Patents Assigned to CA, Inc.
  • Patent number: 11222113
    Abstract: Methods and systems are provided for automatically generating malware definitions and using generated malware definitions. One example method generally includes receiving information associated with a malicious application and extracting malware strings from the malicious application. The method further includes filtering the malware strings using a set of safe strings to produce filtered strings and scoring the filtered strings to produce string scores by evaluating words of the filtered strings based on word statistics of a set of known malicious words. The method further includes selecting a set of candidate strings from the filtered strings based on the string scores and generating a malware definition for the malicious application based on the set of candidate strings. The method also includes performing one or more security actions to protect against the malicious application, using the malware definition.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: January 11, 2022
    Assignee: CA, INC.
    Inventors: Weiliang Li, Zhicheng Zeng
  • Patent number: 11212101
    Abstract: A client can be authenticated with an identity provider. The identity provider can generate an identity provider token after successful authentication. Prior to issuing a request to a service provider, the client can request a temporary (one time use) token from the identity provider. The request may include a client token to verify the client's identity. The identity provider can validate the client token using details saved in the identity provider token and issue the temporary token to the client. The client can provide the temporary token to a service provider in a request for service. The service provider can validate the temporary token with the identity provider. If the temporary token is valid (i.e., has not already been used), the service provider can respond to the request. The use of a temporary token and not sharing the identity provider token with the client can prevent security breaches.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: December 28, 2021
    Assignee: CA, INC.
    Inventor: Ravi Kumar Kanukollu
  • Patent number: 11204992
    Abstract: The disclosed computer-implemented method for safely executing unreliable malware may include (i) intercepting a call to an application programming interface (API) in a computing operating system, the API being utilized by malware for disseminating malicious code, (ii) determining an incompatibility between the API call and the computing operating system that prevents successful execution of the API call, (iii) creating a proxy container for receiving the API call, (iv) modifying, utilizing the proxy container, the API call to be compatible with the computing operating system, (v) sending the modified API call from the proxy container to the computing operating system for retrieving the API utilized by the malware, and (vi) performing a security action during a threat analysis of the malware by executing the API to disseminate the malicious code in a sandboxed environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: December 21, 2021
    Assignee: CA, INC.
    Inventors: Bahaa Naamneh, Felix Leder
  • Patent number: 11196754
    Abstract: The disclosed computer-implemented method for protecting against malicious content may include intercepting, by a security application installed on the computing device, an original message intended for a target application installed on the same computing device. The original message may include potentially malicious content. The security application may forward the original message to a security service. The computing device may receive a clean message from the security service, wherein the clean message includes a safe representation of the potentially malicious content. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: December 7, 2021
    Assignee: CA, INC.
    Inventors: Everett Lai, Tamas Rudnai
  • Patent number: 11178170
    Abstract: The disclosed computer-implemented method for detecting anomalous behavior within computing sessions may include (i) identifying, by the computing device, a set of execution events that correspond to a computing session, (ii) providing, by the computing device, the set of execution events as input to an autoencoder, (iii) receiving, by the computing device and from the autoencoder, a reconstruction error associated with autoencoding the set of execution events, (iv) detecting, by the computing device and based on the reconstruction error, an anomaly within the computing session, and (v) performing, by the computing device, a security action to address the anomaly within the computing session. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: January 29, 2019
    Date of Patent: November 16, 2021
    Assignee: CA, Inc.
    Inventors: Aditya Kuppa, Slawomir Grzonkowski, Sidharth Pipriya
  • Patent number: 11176276
    Abstract: The disclosed computer-implemented method for managing endpoint security states using passive data integrity attestations may include (i) receiving passively collected network data from an endpoint device of a computing environment, (ii) determining a security state of the endpoint device using the passively collected network data from the endpoint device, (iii) determining that the security state of the endpoint device is below a threshold, and (iv) in response to determining that the security state of the endpoint device is below a threshold, performing a security action to protect the computing environment against malicious actions. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 22, 2019
    Date of Patent: November 16, 2021
    Assignee: CA, INC.
    Inventors: Joseph Chen, Qubo Song, Spencer Smith, Shaun Aimoto, Haik Mesropian, David Kane, Peter Ferrie, Jordan Saxonberg, Costin Ionescu
  • Patent number: 11163875
    Abstract: The present disclosure relates to using correlations between support interaction data and telemetry data to discover emerging incidents for remediation. One example method generally includes receiving a corpus of support interaction data and a corpus of telemetry data. Topics indicative of underlying problems experienced by users of an application are extracted from the corpus of support interaction data. A topic having a rate of appearance in the support interaction data above a threshold value is identified. A set of telemetry data relevant to the topic is extracted from the corpus of telemetry data, and a subset of the relevant set of telemetry data having a frequency in the relevant set of telemetry data above a second threshold value is identified. The topic and the subset of telemetry data are correlated to an incident to be remediated, and one or more actions are taken to remedy the incident.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: November 2, 2021
    Assignee: CA, INC.
    Inventors: Kevin A. Roundy, Mahmood Sharif, Matteo Dell'Amico, Christopher Gates, Daniel Kats, Dong Chung
  • Patent number: 11153196
    Abstract: An autonomous controller for SDN, virtual, and/or physical networks can be used to optimize a network automatically and determine new optimizations as a network scales. The controller trains models that can determine in real-time the optimal path for the flow of data from node A to B in an arbitrary network. The controller processes a network topology to determine relative importance of nodes in the network. The controller reduces a search space for a machine learning model by selecting pivotal nodes based on the determined relative importance. When a demand to transfer traffic between two hosts is detected, the controller utilizes an AI model to determine one or more of the pivotal nodes to be used in routing the traffic between the two hosts. The controller determines a path between the two hosts which comprises the selected pivotal nodes and deploys a routing configuration for the path to the network.
    Type: Grant
    Filed: April 21, 2020
    Date of Patent: October 19, 2021
    Assignee: CA, Inc.
    Inventors: David Sanchez Charles, Giorgio Stampa, Victor Muntés-Mulero, Marta Arias
  • Patent number: 11144656
    Abstract: The disclosed computer-implemented method for protection of storage systems using decoy data may include identifying an original file comprising sensitive content to be protected against malicious access and protecting the sensitive content. Protecting the sensitive content may include (i) processing the original file to identify a structure of the original file and the sensitive content of the original file, (ii) generating a decoy file using the structure of the original file and using substitute content in a location corresponding to the sensitive content of the original file, and (iii) storing the decoy file with the original file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: October 12, 2021
    Assignee: CA, INC.
    Inventors: Ashok Banerjee, William Porr, Sahil Hasan
  • Patent number: 11144637
    Abstract: The disclosed computer-implemented method for executing decision trees may include (i) executing a security classification decision tree that classifies an input data item, (ii) gathering, simultaneously using a gather instruction, values for both a current threshold at a parent node of the security classification decision tree and a subsequent threshold at a child node of the parent node, (iii) gathering, simultaneously using the gather instruction, values for both a current measurement at the parent node and a subsequent measurement at the child node, (iv) comparing, simultaneously using a comparison instruction, the current threshold at the parent node with the current measurement at the parent node and the subsequent threshold at the child node with the subsequent measurement at the child node, and (v) performing a security action to protect the computing device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: October 12, 2021
    Assignee: CA, INC.
    Inventors: Ryan Curtin, Keith Kenemer
  • Patent number: 11126680
    Abstract: A computer-executed process receives an object that characterizes a navigation capability of a website. The object includes a navigation parameter that specifies a navigation page of the web site, and a query parameter that specifies a subset of content of the navigation page. The process also executes a script to dynamically generate a navigation structure based upon the object data. The process detects selection of a navigation component of the navigation structure, and updates an address in a Uniform Resource Locator (URL) bar of the browser with a composite resource identifier to retrieve a requested subset of content of the selected navigation page. The composite resource identifier includes a subordinate resource identifier that identifies the navigation page, which is derived from the navigation parameter and at least one query derived from the query parameter, which specifies the requested subset of content of the navigation page.
    Type: Grant
    Filed: March 11, 2019
    Date of Patent: September 21, 2021
    Assignee: CA, Inc.
    Inventors: Christopher R. Wright, Michael J. Bauer
  • Patent number: 11095666
    Abstract: The disclosed computer-implemented method for detecting covert channels structured in Internet Protocol (IP) transactions may include (1) intercepting an IP transaction including textual data and a corresponding address, (2) evaluating the textual data against a model to determine a difference score, (3) determining that the textual data is suspicious when the difference score exceeds a threshold value associated with the model, (4) examining, upon determining that the textual data is suspicious, the address in the transaction to determine whether the address is invalid, (5) analyzing the transaction to determine a frequency of address requests that have been initiated from a source address over a predetermined period, and (6) identifying the transaction as a covert data channel for initiating a malware attack when the address is determined to be invalid and the frequency of the address requests exceeds a threshold value. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: August 17, 2021
    Assignee: CA, INC.
    Inventors: Qing Li, Chris Larsen, Jon DiMaggio
  • Patent number: 11089061
    Abstract: A cloud device is configured in an email transmission pathway. The cloud device receives an email attachment whose maliciousness status is determined to be unknown. The cloud device encrypts the email attachment and delivers the encrypted attachment to the recipient. When the recipient attempts to access the encrypted attachment, the cloud device re-determines the maliciousness status of the attachment. If the re-determined maliciousness status is benign, the cloud device allows the encrypted attachment to be decrypted and opened locally on the recipient's device. If the re-determined maliciousness status is still unknown, the cloud device provides a cloud-based viewing solution to the recipient using an isolation service.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: August 10, 2021
    Assignee: CA, INC.
    Inventors: Nikhil Sinha, Alexander Harris, John Steenbruggen, Ananta Krishna Vadlamani
  • Patent number: 11089050
    Abstract: Isolating an iframe of a webpage. In one embodiment, a method may include targeting an iframe in a webpage for isolation, executing, in a server browser, iframe code, sending, from the remote isolation server to the local client, the webpage with the iframe code of the iframe replaced with isolation code, executing, in a client browser, webpage code and the isolation code, intercepting, in the client browser, webpage messages sent from the webpage code and intended to be delivered to the iframe, sending, to the remote isolation server, the intercepted webpage messages to be injected into the iframe code executing at the server browser, intercepting, at the server browser, iframe messages sent from the iframe code and intended to be delivered to the webpage, and sending, to the local client, the intercepted iframe messages to be injected into the webpage code executing at the client browser.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: August 10, 2021
    Assignee: CA, Inc.
    Inventors: Yoav Horman, Roee Kasher, Tal Solomon
  • Patent number: 11075933
    Abstract: A method for detecting and protecting against abnormal user behavior is described. The method may include generating a tensor model based on a set of user information within a temporal period. The tensor model may include a behavioral profile associated with a user of a set of users. In some examples, the method may include determining that a behavior associated with the user of the set of users is abnormal based on the tensor model, adapting the tensor model based on feedback from an additional user of a set of additional users different from the set of users, and performing a security action on at least one computing device to protect against the abnormal user behavior based on the adapting.
    Type: Grant
    Filed: March 27, 2019
    Date of Patent: July 27, 2021
    Assignee: CA, Inc.
    Inventors: Brandon Fetters, Yufei Han, Xiaolin Wang
  • Patent number: 11075950
    Abstract: A computer-implemented method of generating a security policy for a microsegmented computing system is provided. The method includes generating a port service map that indicates inbound packet activity by port for a plurality of network addresses within the microsegmented computing system and a port distribution map that indicates inbound packet activity by port for a plurality of network addresses within the microsegmented computing system, and generating a list of security policy recommendations based on the port service map and/or the port distribution map.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: July 27, 2021
    Assignee: CA, Inc.
    Inventors: Krishna Kumar Yadav Nukala, Vikas Pullagura, Dharanidhar Sahu, Jagadishwara Chary Sriramoju, Lakshmi Priya Vennapusa
  • Patent number: 11075819
    Abstract: Methods of managing an information technology (IT) infrastructure include detecting by a configuration management system an unauthorized change to one of a plurality of network elements, determining by the configuration management system that the unauthorized change to the one of the plurality of network elements creates a risk condition to an operation of one of the services provided by the IT infrastructure, and initiating an action to remedy the unauthorized change in response to determining that the unauthorized change to the one of the plurality of network elements creates the risk condition to the operation of one of the services provided by the IT infrastructure. Related systems and computer program products are disclosed.
    Type: Grant
    Filed: August 7, 2014
    Date of Patent: July 27, 2021
    Assignee: CA, Inc.
    Inventors: Kieron John James Connelly, Anivella Venkata Satya Sai Narsimha Subrahmanya Sudhakar, Steven M. Isenberg, Mirian Minomizaki Sato, Daocheng Chen
  • Patent number: 11068300
    Abstract: A topology-based transversal analysis service has been created that correlates topologies of different domains of a distributed application and creates cross-domain “stories” for the different types of transactions provided by the distributed application. A “story” for a transaction type associates an event(s) with a node in an execution path of the transaction type. This provides context to the event(s) with respect to the transaction type (“transaction contextualization”) and their potential business impact. The story is a journal of previously detected events and/or information based on previously detected events. The events have been detected over multiple instances of a transaction type and the journal is contextualized within an aggregate of execution paths of the multiple instances of the transaction type. The story can be considered a computed, ongoing narrative around application and infrastructure performance events, and the narrative grows as more performance-related events are detected.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: July 20, 2021
    Assignee: CA, Inc.
    Inventors: Erhan Giral, Tomas Kolda
  • Patent number: 11068611
    Abstract: The disclosed computer-implemented method for preventing data loss from data containers may include (1) identifying, at a computing device, a process running in a data container on the computing device, (2) intercepting an attempt by the process to exfiltrate information from the computing device via at least one of a file system operation or a network operation, and (3) performing a security action to prevent the intercepted attempt. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: July 20, 2021
    Assignee: CA, Inc.
    Inventor: Sumit Sarin
  • Patent number: D938603
    Type: Grant
    Filed: September 13, 2019
    Date of Patent: December 14, 2021
    Assignee: Natural Wonders CA, Inc.
    Inventor: Hagay Mizrahi