Patents by Inventor Nir Adler
Nir Adler has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11537710Abstract: A method for rendering virtual desktops on an air-gapped endpoint is provided. The method includes rendering a first window presenting a first virtual desktop of a first security zone; rendering a second window presenting a second virtual desktop display of a second security zone, wherein the first security zone and the second security zone are of a plurality of security zones instantiated on the air-gapped endpoint; and controlling, by a hypervisor, display of the first window and the second window on a desktop of the air-gapped endpoint, wherein any application in the first security zone cannot access any application in the second security zone when displayed on the same desktop.Type: GrantFiled: May 20, 2020Date of Patent: December 27, 2022Assignee: Perception Point Ltd.Inventors: Oleg Zlotnik, Nir Adler, Tal Zamir
-
Patent number: 11531749Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).Type: GrantFiled: May 20, 2020Date of Patent: December 20, 2022Assignee: Perception Point Ltd.Inventors: Boris Figovsky, Tal Zamir, Oleg Zlotnik, Nir Adler
-
Publication number: 20220004623Abstract: A method and system for method for providing a managed and isolated workspace on a user device are provided. The method creating a secured workspace in the user device, wherein the secured workspace is separated from a host operating system and includes a guest operating system; monitoring activity performed in the secured workspace and host operating system; determining, based on a security policy, if the monitored activity is risky; and causing execution of any determined risky activity in the secured workspace, thereby defending the host operating system from the determined risky activity, wherein the host operating system executes sensitive applications to an organization.Type: ApplicationFiled: July 6, 2021Publication date: January 6, 2022Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Nir ADLER, Boris FIGOVSKY, Oleg ZLOTNIK, Tal ZAMIR
-
Patent number: 11153322Abstract: A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of virtual machines to detect at least one user request to be executed within a security zone; intercepting the user request and analyzing a level of permission required to complete the user request; determining an appropriate security zone in which to execute the user request, wherein the appropriate security zone has the required level of permission; and executing the user request in the appropriate security zone.Type: GrantFiled: August 15, 2019Date of Patent: October 19, 2021Assignee: Hysolate Ltd.Inventors: Tomer Trabelsi, Oleg Zlotnik, Nir Adler, Tal Zamir
-
Patent number: 11150936Abstract: A method for binding a user account operable on an air-gapped computer to an appropriate virtual machine (VM), comprising: monitoring a plurality of VMs to determine an associated user account for each of the plurality of VMs, wherein the plurality of VMs are executed over the air-gapped computer, and wherein each of the plurality of VMs is a distinct security zone in the air-gapped computer; determining a current VM from the plurality of VMs to bind an associated user account thereto; and displaying user specific indications on desktop items associated with each user account.Type: GrantFiled: September 24, 2019Date of Patent: October 19, 2021Assignee: Hysolate Ltd.Inventors: Tomer Trabelsi, Oleg Zlotnik, Nir Adler, Tai Zamir
-
Patent number: 11010352Abstract: A system and method for providing a unified file system on an air-gapped endpoint are provided. The method included monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to intercept at least one file system operation to access files on a first security zone; determining if the detected file system operation triggers a display of the file system dialog window effecting a second security zone; and when the file system dialog window effecting the second security zone, blocking the display of the file system dialog window in the first security zone; and displaying the file system dialog window in the second security zone.Type: GrantFiled: June 17, 2019Date of Patent: May 18, 2021Assignee: Hysolate Ltd.Inventors: Tal Zamir, Tomer Trabelsi, Oleg Zlotnik, Nir Adler
-
Publication number: 20210109903Abstract: A system and method for providing a unified file system on an air-gapped endpoint are provided. The method includes monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered, preventing the display of a file system dialog window in the first security zone; and displaying the file system dialog window of the second security zone in the second security zone.Type: ApplicationFiled: December 1, 2020Publication date: April 15, 2021Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER
-
Patent number: 10810027Abstract: A management agent operates transparently in the background on each endpoint computing device that needs to be managed. The agent sets up a sandboxed environment on the endpoint computing device on which it is operating in order to capture applications that have been installed on the endpoint device. The application capture is performed after the applications have been installed on the endpoint device and therefore does not require installing the application on any dedicated staging machine, nor any recording of the pre-installation state. The application capture process involves running the application from an isolated sandboxed environment on the computing device in order to identify all necessary components of the application by monitoring accesses by the application to components located outside of the sandbox. The identified components can then be packaged together and managed as individual application packages.Type: GrantFiled: December 24, 2018Date of Patent: October 20, 2020Assignee: VMware, Inc.Inventors: Nir Adler, Dima Golbert, Avshi Avital
-
Publication number: 20200285734Abstract: A method for operating an air-gapped endpoint is provided. The method includes initializing, on the endpoint, a hypervisor for execution over a primitive operating system (OS) of the endpoint; creating an isolated security zone by instantiating a virtual machine using the hypervisor, wherein the security zone includes a plurality of applications executed over a guest OS; and auditing, by the hypervisor, any action performed by any application executed in the security zone.Type: ApplicationFiled: May 20, 2020Publication date: September 10, 2020Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Oleg ZLOTNIK, Boris FIGOVSKY, Nir ADLER
-
Publication number: 20200285735Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).Type: ApplicationFiled: May 20, 2020Publication date: September 10, 2020Applicant: Hysolate Ltd.Inventors: Boris FIGOVSKY, Tal ZAMIR, Oleg ZLOTNIK, Nir ADLER
-
Publication number: 20200279042Abstract: A method for rendering virtual desktops on an air-gapped endpoint is provided. The method includes rendering a first window presenting a first virtual desktop of a first security zone; rendering a second window presenting a second virtual desktop display of a second security zone, wherein the first security zone and the second security zone are of a plurality of security zones instantiated on the air-gapped endpoint; and controlling, by a hypervisor, display of the first window and the second window on a desktop of the air-gapped endpoint, wherein any application in the first security zone cannot access any application in the second security zone when displayed on the same desktop.Type: ApplicationFiled: May 20, 2020Publication date: September 3, 2020Applicant: Hysolate Ltd.Inventors: Oleg ZLOTNIK, Nir ADLER, Tal ZAMIR
-
Patent number: 10699004Abstract: A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to detect at least one UX command executed in a first security zone; determining if the detected UX command triggers a UX function effecting a second security zone; determining if the UX function to be triggered maintains compliance with a security policy of the first and second security zones; and executing the UX function across the first and second security zones.Type: GrantFiled: January 22, 2018Date of Patent: June 30, 2020Assignee: Hysolate Ltd.Inventors: Oleg Zlotnik, Nir Adler, Tal Zamir
-
Publication number: 20200019430Abstract: A method for binding a user account operable on an air-gapped computer to an appropriate virtual machine (VM), comprising: monitoring a plurality of VMs to determine an associated user account for each of the plurality of VMs, wherein the plurality of VMs are executed over the air-gapped computer, and wherein each of the plurality of VMs is a distinct security zone in the air-gapped computer; determining a current VM from the plurality of VMs to bind an associated user account thereto; and displaying user specific indications on desktop items associated with each user account.Type: ApplicationFiled: September 24, 2019Publication date: January 16, 2020Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER, Tal ZAMIR
-
Publication number: 20190372983Abstract: A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of virtual machines to detect at least one user request to be executed within a security zone; intercepting the user request and analyzing a level of permission required to complete the user request; determining an appropriate security zone in which to execute the user request, wherein the appropriate security zone has the required level of permission; and executing the user request in the appropriate security zone.Type: ApplicationFiled: August 15, 2019Publication date: December 5, 2019Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER, Tal ZAMIR
-
Publication number: 20190303354Abstract: A system and method for providing a unified file system on an air-gapped endpoint are provided. The method included monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to intercept at least one file system operation to access files on a first security zone; determining if the detected file system operation triggers a display of the file system dialog window effecting a second security zone; and when the file system dialog window effecting the second security zone, blocking the display of the file system dialog window in the first security zone; and displaying the file system dialog window in the second security zone.Type: ApplicationFiled: June 17, 2019Publication date: October 3, 2019Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER
-
Patent number: 10430266Abstract: Systems and methods are described for capturing and reproducing the full state of an application session. An application is captured by performing a dump of various components of the session and storing the components in an application session capture. Captured components include a memory image, CPU register values, open handles to kernel objects, and loaded libraries. The session is reproduced when requested based on the session capture. In cases where locations or references to certain items (e.g., memory locations, open handle references, library addresses, etc.) are different when the session is restored, a driver is used to remap the old locations or references to the new locations or references.Type: GrantFiled: June 13, 2016Date of Patent: October 1, 2019Assignee: VMware, Inc.Inventors: Nir Adler, Dima Golbert, Or Lupovitz, Kosta Shougaev
-
Patent number: 10289687Abstract: A system is described for backing-up a client device to a server using space-optimized snapshots. A snapshot is captured on the client device. The system determines which files of the snapshot are required to be uploaded to perform a backup. Thereafter, the system monitors the required files (and not other files) for write commands and directs write operations for the required files to be performed copy-on-write. After a required file is uploaded, the system stops monitoring the file and any copy-on-write data that may have been generated for the file is removed from the snapshot to conserve space. The process continues until all required files are uploaded.Type: GrantFiled: April 7, 2016Date of Patent: May 14, 2019Assignee: VMware, Inc.Inventors: Nir Adler, Boaz Harel
-
Publication number: 20190129736Abstract: A management agent operates transparently in the background on each endpoint computing device that needs to be managed. The agent sets up a sandboxed environment on the endpoint computing device on which it is operating in order to capture applications that have been installed on the endpoint device. The application capture is performed after the applications have been installed on the endpoint device and therefore does not require installing the application on any dedicated staging machine, nor any recording of the pre-installation state. The application capture process involves running the application from an isolated sandboxed environment on the computing device in order to identify all necessary components of the application by monitoring accesses by the application to components located outside of the sandbox. The identified components can then be packaged together and managed as individual application packages.Type: ApplicationFiled: December 24, 2018Publication date: May 2, 2019Inventors: Nir Adler, Dima Golbert, Avshi Avital
-
Patent number: 10223413Abstract: A management agent operates transparently in the background on each endpoint computing device that needs to be managed. The agent performs a static analysis of the system on the endpoint computing device on which it is operating in order to capture the applications that have been installed on the endpoint device. The static analysis is performed after the applications have been installed on the endpoint device and therefore does not require installing the application on any dedicated staging machine, nor any recording of the pre-installation state. The post-installation static analysis involves steps that are used to determine all of the necessary components that comprise the application, which can then be packaged together and managed as individual application packages.Type: GrantFiled: November 29, 2016Date of Patent: March 5, 2019Assignee: VMware, Inc.Inventors: Nir Adler, Dima Golbert, Or Lupovitz, Kosta Shougaev
-
Patent number: 10223092Abstract: Systems and methods are described for packaging and deploying applications using minimal and maximal component sets. A minimal set of application components that includes at least the necessary components for launching the application is first downloaded to an endpoint device from a central server. The application is launched on the endpoint from the minimal set. If the application requests a missing component that is not available on the endpoint, the missing component is requested and delivered on-demand from a maximal set located on the server, where the maximal set contains all possible application components. The application is suspended during the download of the missing component. After the missing component is downloaded, the application is resumed, having access to the missing component on the endpoint.Type: GrantFiled: June 9, 2016Date of Patent: March 5, 2019Assignee: VMware, Inc.Inventors: Nir Adler, Dima Golbert, Avshi Avital, Or Lupovitz, Kosta Shougaev