Patents Assigned to SENTINELONE, INC.
  • Patent number: 12579268
    Abstract: A method may select, from a training data repository comprising a plurality of samples with known classifications, an initial training dataset comprising a second plurality of samples. A method may provide, as an input to a classification model, feature vectors associated with the initial training dataset and may train the classification model using the feature vectors. A method may determine a classification of each sample of a third plurality of samples using the classification model. A method may determine a difference between the determined and the known classification for each sample. A method may determine a selection weighting for each sample for based on the difference between the determined classification and the known classification. A method may select a subset from the from the third plurality of samples based on the determined selection weighting. A method may train the classification model using feature vectors associated with the subset.
    Type: Grant
    Filed: December 15, 2023
    Date of Patent: March 17, 2026
    Assignee: SentinelOne, Inc.
    Inventors: Idan Ludmir, Moshe Strenger, Shlomi Salem, Tzlil Gonen
  • Patent number: 12468810
    Abstract: Systems, methods, and devices for cybersecurity are disclosed herein that can employ machine learning approaches with a better understanding of the complex relationships and sequencing associated with behavior-based data, and that can effectively apply machine learning for behavior-based analysis, malware detection, and identifying and classifying threats in real-time.
    Type: Grant
    Filed: January 15, 2024
    Date of Patent: November 11, 2025
    Assignee: SENTINELONE, INC.
    Inventors: Ido Kotler, Gal Braun, Dean Langsam, Guy Jacoby
  • Patent number: 12432253
    Abstract: Endpoints in a network execute a sensor module that intercepts commands to obtain information regarding a remote network resource. The sensor module compares a source of commands to a sanctioned list of applications. If the source is not sanctioned, then a simulated response can be provided to the source that references a decoy server.
    Type: Grant
    Filed: April 16, 2024
    Date of Patent: September 30, 2025
    Assignee: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 12418565
    Abstract: Endpoints in a network execute a sensor module that intercepts responses from a directory service to a source on the endpoint. The sensor module determines if the source is sanctioned, such as by referencing a sanctioned list of applications. If the source is not sanctioned, then a simulated response can be provided to the source that references a decoy server.
    Type: Grant
    Filed: June 30, 2023
    Date of Patent: September 16, 2025
    Assignee: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty
  • Publication number: 20250260721
    Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application.
    Type: Application
    Filed: February 18, 2025
    Publication date: August 14, 2025
    Applicant: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty
  • Publication number: 20250258909
    Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.
    Type: Application
    Filed: February 19, 2025
    Publication date: August 14, 2025
    Applicant: SentinelOne, Inc.
    Inventors: Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 12341814
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.
    Type: Grant
    Filed: January 24, 2024
    Date of Patent: June 24, 2025
    Assignee: SENTINELONE, INC.
    Inventors: Venu Vissamsetty, Nitin Jyoti, Pavan Patel, Prashanth Srinivas Mysore
  • Patent number: 12259967
    Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.
    Type: Grant
    Filed: December 28, 2023
    Date of Patent: March 25, 2025
    Assignee: SentinelOne, Inc.
    Inventors: Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 12261884
    Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application.
    Type: Grant
    Filed: February 23, 2023
    Date of Patent: March 25, 2025
    Assignee: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty
  • Publication number: 20240356971
    Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.
    Type: Application
    Filed: April 16, 2024
    Publication date: October 24, 2024
    Applicant: Sentinelone, Inc.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 11997139
    Abstract: Endpoints in a network execute a sensor module that intercepts commands to obtain information regarding a remote network resource. The sensor module compares a source of commands to a sanctioned list of applications. If the source is not sanctioned, then a simulated response can be provided to the source that references a decoy server.
    Type: Grant
    Filed: March 13, 2023
    Date of Patent: May 28, 2024
    Assignee: SENTINELONE, INC.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 11899782
    Abstract: DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.
    Type: Grant
    Filed: July 13, 2021
    Date of Patent: February 13, 2024
    Assignee: SentinelOne, Inc.
    Inventors: Anil Gupta, Harinath Vishwanath Ramchetty
  • Patent number: 11888897
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: January 30, 2024
    Assignee: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Nitin Jyoti, Pavan Patel, Prashanth Srinivas Mysore
  • Patent number: 11695800
    Abstract: Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application the command is ignored and a simulated acknowledgment is sent or, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.
    Type: Grant
    Filed: April 15, 2020
    Date of Patent: July 4, 2023
    Assignee: SENTINELONE, INC.
    Inventors: Venu Vissamsetty, Anil Gupta, Harinath Vishwanath Ramchetty