Patents Assigned to Guardicore Ltd.
  • Patent number: 10917500
    Abstract: A method for monitoring a computing system including multiple endpoints, includes monitoring, in at least some of the endpoints, operating-system (OS) system calls relating to a transport protocol having no handshake mechanism. First and second endpoints, which exchange a flow of packets with one another using the transport protocol, are identified from among the multiple endpoints. A deduction is made, from the monitored system calls, which of the first and second endpoints acts as a server in the flow of packets, and which of the first and second endpoints acts as a client in the flow of packets.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: February 9, 2021
    Assignee: GUARDICORE LTD.
    Inventors: Uri Hershcovits, Liron Schiff, Itamar Tal
  • Patent number: 10853143
    Abstract: An apparatus includes an interface and a processor. The interface is configured to receive attributes of communication connections of multiple workloads running in a computing system. The processor is configured to automatically segment the multiple workloads into groups based on the attributes of the communication connections, wherein the workloads in each group collectively run a respective application.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: December 1, 2020
    Assignee: GUARDICORE LTD.
    Inventors: Liron Schiff, Ariel Zeitlin, Ofri Ziv
  • Patent number: 10609075
    Abstract: An apparatus for computer-network security includes a network interface and a processor. The network interface is configured for communicating over a communication network. The processor is configured to detect a request from a first computer to access a non-existent shared resource of a second computer, to send to the first computer, responsively to the request, a response that imitates a genuine grant of access to the non-existent shared resource, so as to initiate an interaction between the first computer and the shared resource, and to process the interaction so as to identify a malicious activity attempted by the first computer.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: March 31, 2020
    Assignee: GUARDICORE LTD.
    Inventors: Yoni Rozenshein, Ofri Ziv
  • Patent number: 10587651
    Abstract: An apparatus for securing a cloud-provider system includes one or more network interfaces and one or more processors. The network interfaces are configured for connecting to a network. The processors are configured to allocate resources of the cloud-provider system for use by tenants of the cloud-provider system, to allocate to the tenants one or more Internet Protocol (IP) address ranges, to assign multiple IP addresses, scattered across the IP address ranges, for use by one or more honeypot servers, and to secure the cloud-provider system against hostile attacks, by processing network traffic associated with the assigned IP addresses using at least the honeypot servers.
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: March 10, 2020
    Assignee: Guardicore Ltd.
    Inventors: Pavel Gurvich, Ofri Ziv, Yoni Rozenshein
  • Patent number: 10360059
    Abstract: A method includes, in a computer, running a hypervisor that allocates resources of a memory and of a network to one or more Virtual Machines (VMs), which run VM processes and communicate over network connections. First information is extracted by monitoring the network connections in the hypervisor. Second information is extracted by directly accessing, in the hypervisor, regions of the memory assigned to the VMs. An association is established between a given network connection and a given VM process, by correlating the first information with the second information.
    Type: Grant
    Filed: February 12, 2017
    Date of Patent: July 23, 2019
    Assignee: GUARDICORE LTD.
    Inventors: Itamar Tal, Ariel Zeitlin
  • Patent number: 9906538
    Abstract: A method for securing a computer system includes detecting a malware attack on a honeypot node, and, based on the detected malware attack, automatically generating investigation directives for verifying whether an endpoint of the computer system is subject to the malware attack. The investigation directives are distributed to one or more software agents that are each associated with one or more endpoints of the computer system. At least one infected endpoint in the computer system, which is subject to the malware attack, is identified by the software agents using the investigation directives.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: February 27, 2018
    Assignee: GUARDICORE LTD.
    Inventors: Ariel Zeitlin, Lior Neudorfer
  • Patent number: 9667637
    Abstract: A method includes monitoring communication traffic that is exchanged over a computer network. One or more authentication attempts that have failed are identified in at least part of the monitored communication traffic. Hostile activity is detected in the computer network by analyzing the failed authentication attempts.
    Type: Grant
    Filed: May 31, 2015
    Date of Patent: May 30, 2017
    Assignee: GUARDICORE LTD.
    Inventors: Ariel Zeitlin, Pavel Gurvich, Ofri Ziv, Itamar Tal
  • Patent number: 9491190
    Abstract: A method for network security includes, in a computer network that exchanges traffic among multiple network endpoints using one or more network switches, configuring at least one network switch to transfer at least some of the traffic for inspection. Only a portion of the traffic, which is suspected of carrying executable software code, is selected from the transferred traffic. The selected portion of the traffic is inspected, so as to verify whether any of the executable software code is malicious.
    Type: Grant
    Filed: December 7, 2014
    Date of Patent: November 8, 2016
    Assignee: GUARDICORE LTD.
    Inventors: Ariel Zeitlin, Pavel Gurvich, Ofri Ziv, Tal Zarfati
  • Patent number: 9491189
    Abstract: A method for network security includes monitoring traffic exchanged over a computer network. A failed attempt to communicate with a target computer by an initiating computer is identified in the monitored traffic. The identified failed attempt is revived by establishing an investigation connection with the initiating computer while impersonating the target computer. Verification is made as to whether the failed attempt was malicious or innocent, by communicating with the initiating computer over the investigation connection.
    Type: Grant
    Filed: April 27, 2014
    Date of Patent: November 8, 2016
    Assignee: Guardicore Ltd.
    Inventors: Ariel Zeitlin, Pavel Gurvich
  • Publication number: 20150058983
    Abstract: A method for network security includes monitoring traffic exchanged over a computer network. A failed attempt to communicate with a target computer by an initiating computer is identified in the monitored traffic. The identified failed attempt is revived by establishing an investigation connection with the initiating computer while impersonating the target computer. Verification is made as to whether the failed attempt was malicious or innocent, by communicating with the initiating computer over the investigation connection.
    Type: Application
    Filed: April 27, 2014
    Publication date: February 26, 2015
    Applicant: Guardicore Ltd.
    Inventors: Ariel Zeitlin, Pavel Gurvich