Patents by Inventor Liron Levin

Liron Levin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10599833
    Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least networking ports that are allowed for at least one of: access to the application container, and access by the application container; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: March 24, 2020
    Assignee: TWISTLOCK, LTD.
    Inventors: Liron Levin, Dima Stopel, Eran Yanay
  • Patent number: 10586042
    Abstract: A method for securing execution of software containers using security profiles. The method comprises receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a system calls profile; monitoring the operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation, wherein the security profile is of the container image corresponding to the application container.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: March 10, 2020
    Assignee: TWISTLOCK, LTD.
    Inventors: Dima Stopel, Liron Levin, Lior Yankovich
  • Patent number: 10567411
    Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: February 18, 2020
    Assignee: TWISTLOCK, LTD.
    Inventors: Ben Bernstein, John Morello, Dima Stopel, Liron Levin, Eran Yanay
  • Publication number: 20200026850
    Abstract: A system and method for serverless runtime application self-protection.
    Type: Application
    Filed: September 27, 2018
    Publication date: January 23, 2020
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, Michael VELBAUM, Alon ADLER, Michael KLETSELMAN, John MORELLO
  • Publication number: 20200026849
    Abstract: A system and method for cloud native virtual machine (VM) runtime protection. The method includes creating a normal behavior model for a cloud native VM by training a machine learning model using a training data set including a plurality of training activities performed by the cloud native VM, the cloud native VM being configured to provide at least one service, wherein the normal behavior model defines at least one capability of each of the at least one service, wherein each capability of a service indicates a plurality of discrete behaviors required by the service; and monitoring an execution of the cloud native VM to detect a deviation from the normal behavior model, wherein the deviation is caused by at least one abnormal behavior of one of the at least one service that is not among the discrete behaviors defined in the at least one capability for the service.
    Type: Application
    Filed: August 22, 2018
    Publication date: January 23, 2020
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, John MORELLO, Dima STOPEL, Michael VELBAUM, Itay ABRAMOWSKY, Isaac SCHNITZER
  • Publication number: 20200026541
    Abstract: A host device and method for efficient distributed security forensics. The method includes creating, at a first host device configured to run a first virtualization entity, a first event index for the first virtualization entity; encoding at least one event related to the first virtualization entity; updating the first event index based on the encoded at least one event; and sending the first event index to a master console, wherein the master console is configured to receive a plurality of event indices created by a plurality of host devices with respect to a plurality of virtualization entities.
    Type: Application
    Filed: September 27, 2018
    Publication date: January 23, 2020
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, Ami BIZAMCHER, Michael KLETSELMAN, John MORELLO
  • Publication number: 20200012818
    Abstract: A system and method for maintaining image integrity in a containerized environment. Image layers of a software container are scanned for metadata. The metadata is indexed and contextual metadata is added. Execution of the containerized environment is monitored to detect new image layers being executed. Integrity of images in the environment is maintained based on integrity rules and the metadata of each image layer. The integrity rules ensure image integrity by ensuring that pulled images are composed from trusted images, image layers are pushed by trusted users, image layers do not include potential vulnerabilities, and image layers do not override specific file paths. Trusted image layers may be automatically detected using a machine learning model trained based on historical image layer metadata.
    Type: Application
    Filed: July 3, 2018
    Publication date: January 9, 2020
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, John MORELLO, Dima STOPEL
  • Publication number: 20190190931
    Abstract: A method and system for runtime detection of botnets in containerized environments. The method includes creating a domain name system (DNS) policy for a software container, wherein the DNS policy defines at least a plurality of allowed domain names for the software container, wherein the DNS policy is created based on historical DNS queries by the software container; detecting a botnet based on traffic to and from the software container, wherein the botnet is detected when at least a portion of the traffic does not comply with the DNS policy, wherein the botnet is implemented via communication with a bot executed in the software container; and blocking at least one DNS query in the at least a portion of traffic, wherein each blocked DNS query is to a domain having a domain name that does not match any of the plurality of allowed domain names for the software container.
    Type: Application
    Filed: December 10, 2018
    Publication date: June 20, 2019
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, John MORELLO
  • Publication number: 20190116199
    Abstract: A method and system for protecting an application from unsecure network exposure. The method includes identifying at least one port through which the application is accessible when the application is not configured correctly, wherein the application is executed at a host device connected to at least one network, the host device having the at least one port; sending, to an external resource, connection data for connecting to the application via the at least one port, wherein the external resource is configured to attempt to connect to the application based on the connection data and to return results of the connection attempt; determining, based on the results of the connection attempt, whether an exposure vulnerability exists; and performing at least one mitigation action when an exposure vulnerability exists.
    Type: Application
    Filed: October 17, 2018
    Publication date: April 18, 2019
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, Liron LEVIN, Daniel SHAPIRA, Nitsan BEN NUN, John MORELLO
  • Publication number: 20190087569
    Abstract: A system and method for defending an application configured to invoke anonymous functions. The method includes analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying, based on the at least one branch of the application and at least one first anonymous function, at least one potential threat branch, each potential threat branch including a call to one of the at least one first anonymous function; and rewiring at least one first function call of the application to create a secured instance of the application, wherein each of the at least one first function call is to one of the at least one first anonymous function prior to rewiring.
    Type: Application
    Filed: September 18, 2018
    Publication date: March 21, 2019
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, John MORELLO
  • Publication number: 20190058722
    Abstract: A system and method for traffic enforcement in containerized environments. The method includes analyzing contents of a container image to determine a type of application to be executed by a first container, wherein the first container is a runtime instance of the container image; determining, based on the type of application to be executed by the first container, a filtering profile for the first container, wherein the filtering profile defines a configuration for inspecting and filtering traffic directed to the first container; and filtering, based on the filtering profile, malicious traffic directed to the first container.
    Type: Application
    Filed: October 22, 2018
    Publication date: February 21, 2019
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, John MORELLO, Eran YANAY
  • Publication number: 20180278639
    Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.
    Type: Application
    Filed: May 29, 2018
    Publication date: September 27, 2018
    Applicant: Twistlock, Ltd.
    Inventors: Ben BERNSTEIN, John MORELLO, Dima STOPEL, Liron LEVIN, Eran YANAY
  • Publication number: 20180260574
    Abstract: A system and method for runtime detection of vulnerabilities in an application software container that is configured to execute an application.
    Type: Application
    Filed: May 9, 2018
    Publication date: September 13, 2018
    Applicant: Twistlock, Ltd.
    Inventors: John MORELLO, Dima STOPEL, Liron LEVIN
  • Publication number: 20180144123
    Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least networking ports that are allowed for at least one of: access to the application container, and access by the application container; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.
    Type: Application
    Filed: December 29, 2017
    Publication date: May 24, 2018
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, Eran YANAY
  • Publication number: 20180129803
    Abstract: A system and method for securing execution of software containers using security profiles. The method includes receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image when the event is received, wherein the generated security profile indicates at least a list of permissible filesystem actions, wherein each permissible filesystem action is an action performed with respect to at least one filesystem resource; monitoring an operation of a runtime execution of the application container; and detecting a violation of the security profile based on the monitored operation.
    Type: Application
    Filed: January 9, 2018
    Publication date: May 10, 2018
    Applicant: Twistlock, Ltd.
    Inventors: Liron LEVIN, Dima STOPEL, Eran YANAY
  • Patent number: 9847014
    Abstract: A proximity-based reminder system includes one or more proximity detectors for determining whether a distance between two or more paired electronic devices satisfies various criteria. Data transmissions across a wide area network (WAN) are used to determine whether a distance between paired devices satisfies a first proximity condition. Transmissions across a local area network (LAN) are used to determine whether the distance between the paired devices satisfies a second proximity condition. When the first and second proximity conditions are satisfied, the proximity-based reminder system issues a reminder alert notification to one or more of the paired devices.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: December 19, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Dikla Dotan-Cohen, Lilach Perry, Liron Levin
  • Publication number: 20170243468
    Abstract: A proximity-based reminder system includes one or more proximity detectors for determining whether a distance between two or more paired electronic devices satisfies various criteria. Data transmissions across a wide area network (WAN) are used to determine whether a distance between paired devices satisfies a first proximity condition. Transmissions across a local area network (LAN) are used to determine whether the distance between the paired devices satisfies a second proximity condition. When the first and second proximity conditions are satisfied, the proximity-based reminder system issues a reminder alert notification to one or more of the paired devices.
    Type: Application
    Filed: May 5, 2017
    Publication date: August 24, 2017
    Inventors: Dikla Dotan-Cohen, Lilach Perry, Liron Levin
  • Publication number: 20170187540
    Abstract: A method and system for detecting vulnerable root certificates in container images are provided. The method includes receiving an event to scan at least one container image hosted in a host device, wherein the least one container image includes resources utilized to execute, by the host device, at least a respective software application container; extracting contents of layers of the at least one container image; scanning the extracted contents to generate a first list designating all root certificates included in the at least one container image; generating a second list designating all root certificates trusted by the host device; comparing the first list to the second list to detect at least one root certificate designated in the first list but not in the second; and determining the at least one detected root certificate as vulnerable.
    Type: Application
    Filed: February 16, 2017
    Publication date: June 29, 2017
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, John MORELLO, Liron LEVIN
  • Patent number: 9672725
    Abstract: A proximity-based reminder system includes one or more proximity detectors for determining whether a distance between two or more paired electronic devices satisfies various criteria. Data transmissions across a wide area network (WAN) are used to determine whether a distance between paired devices satisfies a first proximity condition. Transmissions across a local area network (LAN) are used to determine whether the distance between the paired devices satisfies a second proximity condition. When the first and second proximity conditions are satisfied, the proximity-based reminder system issues a reminder alert notification to one or more of the paired devices.
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: June 6, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Dikla Dotan-Cohen, Lilach Perry, Liron Levin
  • Publication number: 20170116412
    Abstract: A method for securing execution of software containers using security profiles. The method comprises receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; generating a security profile for the container image, wherein the generated security profile includes at least a spawned processes profile, wherein the security profile is of the container image corresponding to the application container; monitoring the operation of a runtime execution of the application container; and detecting a violation of the spawned processes profile based on the monitored operation.
    Type: Application
    Filed: January 3, 2017
    Publication date: April 27, 2017
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, Liron LEVIN