Patents Assigned to CYBEREASON INC
  • Patent number: 10417414
    Abstract: A method, computer program product, and apparatus for performing baseline calculations for firewalling in a computer network is disclosed. The method involves defining a reference group for an executed software program, measuring signals in the reference group, measuring signals of the program, computing a distance between the signals of the program and the signals of the reference group, and taking an action if the computed distance deviates from a norm mode. The distance can be computed using a similarity matrix or other method. Measuring the program comprises observing behaviors of the program, collecting and analyzing data, comparing the data to baselines of the reference group, and comparing the behaviors of the program across a previous execution of the program. In cases where a program is known to be malicious, a reference group is not needed and a sandbox can be tailored just by copying the environment of the actual system.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: September 17, 2019
    Assignee: CYBEREASON, INC.
    Inventor: Yonatan Striem-Amit
  • Patent number: 10055579
    Abstract: A method, computer program product, and apparatus for implementing a distributed sandbox is disclosed. The method comprises discovering a machine with sufficient resources to run a virtual machine for a process, starting the process in a virtual machine on the discovered machine, if the virtual machine terminates, discovering another machine with sufficient resources to run a virtual machine for a process, and deciding if the process is benign when the virtual machine is finished. Control of the distributed sandbox is done by utilizing a broadcast network.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: August 21, 2018
    Assignee: Cybereason, Inc.
    Inventor: Yonatan Striem-Amit
  • Patent number: 9832214
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: November 28, 2017
    Assignee: Cybereason Inc.
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Patent number: 9679131
    Abstract: A method and apparatus for intrusion detection, the method comprising: receiving a description of a computerized system, the description comprising two or more entities, one or more attribute for each entity and one or more statistical rule related to relationship between the entities; receiving data related to activity of the computerized system, the data comprising two or more events; grouping the events into two or more groups associated with the entities; comparing the groups in accordance with the statistical rule, to identify a group not complying with any of the statistical rules.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: June 13, 2017
    Assignee: Cybereason Inc.
    Inventor: Yonatan Striem Amit
  • Patent number: 9635040
    Abstract: A computer-implemented method and apparatus for identifying attacks, comprising: receiving information related to a computerized network, the information comprising description of the network and events occurring within the network; processing the events, comprising determining whether additional data is required; responsive to determining that additional information is required, collecting the additional information and processing the additional information; and providing attack information based on the information and on the additional information, wherein the additional information is more resource consuming to obtain or process than the information.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: April 25, 2017
    Assignee: Cybereason Inc.
    Inventor: Yonatan Striem Amit
  • Patent number: 9413773
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: August 9, 2016
    Assignee: Cybereason Inc.
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Publication number: 20140283050
    Abstract: A computer-implemented method and apparatus for identifying attacks, comprising: receiving information related to a computerized network, the information comprising description of the network and events occurring within the network; processing the events, comprising determining whether additional data is required; responsive to determining that additional information is required, collecting the additional information and processing the additional information; and providing attack information based on the information and on the additional information, wherein the additional information is more resource consuming to obtain or process than the information.
    Type: Application
    Filed: March 14, 2013
    Publication date: September 18, 2014
    Applicant: CYBEREASON INC
    Inventor: Yonatan Striem Amit
  • Publication number: 20140283026
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Application
    Filed: March 14, 2013
    Publication date: September 18, 2014
    Applicant: CYBEREASON INC
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Publication number: 20140215618
    Abstract: A method and apparatus for intrusion detection, the method comprising: receiving a description of a computerized system, the description comprising two or more entities, one or more attribute for each entity and one or more statistical rule related to relationship between the entities; receiving data related to activity of the computerized system, the data comprising two or more events; grouping the events into two or more groups associated with the entities; comparing the groups in accordance with the statistical rule, to identify a group not complying with any of the statistical rules.
    Type: Application
    Filed: March 14, 2013
    Publication date: July 31, 2014
    Applicant: CYBEREASON INC
    Inventor: Yonatan Striem Amit