Patents Assigned to Varonis Systems, Inc.
  • Publication number: 20240193290
    Abstract: A method for automatic management of user permissions in an organization including automatically grouping users into a plurality of user clusters based on at least one similarity between users in each user cluster, for each user cluster, automatically generating a set of cluster user permissions, the set of cluster user permissions including user permissions belonging to users in the cluster and actively used by at least one user in the cluster and for each user cluster, automatically modifying user permissions of each user in each cluster in accordance with the set of cluster user permissions.
    Type: Application
    Filed: December 9, 2022
    Publication date: June 13, 2024
    Applicant: VARONIS SYSTEMS, INC.
    Inventors: Igor Grossman, John Eugene Neystadt, Evgeny Gilgurt, Lior Chen, David Bass
  • Publication number: 20240111858
    Abstract: A system for automatically monitoring efficacy of security controls in a computer network, including a probe engine configurable with at least one set of rules relating to access permissions to data in the computer network, at least one security probe forming part of the probe engine and operative to automatically place, at at least one storage location within the computer network and with access permissions that are non-compliant with the at least one set of rules, simulated data corresponding to the data in the computer network and attempt to access the simulated data following the placement thereof, using access privileges satisfying the non-compliant access permissions, and a security monitoring and reporting module operative to provide a user sensible output indicating at least whether the attempt to access the simulated data was successful and, if so, reporting mitigating activities by the security controls in response to the successful attempt.
    Type: Application
    Filed: October 3, 2022
    Publication date: April 4, 2024
    Applicant: VARONIS SYSTEMS, INC.
    Inventors: John NEYSTADT, Shay AZULAY, Amit COHEN, Lior CHEN
  • Patent number: 11586600
    Abstract: A method for in-advance obtaining properties of objects of a computerized system, the method comprising receiving a request for properties of a first object, and responsively providing the requested properties along with properties of an at least one another object that are similar to the properties of the first object, wherein the properties of the at least one another object are similar to the properties of the first object by having at least one element of properties that are common therebetween, and wherein the method is carried out by an at least one apparatus component of the computerized system, and an apparatus for performing the same.
    Type: Grant
    Filed: November 5, 2013
    Date of Patent: February 21, 2023
    Assignee: VARONIS SYSTEMS, INC
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Patent number: 11487805
    Abstract: A method for indexing objects in a computerized system having an index, comprising identifying in the computerized system an at least one indexed object that meets an at least one criterion related to contents of the at least one indexed object, detecting an at least one non-indexed object having a property similar to an at least one property of the at least one indexed object that was identified, and indexing the at least one non-indexed object in the index, wherein the method is performed by the computerized system, and an apparatus for performing the same.
    Type: Grant
    Filed: October 19, 2020
    Date of Patent: November 1, 2022
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Patent number: 11388004
    Abstract: A system for preventing an excess user authentication token utilization condition in an enterprise computer environment, the system including an excess user authentication token utilization condition predictor operable for calculating a number of additional group memberships of each of the enterprise users that can be expected to result in an excess user authentication token utilization condition, a group membership estimator operable, for each the enterprise user, for estimating a number of additional group memberships of the enterprise user that will be created by an anticipated activity, and an anticipated excess user authentication token utilization condition alerter operable, before initiation of the anticipated activity, for providing an alert if the anticipated activity can be expected to result in an excess user authentication token utilization condition.
    Type: Grant
    Filed: October 3, 2018
    Date of Patent: July 12, 2022
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ophir Kretzer-Katzir
  • Patent number: 11386224
    Abstract: A method for managing personal digital identifiers of a user in data elements stored in a computerized system may include receiving personal digital identifiers for identifying a user. The data elements may be searched for the personal digital identifiers and data elements may be identified as having the personal digital identifiers of the user. One or more candidate personal digital identifiers in the identified data elements may be assigned as one or more common words appearing in the identified data elements when a word count for each of the one or more common words exceeds a predefined threshold. The user may validate the candidate personal digital identifiers, which may be added to the personal digital identifiers of the user. A personal digital footprint of the user including a location in the computerized system for each of the personal digital identifiers in the identified data elements may be stored.
    Type: Grant
    Filed: March 20, 2019
    Date of Patent: July 12, 2022
    Assignee: VARONIS SYSTEMS INC
    Inventors: Yakov Faitelson, Ophir Kretzer-Katzir, David Bass
  • Patent number: 11138153
    Abstract: A method for characterizing data elements in an enterprise including ascertaining at least one of an access metric and a data identifier for each of a plurality of data elements and employing the at least one of an access metric and a data identifier to automatically apply a metatag to ones of the plurality of data elements.
    Type: Grant
    Filed: April 15, 2019
    Date of Patent: October 5, 2021
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Patent number: 11042550
    Abstract: A method for managing data in an enterprise by identifying data of interest from among a multiplicity of data elements in an enterprise, the method including characterizing data of interest at least by at least one non-content based data identifier thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and selecting data of interest by considering only data elements from among the multiplicity of data elements which have the at least one non-content based data identifier thereof and the at least one access metric thereof.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: June 22, 2021
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Patent number: 10855631
    Abstract: A computerized method for managing a collaboration of objects via stubs may include a computerized apparatus linked to a computerized system and configured to intercept an outgoing communication including an object, to identify an instance of the object in a storage of the computerized system, to generate a stub of the instance of the object specifying a location of the identified instance the object in the storage of the computerized device, to replace the object in the outgoing communication with the stub, and to send the outgoing communication including the stub to a recipient.
    Type: Grant
    Filed: March 27, 2019
    Date of Patent: December 1, 2020
    Assignee: VARONIS SYSTEMS INC.
    Inventors: Yakov Faitelson, Ophir Kretzer-Katzir, David Bass
  • Publication number: 20200336485
    Abstract: A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.
    Type: Application
    Filed: June 29, 2020
    Publication date: October 22, 2020
    Applicant: Varonis Systems, Inc.
    Inventors: Yakov FAITELSON, Ohad KORKUS, Ophir KRETZER-KATZIR
  • Patent number: 10721234
    Abstract: A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.
    Type: Grant
    Filed: November 24, 2011
    Date of Patent: July 21, 2020
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Patent number: 10642791
    Abstract: A computerized method and apparatus for distinguishing between false positive read events and true positive events of reading a file, comprising determining an amount of date read from the file, in case the amount of data exceeds a threshold generating a true positive read event, otherwise generating a false positive read event in case a decision condition is met, and an apparatus to carry out the same.
    Type: Grant
    Filed: March 26, 2017
    Date of Patent: May 5, 2020
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, David Bass, Yzhar Kaysar, Doron Goldstein, Oren David
  • Patent number: 10476878
    Abstract: An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permiss
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: November 12, 2019
    Assignee: Varonis Systems, Inc.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, Yzhar Keysar
  • Patent number: 10346361
    Abstract: A method of controlling file access events in a computerized server, including receiving by a computer acting as a server and connected to a network of computer platforms, information of file access events intercepted by the computer platforms, accessing rules for processing file access events, retrieving auxiliary data disjoint of the event, and processing the event by the server based on the rule and the auxiliary data to determine an action for handling the event for the computer platform.
    Type: Grant
    Filed: November 2, 2016
    Date of Patent: July 9, 2019
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Patent number: 10320798
    Abstract: A method for controlling access to a file system having data elements, including the steps of maintaining a record of respective actual accesses by users of the file system to the data elements, defining a proposed removal of a set of the users from a superset of the users, wherein members of the superset have common access privileges to a portion of the data elements, and wherein following an implementation of the proposed removal, members of the set retain respective proposed residual access permissions, ascertaining, prior to the implementation of the proposed removal, that at least one of the respective actual accesses are disallowed to the members of the set, or to non-members of the set having actual access profiles which are similar to the actual access profiles of the members of the set, by the respective proposed residual access permissions, and generating an error indication, responsively to the ascertaining.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: June 11, 2019
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus
  • Patent number: 10318751
    Abstract: A system for automatically replacing a user security group-based computer security policy by a computer security policy based at least partially on actual access, including a learned access permissions subsystem operative to learn current access permissions of users to network objects in an enterprise computer environment and to provide an indication of which users are members of which user security groups having access permissions to which network objects, a learned actual access subsystem operative to learn actual access history of users in the enterprise to the network objects and to provide indications of which users have had actual access to which network objects, and a computer security policy administration subsystem, receiving indications from the learned access permission subsystem and the learned actual access subsystem and being operative to automatically replace pre-selected user-security group-based access permissions with at least partially actual access-based access permissions without disrupti
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: June 11, 2019
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Patent number: 10296596
    Abstract: A method for characterizing data elements in an enterprise including ascertaining at least one of an access metric and a data identifier for each of a plurality of data elements and employing the at least one of an access metric and a data identifier to automatically apply a metatag to ones of the plurality of data elements.
    Type: Grant
    Filed: May 26, 2011
    Date of Patent: May 21, 2019
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Patent number: 10181046
    Abstract: An enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
    Type: Grant
    Filed: December 10, 2013
    Date of Patent: January 15, 2019
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, David Bass, Yzhar Kaysar, Ophir Kretzer-Katzir
  • Patent number: 10176185
    Abstract: A system for identifying data of interest from among a multiplicity of data elements residing on multiple platforms in an enterprise, the system including background data characterization functionality characterizing the data of interest at least by at least one content characteristic thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and near real time data matching functionality selecting the data of interest by considering only data elements which have the at least one content characteristic thereof and the at least one access metric thereof from among the multiplicity of data elements.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: January 8, 2019
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Ohad Korkus, Yakov Faitelson, Ophir Kretzer-Katzir, David Bass
  • Patent number: 10152606
    Abstract: An enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: December 11, 2018
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus, David Bass, Yzhar Kaysar, Ophir Kretzer-Katzir