Patents by Inventor Ben A. Wuest
Ben A. Wuest has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11930017Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Based on identity and audit data received from a set of cloud deployments, and according to a cloud intelligence model, a set of permissions associated with each of a set of identities are determined. For each identity, and based on a set of identity chains extracted from the cloud intelligence model, a set of identity account action paths (IAAPs) are then determined. An IAAP defines how the identity obtains an ability to perform a given action in a given account. Using the identity account action paths together with context information, one or more roles, groups and accounts in the enterprise that are propagating permissions within the public cloud environment are then identified.Type: GrantFiled: April 7, 2023Date of Patent: March 12, 2024Assignee: Sonrai Security Inc.Inventors: Veranika Hadun, William Bird, Ben Wuest
-
Patent number: 11902354Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.Type: GrantFiled: January 31, 2023Date of Patent: February 13, 2024Assignee: Sonrai Security Inc.Inventors: Ben Wuest, William Bird, Brad Peters, Albert Lockett
-
Publication number: 20230179649Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.Type: ApplicationFiled: January 31, 2023Publication date: June 8, 2023Applicant: Sonrai Security Inc.Inventors: Ben Wuest, William Bird, Brad Peters, Albert Lockett
-
Publication number: 20230110220Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. The data model also supports a cloud “least privilege and access” framework. Least privilege is a set of minimum permissions that are associated to a given identity; least access is a minimal set of persons that need to have access to given piece data. The framework maps an identity to one or more actions collected in cloud audit logs, and dynamically-build a compete view of an identity's effective permissions. The resulting least privilege and access policies are then applied natively to a given cloud environment to manage access.Type: ApplicationFiled: September 28, 2021Publication date: April 13, 2023Applicant: Sonrai Securty Inc.Inventors: Ben A. Wuest, William A. Bird, Brad J. Peters, Dasharath P. Chavda, Gregory A. Davis
-
Patent number: 11570231Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.Type: GrantFiled: July 27, 2020Date of Patent: January 31, 2023Assignee: Sonrai Security Inc.Inventors: Ben Wuest, William Bird, Brad Peters, Albert Lockett
-
Patent number: 11134085Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. The data model also supports a cloud “least privilege and access” framework. Least privilege is a set of minimum permissions that are associated to a given identity; least access is a minimal set of persons that need to have access to given piece data. The framework maps an identity to one or more actions collected in cloud audit logs, and dynamically-build a compete view of an identity's effective permissions. The resulting least privilege and access policies are then applied natively to a given cloud environment to manage access.Type: GrantFiled: July 2, 2020Date of Patent: September 28, 2021Assignee: Sonrai Security Inc.Inventors: Ben A. Wuest, William A. Bird, Brad J. Peters, Dasharath P. Chavda, Gregory A. Davis
-
Patent number: 11100046Abstract: A method, apparatus and computer program product for selectively storing network traffic data are described. Network traffic is stored according to a first packet filtering policy in a first repository. The stored network traffic is scanned in the first repository according to a second packet filtering policy to identify a subset of network traffic for archiving. The identified subset of network traffic identified by the second packet filtering policy are forensically interesting packets concerning a security issue. The identified subset of network traffic from the first repository is then stored in a second repository.Type: GrantFiled: January 25, 2016Date of Patent: August 24, 2021Assignee: International Business Machines CorporationInventors: Russell L Couturier, Vijay Dheap, Derek T Lohnes, Ben A Wuest
-
Publication number: 20200358842Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.Type: ApplicationFiled: July 27, 2020Publication date: November 12, 2020Applicant: Sonrai Security Inc.Inventors: Ben Wuest, William Bird, Brad Peters, Albert Lockett
-
Publication number: 20200336489Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. The data model also supports a cloud “least privilege and access” framework. Least privilege is a set of minimum permissions that are associated to a given identity; least access is a minimal set of persons that need to have access to given piece data. The framework maps an identity to one or more actions collected in cloud audit logs, and dynamically-build a compete view of an identity's effective permissions. The resulting least privilege and access policies are then applied natively to a given cloud environment to manage access.Type: ApplicationFiled: July 2, 2020Publication date: October 22, 2020Applicant: Sonrai Security Inc.Inventors: Ben A. Wuest, William A. Bird, Brad J. Peters, Dasharath P. Chavda, Gregory A. Davis
-
Patent number: 10728307Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.Type: GrantFiled: July 8, 2019Date of Patent: July 28, 2020Assignee: Sonrai Security Inc.Inventors: Ben Wuest, William Bird, Brad Peters, Albert Lockett
-
Patent number: 10693796Abstract: Embodiments provide a system and method for network tracking. By using packet capture applications having a flow identifier and a time stamper, one or more raw packets from one or more packet flows intercepted from a network can be tagged with a unique identifier and timestamp that can later be used to aggregate packet flows that have been analyzed by one or more capture applications. The unique identifier can relate to the network interface of the particular capture application and can also have an increasing value, where the increase in value can be monotonic. Later capture applications, while capable of generating secondary timestamps, can disregard those secondary timestamps for the primary timestamp of the first capture application in order to remove complications arising from latency issues.Type: GrantFiled: December 3, 2018Date of Patent: June 23, 2020Assignees: International Business Machines Corporation, Napatech A/SInventors: William A. Bird, Russell Couturier, Vijay Dheap, Patrick V. Johnstone, Ben A. Wuest, Alex Omø Agerholm
-
Publication number: 20200112602Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.Type: ApplicationFiled: July 8, 2019Publication date: April 9, 2020Applicant: Sonrai Security Inc.Inventors: Ben Wuest, William Bird, Brad Peters, Albert Lockett
-
Publication number: 20190109794Abstract: Embodiments provide a system and method for network tracking. By using packet capture applications having a flow identifier and a time stamper, one or more raw packets from one or more packet flows intercepted from a network can be tagged with a unique identifier and timestamp that can later be used to aggregate packet flows that have been analyzed by one or more capture applications. The unique identifier can relate to the network interface of the particular capture application and can also have an increasing value, where the increase in value can be monotonic. Later capture applications, while capable of generating secondary timestamps, can disregard those secondary timestamps for the primary timestamp of the first capture application in order to remove complications arising from latency issues.Type: ApplicationFiled: December 3, 2018Publication date: April 11, 2019Inventors: William A. Bird, Russell Couturier, Vijay Dheap, Patrick V. Johnstone, Ben A. Wuest, Alex Omø Agerholm
-
Patent number: 10250511Abstract: Embodiments provide a system and method for network tracking. By using packet capture applications having a flow identifier and a time stamper, one or more raw packets from one or more packet flows intercepted from a network can be tagged with a unique identifier and timestamp that can later be used to aggregate packet flows that have been analyzed by one or more capture applications. The unique identifier can relate to the network interface of the particular capture application and can also have an increasing value, where the increase in value can be monotonic. Later capture applications, while capable of generating secondary timestamps, can disregard those secondary timestamps for the primary timestamp of the first capture application in order to remove complications arising from latency issues.Type: GrantFiled: June 10, 2016Date of Patent: April 2, 2019Assignee: International Business Machines CorporationInventors: William A. Bird, Russell Couturier, Vijay Dheap, Patrick V. Johnstone, Ben A. Wuest, Alex Omø Agerholm
-
Publication number: 20170359264Abstract: Embodiments provide a system and method for network tracking. By using packet capture applications having a flow identifier and a time stamper, one or more raw packets from one or more packet flows intercepted from a network can be tagged with a unique identifier and timestamp that can later be used to aggregate packet flows that have been analyzed by one or more capture applications. The unique identifier can relate to the network interface of the particular capture application and can also have an increasing value, where the increase in value can be monotonic. Later capture applications, while capable of generating secondary timestamps, can disregard those secondary timestamps for the primary timestamp of the first capture application in order to remove complications arising from latency issues.Type: ApplicationFiled: June 10, 2016Publication date: December 14, 2017Inventors: WILLIAM A. BIRD, Russell Couturier, Vijay Dheap, Patrick V. Johnstone, Ben A. Wuest, Alex Omø Agerholm
-
Publication number: 20170214718Abstract: A method, apparatus and computer program product for selectively storing network traffic data are described. Network traffic is stored according to a first packet filtering policy in a first repository. The stored network traffic is scanned in the first repository according to a second packet filtering policy to identify a subset of network traffic for archiving. The identified subset of network traffic identified by the second packet filtering policy are forensically interesting packets concerning a security issue. The identified subset of network traffic from the first repository is then stored in a second repository.Type: ApplicationFiled: January 25, 2016Publication date: July 27, 2017Inventors: Russell L. Couterier, Vijay Dheap, Derek T. Lohnes, Ben A. Wuest
-
Patent number: 9607144Abstract: A method, system and computer-usable medium are disclosed for identifying risk within an information technology (IT) environment, comprising: analyzing characteristics of a user accessing a system within an IT environment; associating a risk profile with the user based upon the characteristics of the user; determining when the user accesses a system within the IT environment; maintaining a user risk profile record of all systems within the IT environment accessed by the user, the user risk profile record continuing to be associated with the system after access by the user ceases; and, identifying a risk level for all systems within the IT environment based upon the user risk profile record.Type: GrantFiled: November 30, 2015Date of Patent: March 28, 2017Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jason D. Keirstead, Dwight E. Spencer, Ben A. Wuest
-
Patent number: 9600659Abstract: A method, system and computer-usable medium are disclosed for identifying risk within an information technology (IT) environment, comprising: analyzing characteristics of a user accessing a system within an IT environment; associating a risk profile with the user based upon the characteristics of the user; determining when the user accesses a system within the IT environment; maintaining a user risk profile record of all systems within the IT environment accessed by the user, the user risk profile record continuing to be associated with the system after access by the user ceases; and, identifying a risk level for all systems within the IT environment based upon the user risk profile record.Type: GrantFiled: December 16, 2015Date of Patent: March 21, 2017Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jason D. Keirstead, Dwight E. Spencer, Ben A. Wuest
-
Patent number: 9497217Abstract: According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert.Type: GrantFiled: June 3, 2015Date of Patent: November 15, 2016Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jody D. Brownell, Ben A. Wuest
-
Patent number: 9473531Abstract: According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert.Type: GrantFiled: November 17, 2014Date of Patent: October 18, 2016Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jody D. Brownell, Ben A. Wuest