Patents by Inventor Yolanta Beresna
Yolanta Beresna has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10764393Abstract: The present disclosure relates to a network device that determines a persistent network identity for a networked device. Specifically, the network device receives a service request that includes an identifier for a second network device in a sub-network among a plurality of sub-networks. The identifier uniquely corresponds to the second network device during a limited period of time. At least one sub-networks are unreachable by the service request. The network device aggregates partial networked device profiles corresponding to the second network device received from other network devices in at least the at least one sub-networks to generate a networked device profile. Moreover, the network device searches at least one caches to obtain the networked device profile based on the identifier in the service request, and correlates the identifier to a persistent network identity corresponding to the second network device based on the networked device profile.Type: GrantFiled: April 21, 2016Date of Patent: September 1, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Marco Casassa Mont, Yolanta Beresna, Simon Ian Arnell, Nipun Balan Thekkummal
-
Patent number: 10749895Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.Type: GrantFiled: November 17, 2015Date of Patent: August 18, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Simon Ian Arnell, Marco Casassa Mont, Yolanta Beresna, Theofrastos Koulouris, Jon Potter
-
Patent number: 10666672Abstract: Examples relate to collecting domain name system traffic. In one example, a computing device may: receive, from a first intermediary network device, a DNS query packet that was sent by a client computing device operating on a private network, the DNS query packet specifying i) a query domain name, and ii) a source address that specifies the client computing device; store, in a data storage device, a query record specifying the query domain name and the source address specified by the DNS query packet; receive, from a second intermediary network device, a DNS response packet; determine that the DNS response packet specifies a response domain name that matches the query domain name; in response to the determination, extract, from the DNS response packet, a resolved address that corresponds to the response domain name; and store, in the query record, the resolved address specified by the DNS response packet.Type: GrantFiled: August 31, 2015Date of Patent: May 26, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Simon Ian Arnell, Marco Casassa Mont, Yolanta Beresna
-
Patent number: 10262132Abstract: Examples relate to model-based computer attack analytics orchestration. In one example, a computing device may: generate, using an attack model that specifies behavior of a particular attack on a computing system, a hypothesis for the particular attack, the hypothesis specifying, for a particular state of the particular attack, at least one attack action; identify, using the hypothesis, at least one analytics function for determining whether the at least one attack action specified by the hypothesis occurred on the computing system; provide an analytics device with instructions to execute the at least one analytics function on the computing system; receive analytics results from the analytics device; and update a state of the attack model based on the analytics results.Type: GrantFiled: July 1, 2016Date of Patent: April 16, 2019Assignee: ENTIT SOFTWARE LLCInventors: Philipp Reinecke, Marco Casassa Mont, Yolanta Beresna
-
Publication number: 20180375953Abstract: The present disclosure relates to a network device that determines a persistent network identity for a networked device. Specifically, the network device receives a service request that includes an identifier for a second network device in a sub-network among a plurality of sub-networks. The identifier uniquely corresponds to the second network device during a limited period of time. At least one sub-networks are unreachable by the service request. The network device aggregates partial networked device profiles corresponding to the second network device received from other network devices in at least the at least one sub-networks to generate a networked device profile. Moreover, the network device searches at least one caches to obtain the networked device profile based on the identifier in the service request, and correlates the identifier to a persistent network identity corresponding to the second network device based on the networked device profile.Type: ApplicationFiled: April 21, 2016Publication date: December 27, 2018Applicant: Hewlett Packard Enterprise Development LPInventors: Marco Casassa Mont, Yolanta Beresna, Simon Ian Amell, Nipun Balan Thekkummal
-
Publication number: 20180337943Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.Type: ApplicationFiled: November 17, 2015Publication date: November 22, 2018Inventors: Simon Ian ARNELL, Marco CASASSA MONT, Yolanta BERESNA, Theofrastos KOULOURIS, Jon POTTER
-
Publication number: 20180219884Abstract: Example implementations relate to changing deployment statuses. An example implementation includes updating a data source data store comprising descriptors of available data sources, a pre-processor data store comprising descriptors of available pre-processors, or an analytic data store comprising descriptors of available analytics. A change request may be initiated responsive to a change in the data source data, pre-processor data, or analytic data and a deployment status of a pre-processor or an analytic may be changed responsive to the change request.Type: ApplicationFiled: January 27, 2017Publication date: August 2, 2018Inventors: Yolanta Beresna, Marco Casassa Mont, Philipp Reinecke
-
Publication number: 20180139224Abstract: Examples relate to collecting domain name system traffic. In one example, a computing device may: receive, from a first intermediary network device, a DNS query packet that was sent by a client computing device operating on a private network, the DNS query packet specifying i) a query domain name, and ii) a source address that specifies the client computing device; store, in a data storage device, a query record specifying the query domain name and the source address specified by the DNS query packet; receive, from a second intermediary network device, a DNS response packet; determine that the DNS response packet specifies a response domain name that matches the query domain name; in response to the determination, extract, from the DNS response packet, a resolved address that corresponds to the response domain name; and store, in the query record, the resolved address specified by the DNS response packet.Type: ApplicationFiled: August 31, 2015Publication date: May 17, 2018Inventors: Simon Ian Arnell, Marco Casassa Mont, Yolanta Beresna
-
Publication number: 20180004958Abstract: Examples relate to computer attack model management. In one example, a computing device may: identify a first set of attack models, each attack model in the first set specifying behavior of a particular attack on a computing system; obtain, for each attack model in the first set, performance data that indicates at least one measure of attack model performance for a previous use of the attack model in determining whether the particular attack occurred on the computing system; and update the first set of attack models based on the performance data.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Inventors: Philipp Reinecke, Marco Casassa Mont, Yolanta Beresna
-
Publication number: 20180004941Abstract: Examples relate to model-based computer attack analytics orchestration. In one example, a computing device may: generate, using an attack model that specifies behavior of a particular attack on a computing system, a hypothesis for the particular attack, the hypothesis specifying, for a particular state of the particular attack, at least one attack action; identify, using the hypothesis, at least one analytics function for determining whether the at least one attack action specified by the hypothesis occurred on the computing system; provide an analytics device with instructions to execute the at least one analytics function on the computing system; receive analytics results from the analytics device; and update a state of the attack model based on the analytics results.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Inventors: Philipp Reinecke, Marco Casassa Mont, Yolanta Beresna