPs. The system further establishes an overlay network on top of the tunnel by encapsulating packets using encapsulation end point such as VTEP (VXLAN tunnel end point) over VXLAN (Virtual Extension Local Area Network), which may help to ensure reliable transmission of packets from pod to pod. The system may inject user data into each node to initiate operations across the provisioned nodes using injected user data.Type: ApplicationFiled: January 27, 2023Publication date: June 8, 2023Inventors: Saulius Masnauskas, Rokas Bilevicius, Tadeus Varnas, Augustinas Stirbis, Leonid Kuperman
-
Patent number: 11595306Abstract: A multi-cloud service system establishes tunnels and network overlays across multiple CSPs while meeting a criterion for a latency threshold. The system conducts a latency benchmarking evaluation across each cloud region for multiple CSPs and based on the latency bench marking evaluation results, the system may identify a group of cloud regions that satisfy a criterion such as predetermined maximum latency threshold or geographical restriction. The system may provision the group of cloud regions by provisioning a tunnel between nodes of the multiple CSPs. The system further establishes an overlay network on top of the tunnel by encapsulating packets using encapsulation end point such as VTEP (VXLAN tunnel end point) over VXLAN (Virtual Extension Local Area Network), which may help to ensure reliable transmission of packets from pod to pod. The system may inject user data into each node to initiate operations across the provisioned nodes using injected user data.Type: GrantFiled: July 20, 2021Date of Patent: February 28, 2023Assignee: CAST AI Group, Inc.Inventors: Saulius Ma{hacek over (s)}nauskas, Rokas Bilevi{hacek over (c)}ius, Tadeu{hacek over (s)} Varnas, Augustinas Stirbis, Leonid Kuperman
-
Patent number: 11394687Abstract: Fully qualified domain name determination is disclosed. A queue of fully qualified domain names (FQDN) is created using a predetermined amount of network domains. Each FQDN is crawled from a plurality of collection agents of a computer network. For each FQDN, data comprising an Internet Protocol (IP) address of the FQDN, IP addresses for resources loaded for the FQDN and load times of the resources loaded for the FQDN are extracted. A correlation model is generated based on the data. An FQDN being accessed by one or more computer devices of the computer network is determined by using the correlation model.Type: GrantFiled: September 2, 2020Date of Patent: July 19, 2022Assignee: Cujo LLCInventors: Leonid Kuperman, Santeri Kangas
-
Publication number: 20220200960Abstract: Aspects of the present application relate to systems and methods for automated web-based filter tuning. The method can include receiving information characterizing a plurality of attributes of a web server and normalizing the received information. The method can include identifying a set of relevant tags to the web server via comparison of the normalized received information to data contained in a tag database, and forming a set of signatures relevant to the web server based at least in part on the set of relevant tags. The method can include receiving an administrator selection of at least some of the set of signatures, enabling the selected at least some of the set of signatures for filtering of received web requests.Type: ApplicationFiled: December 21, 2020Publication date: June 23, 2022Applicant: Oracle International CorporationInventors: Alexandre Vincent Laplume, Marcos Negreira, Leonid Kuperman, Michael Levin, Jorge Luis Espinoza Calderon
-
Publication number: 20220198322Abstract: Techniques for auto-remediating security issues with artificial intelligence. One technique includes obtaining a problem detected within a signal from an emitter associated with a user, inferring a first response, using a global model having a global set of model parameters learned from mappings between problems and responses globally with respect to preferences of all users using a security architecture, inferring a second response, using a local model having a local set of model parameters learned from mappings between problems and responses locally with respect to preferences of the user; evaluating the first response and the second response using criteria, determining a final response for the problem based on the evaluation of the first response and the second response, and selecting a responder from a set of responders based on the final response. The responder is adapted to take one or more actions to respond to the problem.Type: ApplicationFiled: December 22, 2020Publication date: June 23, 2022Applicant: Oracle International CorporationInventors: Leonid Kuperman, Ramakrishna Raju Uppalapati, Prakash Yamuna, Vardhaman Parasmal Modi, Mukarram Baig, Rohit Srivastava
-
Patent number: 11303657Abstract: The behavior analysis engine can condense stored machine-learned models and transmit the condensed versions of the machine-learned models to the network traffic hub to be applied in the local networks. When the behavior analysis engine receives new data that can be used to further train a machine-learned model, the behavior analysis engine updates the machine-learned model and generates a condensed-version of the machine-learned model. The condensed-version of the machine-learned model may be more resource efficient than the machine-learned model while capable of making similar or the same decisions as the machine-learned model. The behavior analysis engine transmits the condensed version of the machine-learned model to the network traffic hub and the network traffic hub uses the condensed-version of the machine-learned model to identify malicious behavior in the local network.Type: GrantFiled: March 1, 2018Date of Patent: April 12, 2022Assignee: Cujo LLCInventors: Leonid Kuperman, Yuri Frayman, Einaras von Gravrock, Gabor Takacs
-
Patent number: 11303656Abstract: The behavior analysis engine can identify malicious entities based on connections between the entity and other entities. The behavior analysis engine receives an entity from the network traffic hub and identifies entities that are connected to the entity within a threshold degree of separation. The behavior analysis engine applies a recursive process to the entity whereby the behavior analysis engine determines whether an entity is malicious based on whether its connections within a threshold degree of separation are malicious. The behavior analysis engine uses the maliciousness of the entities' connections to determine whether the entity is malicious and, if the entity is malicious, the behavior analysis engine may instruct the network traffic hub to block network communications associated with the malicious entity.Type: GrantFiled: March 1, 2018Date of Patent: April 12, 2022Assignee: Cujo LLCInventors: Leonid Kuperman, Yuri Frayman, Einaras von Gravrock, Gabor Takacs
-
Patent number: 11277422Abstract: The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.Type: GrantFiled: March 1, 2018Date of Patent: March 15, 2022Assignee: Cujo LLCInventors: Leonid Kuperman, Yuri Frayman, Einaras von Gravrock, Gabor Takacs
-
Publication number: 20220060517Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.Type: ApplicationFiled: August 3, 2021Publication date: February 24, 2022Applicant: Oracle International CorporationInventors: Igor Dozorets, Thoulfekar Alrahem, Jun Tong, Leonid Kuperman, Nachiketh Rao Potlapally, Bala Ganesh Chandran, Brian Pratt, Nathaniel Martin Glass, Girish Nagaraja, Jonathan Jorge Nadal
-
Publication number: 20220029917Abstract: A multi-cloud service system establishes tunnels and network overlays across multiple CSPs while meeting a criterion for a latency threshold. The system conducts a latency benchmarking evaluation across each cloud region for multiple CSPs and based on the latency bench marking evaluation results, the system may identify a group of cloud regions that satisfy a criterion such as predetermined maximum latency threshold or geographical restriction. The system may provision the group of cloud regions by provisioning a tunnel between nodes of the multiple CSPs. The system further establishes an overlay network on top of the tunnel by encapsulating packets using encapsulation end point such as VTEP (VXLAN tunnel end point) over VXLAN (Virtual Extension Local Area Network), which may help to ensure reliable transmission of packets from pod to pod. The system may inject user data into each node to initiate operations across the provisioned nodes using injected user data.Type: ApplicationFiled: July 20, 2021Publication date: January 27, 2022Inventors: Saulius Masnauskas, Rokas Bilevicius, Tadeus Varnas, Augustinas Stirbis, Leonid Kuperman
-
Publication number: 20220030051Abstract: A multi-cloud service system establishes tunnels and network overlays across multiple CSPs while meeting a criterion for a latency threshold. The system conducts a latency benchmarking evaluation across each cloud region for multiple CSPs and based on the latency bench marking evaluation results, the system may identify a group of cloud regions that satisfy a criterion such as predetermined maximum latency threshold or geographical restriction. The system may provision the group of cloud regions by provisioning a tunnel between nodes of the multiple CSPs. The system further establishes an overlay network on top of the tunnel by encapsulating packets using encapsulation end point such as VTEP (VXLAN tunnel end point) over VXLAN (Virtual Extension Local Area Network), which may help to ensure reliable transmission of packets from pod to pod. The system may inject user data into each node to initiate operations across the provisioned nodes using injected user data.Type: ApplicationFiled: July 20, 2021Publication date: January 27, 2022Inventors: Saulius Ma{hacek over (s)}nauskas, Rokas Bilevicius, Tadeu{hacek over (s)} Varnas, Augustinas Stirbis, Leonid Kuperman
-
Publication number: 20210365348Abstract: A device launches a respective instance on each respective cloud service provider (CSP) of a plurality of CSPs. The device receives, from each respective instance, performance benchmark data for each CSP shape of the respective CSP on which the respective instance is launched. The device inputs the performance benchmark data from each respective instance into a model and receives, as output from the model, a determination of, for each CSP shape, group of a plurality of groups to which the CSP shape belongs. The device ranks each group based on a parameter, and provides for display to a user a recommended CSP shape based on the ranking.Type: ApplicationFiled: May 17, 2021Publication date: November 25, 2021Inventors: Leonid Kuperman, Laurent Gil
-
Patent number: 11176459Abstract: A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.Type: GrantFiled: September 12, 2019Date of Patent: November 16, 2021Assignee: Cujo LLCInventors: Yuri Frayman, Robert Beatty, Leonid Kuperman, Gabor Takacs
-
Patent number: 11165798Abstract: The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.Type: GrantFiled: March 1, 2018Date of Patent: November 2, 2021Assignee: Cujo LLCInventors: Leonid Kuperman, Yuri Frayman, Einaras von Gravrock, Gabor Takacs
-
Publication number: 20210084008Abstract: Fully qualified domain name determination is disclosed. A queue of fully qualified domain names (FQDN) is created using a predetermined amount of network domains. Each FQDN is crawled from a plurality of collection agents of a computer network. For each FQDN, data comprising an Internet Protocol (IP) address of the FQDN, IP addresses for resources loaded for the FQDN and load times of the resources loaded for the FQDN are extracted. A correlation model is generated based on the data. An FQDN being accessed by one or more computer devices of the computer network is determined by using the correlation model.Type: ApplicationFiled: September 2, 2020Publication date: March 18, 2021Inventors: Leonid Kuperman, Santeri Kangas
-
Patent number: 10931768Abstract: A network traffic hub receives network traffic from a user device running an application. The network traffic hub aggregates the network traffic into augmented netflows. Based on netflow parameters extracted by the network traffic hub, one or more augmented netflows are associated with the application. The network traffic hub determines whether an augmented netflow is a result of the application being in an active state or a passive state based on, for example, the quantity of data within the netflow. If the quantity of data within the augmented netflow is larger than a data threshold, the augmented netflow can be classified as an active usage, and if the data is less than the data threshold, the augmented netflow can be classified as a passive usage. Thus, by classifying network traffic of an application as active or passive, a record of a user's active usage of the application can be recorded.Type: GrantFiled: June 14, 2019Date of Patent: February 23, 2021Assignee: Cujo LLCInventors: Leonid Kuperman, Attila Egri, Gabor Takacs, Paulius Ulozas