Patents Assigned to Check Point Software Technologies LTD
  • Patent number: 12289330
    Abstract: A system and method for securing software as a service (SaaS) platforms by providing inter-service visibility. A method includes identifying, based on log data of a first service, a second service connected to the first service, wherein each of the first service and the second service is a set of functions for performing a respective task, wherein the second service is called by the first service; identifying a plurality of patterns in communications between the first service and the second service in the log data of the first service; creating, based on the identified plurality of patterns, a baseline for communications between the first service and the second service; detecting an anomalous communication between the first service and the second service, wherein the anomalous communication deviates from the baseline; and performing a mitigation action with respect to the detected anomalous communication.
    Type: Grant
    Filed: August 8, 2022
    Date of Patent: April 29, 2025
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Michael Seltzer, Aner Gelman, Shaked Gitelman
  • Publication number: 20250112963
    Abstract: A computer device (referred to as a processing engine), system, and method are provided for refactoring an original security policy using an artificial intelligence (AI) engine including a large language model (LLM). The processing engine parses policy data converts the original security policy into a code representation and sends the converted code representation to the AI engine. The AI engine analyzes the original security policy by applying the LLM to the code representation and identifies policy insights that are sent to the processing engine.
    Type: Application
    Filed: June 27, 2024
    Publication date: April 3, 2025
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Barak KFIR, Nofar BARDUGO, Dan KARPATI, Eliyahu Hanokh SANDLER, Tamir ZEGMAN
  • Patent number: 12155694
    Abstract: A device, system, and method are provided for detecting an email phishing attack by training graph neural network to detect phishing emails based on hypertext markup language (HTML) tags and cascading style sheets (CSS) included in an email. Noise is added during the training of the graph neural network to make the trained graph neural networks more robust against small changes in the training data.
    Type: Grant
    Filed: September 30, 2022
    Date of Patent: November 26, 2024
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Natan Katz, Raphael Lior Gozlan, Dor Livne
  • Patent number: 11968223
    Abstract: A method and system is provided for setting network policies based on electronic devices connected to a network. The electronic devices present on the network are detected and their behavior is captured using profiles. These profiles are then used to generate network policies based on the electronic devices connected to the network. Instead of reacting to behavior of the electronic devices (e.g., anomaly detection to detect malware), the method and system sets the network policies to prevent unauthorized communications (e.g., before malware is present in the system).
    Type: Grant
    Filed: February 2, 2023
    Date of Patent: April 23, 2024
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Daniel Cohen-Sason, Pini Shamgar, Yevgeny Fabrikant
  • Patent number: 11960606
    Abstract: A system, method, and device are provided for detecting and mitigating a storage attack at the block level by generating canary blocks by marking blocks of data (referred to as memory blocks) such that other programs do not modify these canary blocks that are monitored to detect data storage attacks that attempt to modify the canary blocks and/or by monitoring statistical and behavioral features of activities over blocks, whether they can be modified by other programs or not. The system and method also backup the memory blocks by backing up memory blocks as they are modified. When a data storage attack is detected, the attack is stopped, and the files are remediated using the backup of the affected memory blocks.
    Type: Grant
    Filed: March 24, 2022
    Date of Patent: April 16, 2024
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Liran Orevi, Haggai David
  • Patent number: 11797685
    Abstract: An automated method executed by circuitry is provided for monitoring a software platform including multiple pods that manage, deploy, and execute micro services. The method uses monitoring pods at locations of interest in the software platform to label transactions that pass through the monitoring pods. The labels applied to the transactions are sent to a security program for review.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: October 24, 2023
    Assignee: Check Point Software Technologies LTD.
    Inventor: Ilan Uriel
  • Patent number: 11489811
    Abstract: Methods and systems are provided for protecting DNS traffic locally on an electronic device (e.g., a smart phone) by capturing DNS traffic from network traffic transmitted from the device and ensuring the DNS traffic is routed to a trusted DNS server via a prescribed transmission protocol.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: November 1, 2022
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Barak Kfir, Eliyahu Hanokh Sandler
  • Patent number: 9935903
    Abstract: Processing client requests for duplicate-free server operations is particularly useful for creating and sending items using Microsoft Exchange Web Services (EWS). The system facilitates avoiding creation and sending of duplicate items. In contrast to conventional implementations that send a single command to create and then perform subsequent processing of an item, a feature of the present embodiment is using two commands: a first command to create the item, and a second command to subsequently process the item. In a specific implementation, an EWS item's provided ChangeKey property is used to keep track of the EWS's reply from the server to the client, thereby avoiding duplicate item creation.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: April 3, 2018
    Assignee: Check Point Software Technologies Ltd
    Inventors: Yuval Raban, Leo Natan, Ori Feldman
  • Patent number: 9130777
    Abstract: Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis.
    Type: Grant
    Filed: November 19, 2008
    Date of Patent: September 8, 2015
    Assignee: Check Point Software Technologies, LTD.
    Inventors: Oded Gonda, Ofer Raz, Alon Kantor, Uri Bialik, Yoav Kirsch
  • Patent number: 8959047
    Abstract: To validate data, a plurality of strings that match a predetermined regular expression is extracted from the data. A validated subset of the strings is identified. To determine whether the validated subset has been falsely validated, it is determined whether the validated subset satisfies each of one or more predetermined criteria relative to the plurality of strings. In one embodiment, the subset is determined to be falsely validated if at least one of the criteria is satisfied. In another embodiment, the subset is determined to be falsely validated if all of the criteria are satisfied. The data are released only if the subset is determined to be falsely validated.
    Type: Grant
    Filed: May 10, 2012
    Date of Patent: February 17, 2015
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Amnon Perlmutter, Limor Ganon, Meir Jonathan Dahan
  • Patent number: 8948193
    Abstract: Methods, devices, and media for intelligent NIC bonding and load-balancing including the steps of: providing a packet at an incoming-packet port of a gateway; attaching an incoming-port identification, associated with the incoming-packet port, to the packet; routing the packet to a processing core; passing the packet through a gateway processing; sending the packet, by the core, to the operating system of a host system; and routing the packet to an outgoing-packet port of the gateway based on the incoming-port identification. Preferably, the gateway processing includes security processing of the packets. Preferably, the step of routing the packet to the outgoing-packet port is based solely on the incoming-port identification. Preferably, an outgoing-port identification, associated with the outgoing-packet port, has an identical bond-index to the incoming-port identification.
    Type: Grant
    Filed: August 19, 2008
    Date of Patent: February 3, 2015
    Assignee: Check Point Software Technologies, Ltd.
    Inventors: Amnon Perlmutter, Benzi Waisman
  • Patent number: 8902900
    Abstract: A method and system is provided for a scalable clustered system. The method and system may handle asynchronous traffic as well as session backup. In the method and system, a home cluster member having ownership of a local session predicts designation of a an other cluster member to receive a packet associated with the local session and sends appropriate state information or forwarding instruction to the other network member.
    Type: Grant
    Filed: February 13, 2013
    Date of Patent: December 2, 2014
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Amir Erman, Amnon Perlmutter, Ben Zion Weissman
  • Publication number: 20140351878
    Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.
    Type: Application
    Filed: May 23, 2013
    Publication date: November 27, 2014
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Tamir Zegman, Ofer Barkai
  • Patent number: 8850576
    Abstract: Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates.
    Type: Grant
    Filed: March 4, 2012
    Date of Patent: September 30, 2014
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Guy Guzner, Ami Haviv, Danny Lieblich, Yahav Gal
  • Patent number: 8844019
    Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.
    Type: Grant
    Filed: November 21, 2012
    Date of Patent: September 23, 2014
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Ofer Barkai, Dorit Dor, Tamir Zegman
  • Patent number: 8843993
    Abstract: To administer computer network security, a computer system receives a bit string that encodes a natural-language request for adjusting a security policy of the network and parses the bit string to identify one or more objects and an action to be applied to the object(s). Preferably, the system displays a description of one of the objects and a menu of operations that are applicable to the object, receives a user selection of one of the options, and effects the selected operation. The scope of the invention also includes a non-transient computer-readable storage medium bearing code for implementing the method and a system for implementing the method.
    Type: Grant
    Filed: December 6, 2012
    Date of Patent: September 23, 2014
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Uri Bialik, Rami Ben-Ami
  • Patent number: 8776017
    Abstract: A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.
    Type: Grant
    Filed: July 26, 2010
    Date of Patent: July 8, 2014
    Assignee: Check Point Software Technologies Ltd
    Inventors: Amnon Perlmutter, Aviad Mor, Oded Gonda, Ofer Raz, Matt LeGrow
  • Publication number: 20140143850
    Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.
    Type: Application
    Filed: November 21, 2012
    Publication date: May 22, 2014
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Ofer Barkai, Dorit Dor, Tamir Zegman
  • Patent number: 8726008
    Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT.
    Type: Grant
    Filed: March 28, 2012
    Date of Patent: May 13, 2014
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Omer Schory, Ofer Raz, Oded Gonda
  • Publication number: 20140123269
    Abstract: A computer-readable storage medium has embedded thereon non-transient computer-readable code for controlling access to a protected computer network, by intercepting packets that are being exchanged between a computer system and the protected network, and then, for each intercepted packet, identifying the associated application that is running on the computer system, determining whether the application is trusted, for example according to a white list or according to a black list, and disposing of the packet accordingly.
    Type: Application
    Filed: May 26, 2013
    Publication date: May 1, 2014
    Applicant: Check Point Software Technologies Ltd.
    Inventors: Lior Drihem, Amnon Perlmutter