Patents by Inventor Amir Keren

Amir Keren has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11991201
    Abstract: The principles described herein relate to the training and implementation of a model designed to estimate the probability of new security incidents being true incidents. This occurs in an environment where a service such as a SIEM monitors a network of computing systems and other resources and detects a variety of incidents that could be security threats. These incidents are reported to the SOC for investigation and the SOC will take appropriate action to mitigate potential threats of true security breaches. As part of the investigation process, the SOC can label whether a security incident is true, false or benign. After labeling enough security incidents a model can be produced to estimate the probability that new security incidents are true incidents. This would help the SOC filter through security incidents more efficiently and allow for quicker response of the most likely security breaches.
    Type: Grant
    Filed: June 18, 2021
    Date of Patent: May 21, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hani Hana Neuvirth, Ishai Wertheimer, Ely Abramovitch, Yaron David Fruchtmann, Amir Keren
  • Publication number: 20240129323
    Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using digital entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.
    Type: Application
    Filed: December 6, 2023
    Publication date: April 18, 2024
    Inventors: Yaakov GARYANI, Moshe ISRAEL, Hani Hana NEUVIRTH, Ely ABRAMOVITCH, Amir KEREN, Timothy William BURRELL
  • Patent number: 11888870
    Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: January 30, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yaakov Garyani, Moshe Israel, Hani Hana Neuvirth, Ely Abramovitch, Amir Keren, Timothy William Burrell
  • Publication number: 20230107335
    Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.
    Type: Application
    Filed: October 4, 2021
    Publication date: April 6, 2023
    Inventors: Yaakov GARYANI, Moshe ISRAEL, Hani Hana NEUVIRTH, Ely ABRAMOVITCH, Amir KEREN, Timothy William BURRELL
  • Publication number: 20220407882
    Abstract: The principles described herein relate to the training and implementation of a model designed to estimate the probability of new security incidents being true incidents. This occurs in an environment where a service such as a SIEM monitors a network of computing systems and other resources and detects a variety of incidents that could be security threats. These incidents are reported to the SOC for investigation and the SOC will take appropriate action to mitigate potential threats of true security breaches. As part of the investigation process, the SOC can label whether a security incident is true, false or benign. After labeling enough security incidents a model can be produced to estimate the probability that new security incidents are true incidents. This would help the SOC filter through security incidents more efficiently and allow for quicker response of the most likely security breaches.
    Type: Application
    Filed: June 18, 2021
    Publication date: December 22, 2022
    Inventors: Hani Hana NEUVIRTH, Ishai WERTHEIMER, Ely ABRAMOVITCH, Yaron David FRUCHTMANN, Amir KEREN
  • Publication number: 20220043753
    Abstract: Examples described herein include a cache controller and a cache device. In some examples, the cache controller is configured, when operational, to: during processor operation, dynamically adjust a maximum number of allocated pinned regions in the cache device based on usage of pinned regions. In some examples, the cache controller is to store an entry into a tag memory based on a number of pinned entries in the cache device not being exceeded. In some examples, the entry includes meta-data information indicative of whether the data is stored in the cache device.
    Type: Application
    Filed: October 26, 2021
    Publication date: February 10, 2022
    Inventors: Elazar COHEN, Amir KEREN, Iliya BOKHMAN
  • Publication number: 20190042456
    Abstract: There is disclosed in one example a computing system, including: a processor including one or more computing cores; a cache having n discrete cache banks of the same cache level; and a cache controller including n discrete cache buses to communicatively couple the cache controller to the cache, wherein the cache buses are of width b, and a cache access controller configured to: receive an access request for an object of size s, wherein s>b; divide the object into k chunks of size b or smaller; and transfer the object to or from the cache in one or more iterations, the iterations including transferring n chunks of size b or smaller in parallel via the cache buses.
    Type: Application
    Filed: June 28, 2018
    Publication date: February 7, 2019
    Applicant: Intel Corporation
    Inventors: Yakov Evgeni Ginzburg, Naru Dames Sundar, Chih-Jen Chang, Amir Keren, Ravi Tangirala