Patents Assigned to SENTINEL LABS ISRAEL LTD.
-
Patent number: 11973781Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: April 21, 2022Date of Patent: April 30, 2024Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11886591Abstract: There is provided a system and a computerized method of remediating one or more operations linked to a given program running in an operating system, the method comprising: querying a stateful model to retrieve a group of entities related to the given program; terminating at least a sub set of the group of entities related to the given program; generating a remediation plan including one or more operations linked to the given program, the one or more operations being retrieved based on the group in the stateful model; and executing the remediation plan by undoing at least part of the one or more operations linked to the given program thereby restoring state of the operating system to a state prior to the given program being executed. There is further provided a computerized method of detecting malicious code related to a program in an operating system in a live environment.Type: GrantFiled: October 18, 2022Date of Patent: January 30, 2024Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Almog Cohen, Tomer Weingarten, Shlomi Salem, Nir Izraeli, Asaf Karelsbad
-
Patent number: 11876819Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: April 21, 2022Date of Patent: January 16, 2024Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11838305Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: April 21, 2022Date of Patent: December 5, 2023Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11838306Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: April 21, 2022Date of Patent: December 5, 2023Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11748083Abstract: Disclosed herein are embodiments of methods, devices and systems for device fingerprinting and automatic and dynamic software deployment to one or more endpoints on a computer network. The device fingerprinting systems and devices herein are configured to operate with limited data without sitting between network devices and the internet, without monitoring all network traffic, and without limited or no active scanning. The embodiments herein may passively collect information as distributed peers and may perform very limited active scans. In some embodiments, the information is used as an input to a custom hierarchical learning model to fingerprint devices on a network by identifying attributes of the devices such as the operating system family, operating system version, and device role. In some embodiments, a dynamic deployer selection process may be utilized to simply and efficiently deploy software. Some embodiments herein involve end-to-end encryption of credentials in a deployment process.Type: GrantFiled: January 5, 2023Date of Patent: September 5, 2023Assignee: Sentinel Labs Israel Ltd.Inventors: Nir Montag, Ido Kotler, Matan Mates, Mike Vincent Petronaci, Gustavo Ringel, Caleb Joshua Fenton
-
Patent number: 11722506Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: April 21, 2022Date of Patent: August 8, 2023Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11716342Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: April 21, 2022Date of Patent: August 1, 2023Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11716341Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: February 22, 2022Date of Patent: August 1, 2023Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11625485Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.Type: GrantFiled: April 15, 2020Date of Patent: April 11, 2023Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen, Udi Shamir, Kirill Motil
-
Patent number: 11580218Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.Type: GrantFiled: September 21, 2021Date of Patent: February 14, 2023Assignee: Sentinel Labs Israel Ltd.Inventors: Shlomi Salem, Roy Ronen, Assaf Nativ, Amit Zohar, Gal Braun, Pavel Ferencz, Eitan Shterenbaum, Tal Maimon
-
Patent number: 11579857Abstract: Disclosed herein are embodiments of methods, devices and systems for device fingerprinting and automatic and dynamic software deployment to one or more endpoints on a computer network. The device fingerprinting systems and devices herein are configured to operate with limited data without sitting between network devices and the internet, without monitoring all network traffic, and without limited or no active scanning. The embodiments herein may passively collect information as distributed peers and may perform very limited active scans. In some embodiments, the information is used as an input to a custom hierarchical learning model to fingerprint devices on a network by identifying attributes of the devices such as the operating system family, operating system version, and device role. In some embodiments, a dynamic deployer selection process may be utilized to simply and efficiently deploy software. Some embodiments herein involve end-to-end encryption of credentials in a deployment process.Type: GrantFiled: September 10, 2021Date of Patent: February 14, 2023Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Nir Montag, Ido Kotler, Matan Mates, Mike Vincent Petronaci, Gustavo Ringel, Caleb Joshua Fenton
-
Patent number: 11522894Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: October 13, 2020Date of Patent: December 6, 2022Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11507663Abstract: There is provided a method for generating a representation for behavior similarity comparison by generating a program-level stateful model of one or more entities in a computer operating system operating on a computer system, the program-level stateful model having a data structure representing a state of a program; generating an updated representation of the program based on the program-level stateful model; searching for at least one other representation of another program-level stateful model similar to the updated representation of the program; and comparing the updated representation of the program to the at least one other representation of another program-level stateful model.Type: GrantFiled: March 1, 2021Date of Patent: November 22, 2022Assignee: Sentinel Labs Israel Ltd.Inventors: Almog Cohen, Tomer Weingarten, Shlomi Salem, Nir Izraeli, Asaf Karelsbad
-
Patent number: 11290478Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: September 22, 2021Date of Patent: March 29, 2022Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11245714Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: September 14, 2021Date of Patent: February 8, 2022Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11245715Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: September 14, 2021Date of Patent: February 8, 2022Assignee: SENTINEL LABS ISRAEL LTD.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 11210392Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.Type: GrantFiled: July 3, 2020Date of Patent: December 28, 2021Assignee: Sentinel Labs Israel Ltd.Inventors: Shlomi Salem, Roy Ronen, Assaf Nativ, Amit Zohar, Gal Braun, Pavel Ferencz, Eitan Shterenbaum, Tai Maimon
-
Patent number: 11212309Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: September 23, 2021Date of Patent: December 28, 2021Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 10977370Abstract: There is provided a system comprising a processor operatively connected to a memory, the memory comprising: a program-level stateful model configured to model one or more entities in a computer operating system operating on the computer system, the program-level stateful model comprising: a data structure representing a state of a program, wherein the data structure comprises: a network of one or more interconnected objects representing the one or more entities constituting the program, wherein the one or more interconnected objects are derived from a sequence of operations performed in a live environment; one or more relationships among the one or more interconnected objects and the sequences of operations; and one or more object groups, wherein the one or more object groups are formed by dividing the one or more interconnected objects according to a predefined grouping rule set, and wherein each group of the one or more object groups comprises objects representing a corresponding group of entities related tType: GrantFiled: August 7, 2019Date of Patent: April 13, 2021Assignee: Sentinel Labs Israel Ltd.Inventors: Almog Cohen, Tomer Weingarten, Shlomi Salem, Nir Izraeli, Asaf Karelsbad