Patents Assigned to Centripetal Networks, LLC
-
Patent number: 11856005Abstract: Malicious homoglyphic domain name (MHDN) generation and associated cyber security applications are described. MHDN generation may be performed by, for example, generating, based on training data, a set of operations for use in generating the one or more potential MHDNs, wherein each operation of the set of operations may be configured to modify a base domain name according to a respective homoglyphic characteristic. The set of operations may be used to generate one or more candidate MHDN mutators. The candidate MHDN mutators may be tested for fitness values corresponding to respective likelihoods of generating an MHDN and the candidate MHDN mutators may be applied to one or more base domain names to generate potential MHDNs.Type: GrantFiled: September 16, 2022Date of Patent: December 26, 2023Assignee: Centripetal Networks, LLCInventors: Vincent Mutolo, Alexander Chinchilli, Sean Moore, Matthew Sparrow, Connor Tess
-
Publication number: 20230412561Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.Type: ApplicationFiled: April 17, 2023Publication date: December 21, 2023Applicant: Centripetal Networks, LLCInventors: Sean Moore, Vincent Mutolo, Jonathan R. Rogers
-
Patent number: 11824875Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.Type: GrantFiled: December 19, 2022Date of Patent: November 21, 2023Assignee: Centripetal Networks, LLCInventors: Sean Moore, Jonathan R. Rogers, Vincent Mutolo, Peter P. Geremia
-
Patent number: 11824879Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: GrantFiled: September 23, 2021Date of Patent: November 21, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Sean Moore, Douglas M. Disabello
-
Patent number: 11811809Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: GrantFiled: July 23, 2021Date of Patent: November 7, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Sean Moore, Douglas M. Disabello
-
Patent number: 11811808Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: GrantFiled: July 23, 2021Date of Patent: November 7, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Sean Moore, Douglas M. Disabello
-
Patent number: 11811810Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: GrantFiled: September 23, 2021Date of Patent: November 7, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Sean Moore, Douglas M. Disabello
-
Patent number: 11799832Abstract: An enterprise organization may operate a central network and one or more remote networks, each comprising a plurality of computing devices. For protection against malicious actors, the central network may be configured to filter network traffic associated with the computing devices based on identified threats. Traffic corresponding to computing devices connected to the remote network may be tunneled to the central network for filtering by the central network. A tunnel gateway device, associated with the remote network, may efficiently identify which communications are associated with Internet threats, and tunnel such identified traffic to the central network, where actions may be taken to protect the enterprise network.Type: GrantFiled: February 13, 2023Date of Patent: October 24, 2023Assignee: Centripetal Networks, LLCInventors: Sean Moore, Peter P. Geremia
-
Patent number: 11797671Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.Type: GrantFiled: December 16, 2022Date of Patent: October 24, 2023Assignee: Centripetal Networks, LLCInventors: Sean Moore, Jonathan R. Rogers, Jess P. Parnell, Zachary Ehnerd
-
Patent number: 11792220Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.Type: GrantFiled: May 23, 2023Date of Patent: October 17, 2023Assignee: Centripetal Networks, LLCInventors: David K Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
-
Patent number: 11757901Abstract: Malicious homoglyphic domain name (MHDN) detection and associated cyber security applications are described. A domain name may be received that may be a potential MHDN. Homoglyphic domain name detection may be performed by, for example, generating a normalized character string corresponding to the input domain name by applying one or more normalization operations to the input domain name, wherein the one or more normalization operations may be configured to reduce homoglyphic characteristics in the input domain name; and generating a plurality of segmentations of the normalized character string, wherein generating each segmentation, of the plurality of segmentations, may comprise segmenting the normalized character string into a respective plurality of segments, and wherein each segmentation may comprise a different plurality of segments. A segmentation may be selected based on cost values corresponding to each respective segmentation determined using a cost function.Type: GrantFiled: September 16, 2022Date of Patent: September 12, 2023Assignee: Centripetal Networks, LLCInventors: Vincent Mutolo, Alexander Chinchilli, Sean Moore, Matthew Sparrow, Connor Tess
-
Patent number: 11736440Abstract: A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses.Type: GrantFiled: December 5, 2022Date of Patent: August 22, 2023Assignee: Centripetal Networks, LLCInventors: John Fenton, Peter Geremia, Richard Goodwin, Sean Moore, Vincent Mutolo, Jess P. Parnell, Jonathan R. Rogers
-
Patent number: 11729144Abstract: Methods, systems, and computer-readable media for efficiently detecting threat incidents for cyber threat analysis are described herein. In various embodiments, a computing device, which may be located at a boundary between a protected network associated with the enterprise and an unprotected network, may combine one or more threat indicators received from one or more threat intelligence providers; may generate one or more packet capture and packet filtering rules based on the combined threat indicators; and, may capture or filter, on a packet-by-packet basis, at least one packet based on the generated rules. In other embodiments, a computing device may generate a packet capture file comprising raw packet content and corresponding threat context information, wherein the threat context information may comprise a filtering rule and an associated threat indicator that caused the packet to be captured.Type: GrantFiled: December 19, 2016Date of Patent: August 15, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Sean Moore
-
Patent number: 11700273Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.Type: GrantFiled: April 16, 2021Date of Patent: July 11, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
-
Patent number: 11683401Abstract: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.Type: GrantFiled: February 17, 2021Date of Patent: June 20, 2023Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry
-
Patent number: 11646996Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.Type: GrantFiled: February 15, 2021Date of Patent: May 9, 2023Assignee: Centripetal Networks, LLCInventors: Sean Moore, Vincent Mutolo, Jonathan R. Rogers