Patents Assigned to Skybox Security, Inc.
-
Patent number: 11729069Abstract: A method that may include receiving network information indicative of (a) network elements that comprise edge network element, (b) connectivity between the network elements, and (c) connectivity of edge network elements to one or more other networks; and generating a visual representation of the network, the visual representation comprises multiple layers, each layer comprises one or more of the network elements of the network, wherein different layers are associated with different importance values; wherein the visual representation is associated with selection metadata for selecting which part out of multiple parts of the visual representation to display, wherein each part comprises at least a part of a single layer the multiple layers.Type: GrantFiled: November 5, 2020Date of Patent: August 15, 2023Assignee: SKYBOX SECURITY, INC.Inventors: Ravid Circus, Yaron Chen, Ron Davidson
-
Publication number: 20210152438Abstract: A method that may include receiving network information indicative of (a) network elements that comprise edge network element, (b) connectivity between the network elements, and (c) connectivity of edge network elements to one or more other networks; and generating a visual representation of the network, the visual representation comprises multiple layers, each layer comprises one or more of the network elements of the network, wherein different layers are associated with different importance values; wherein the visual representation is associated with selection metadata for selecting which part out of multiple parts of the visual representation to display, wherein each part comprises at least a part of a single layer the multiple layers.Type: ApplicationFiled: November 5, 2020Publication date: May 20, 2021Applicant: SKYBOX SECURITY, INC.Inventors: Ravid Circus, Yaron CHEN, Ron Davidson
-
Patent number: 9569201Abstract: A method for automatically translating a banner information, the method may include receiving by a computer the banner information, wherein the banner information is included in at least one banner and describes an identity of a software product; and translating by the computer the banner information into a unique software product identifier using a content of knowledgebase that comprises an attributes schema and translation rules; wherein each software product is associated with a single unique software product identifier; wherein the unique software product identifier comprises a structured set of attributes; wherein at least one translation rule is a pattern based translation rule; wherein the attributes schema specifies a set of allowable attributes and of allowable values of the attributes.Type: GrantFiled: July 1, 2013Date of Patent: February 14, 2017Assignee: SKYBOX SECURITY INC.Inventors: Amnon Lotem, Gideon Cohen, Stav Kaufman
-
Patent number: 9507944Abstract: A method for simulation aided security event management, the method comprises: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.Type: GrantFiled: March 20, 2013Date of Patent: November 29, 2016Assignee: SKYBOX SECURITY INC.Inventors: Amnon Lotem, Gideon Cohen, Lior Ben Naon
-
Patent number: 9088617Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.Type: GrantFiled: November 20, 2013Date of Patent: July 21, 2015Assignee: SKYBOX SECURITY INC.Inventors: Amnon Lotem, Alexander Haiut, Ravid Circus, Moshe Raab, Amos Arev, Gideon Cohen
-
Patent number: 8997236Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.Type: GrantFiled: August 6, 2012Date of Patent: March 31, 2015Assignee: Skybox Security Inc.Inventors: Amnon Lotem, Gideon Cohen, Ilan Horn, Moshe Meiseles
-
Patent number: 8904542Abstract: A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.Type: GrantFiled: January 20, 2013Date of Patent: December 2, 2014Assignee: Skybox Security Inc.Inventors: Lotem Amnon, Gideon Cohen, Moshe Meiseles, Ilan Horn
-
Publication number: 20140150050Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.Type: ApplicationFiled: November 20, 2013Publication date: May 29, 2014Applicant: SKYBOX SECURITY INC.Inventors: AMNON LOTEM, ALEXANDER HAIUT, RAVID CIRCUS, MOSHE RAAB, AMOS AREV, GIDEON COHEN
-
Patent number: 8621552Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.Type: GrantFiled: May 21, 2008Date of Patent: December 31, 2013Assignee: Skybox Security Inc.Inventors: Amnon Lotem, Alexander Haiut, Ravid Circus, Moshe Raab, Amos Arev, Gideon Cohen, Tal Sheffer
-
Publication number: 20130031635Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.Type: ApplicationFiled: August 6, 2012Publication date: January 31, 2013Applicant: SKYBOX SECURITY, INC.Inventors: Amnon Lotem, Gideon Cohen, Ilan Horn, Moshe Meiseles
-
Patent number: 8239951Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.Type: GrantFiled: May 26, 2006Date of Patent: August 7, 2012Assignee: Skybox Security, Inc.Inventors: Amnon Lotem, Gideon Cohen, Ilan Horn, Moshe Meiseles
-
Patent number: 8099760Abstract: The present invention provides systems and methods for risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.Type: GrantFiled: April 28, 2005Date of Patent: January 17, 2012Assignee: Skybox Security, Inc.Inventors: Gideon Cohen, Moshe Meiseles, Eran Reshef