Patents by Inventor Ben Bernstein

Ben Bernstein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12225043
    Abstract: A method and system for cyber-security processes mining are provided. The method comprises correlating events received from a plurality of data sources into a plurality of flows, wherein a flow of the plurality of flows is a sequence of events having a same identifier, and wherein at least one of the plurality of data sources is a cyber-security system; correlating the plurality of flows into a plurality of variants, wherein a variant out of the plurality of variants includes one or more flows having the same repeatable pattern; associating the plurality of variants with at least one cyber-security process based on a predefined template defining the cyber-security process; and causing a display of the least one cyber-security process and its plurality of variants.
    Type: Grant
    Filed: May 17, 2024
    Date of Patent: February 11, 2025
    Assignee: Gutsy.IO, LTD
    Inventors: Ben Bernstein, John Morello, Dima Stopel
  • Publication number: 20240388596
    Abstract: A method and system for cyber-security processes mining are provided. The method comprises correlating events received from a plurality of data sources into a plurality of flows, wherein a flow of the plurality of flows is a sequence of events having a same identifier, and wherein at least one of the plurality of data sources is a cyber-security system; correlating the plurality of flows into a plurality of variants, wherein a variant out of the plurality of variants includes one or more flows having the same repeatable pattern; associating the plurality of variants with at least one cyber-security process based on a predefined template defining the cyber-security process; and causing a display of the least one cyber-security process and its plurality of variants.
    Type: Application
    Filed: May 17, 2024
    Publication date: November 21, 2024
    Applicant: Gutsy.IO, LTD
    Inventors: Ben BERNSTEIN, John MORELLO, Dima STOPEL
  • Patent number: 10915628
    Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. The method includes monitoring events triggered as a result of changes to an application layer of a software container; based on the monitored events, determining if at least one file has been changed; upon determination that at least one file has been changed, scanning the at least one file to detect at least one type of vulnerability; and upon determination of at least one type of known vulnerability, generating a detection event.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: February 9, 2021
    Assignee: Twistlock, Ltd.
    Inventors: Dima Stopel, Ben Bernstein
  • Patent number: 10719612
    Abstract: A system and method for detecting vulnerabilities in be images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: July 21, 2020
    Assignee: Twistlock, Ltd.
    Inventors: Dima Stopel, Ben Bernstein
  • Patent number: 10706145
    Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. This method includes intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment; migrating the new software container from the first execution environment to the second execution environment for execution therein; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: July 7, 2020
    Assignee: TWISTLOCK, LTD.
    Inventors: Dima Stopel, Ben Bernstein
  • Patent number: 10567411
    Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: February 18, 2020
    Assignee: TWISTLOCK, LTD.
    Inventors: Ben Bernstein, John Morello, Dima Stopel, Liron Levin, Eran Yanay
  • Publication number: 20190121986
    Abstract: A system and method for detecting vulnerabilities in be images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.
    Type: Application
    Filed: December 17, 2018
    Publication date: April 25, 2019
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, Ben BERNSTEIN
  • Patent number: 10223534
    Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.
    Type: Grant
    Filed: October 13, 2016
    Date of Patent: March 5, 2019
    Assignee: Twistlock, Ltd.
    Inventors: Dima Stopel, Ben Bernstein
  • Publication number: 20180278639
    Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.
    Type: Application
    Filed: May 29, 2018
    Publication date: September 27, 2018
    Applicant: Twistlock, Ltd.
    Inventors: Ben BERNSTEIN, John MORELLO, Dima STOPEL, Liron LEVIN, Eran YANAY
  • Publication number: 20170109536
    Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.
    Type: Application
    Filed: October 13, 2016
    Publication date: April 20, 2017
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, Ben BERNSTEIN
  • Publication number: 20170098072
    Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. The method includes monitoring events triggered as a result of changes to an application layer of a software container; based on the monitored events, determining if at least one file has been changed; upon determination that at least one file has been changed, scanning the at least one file to detect at least one type of vulnerability; and upon determination of at least one type of known vulnerability, generating a detection event.
    Type: Application
    Filed: September 28, 2016
    Publication date: April 6, 2017
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, Ben BERNSTEIN
  • Publication number: 20170098071
    Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. This method includes intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment; migrating the new software container from the first execution environment to the second execution environment for execution therein; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action.
    Type: Application
    Filed: September 28, 2016
    Publication date: April 6, 2017
    Applicant: Twistlock, Ltd.
    Inventors: Dima STOPEL, Ben BERNSTEIN
  • Patent number: 9401911
    Abstract: Embodiments are directed to providing a certificate extension to an authentication certificate, to validating an authentication certificate request and to implementing authentication certificates that include certificate extensions. In an embodiment, a computer system accesses an authentication certificate request that is to be sent to a validation server for validation and to a certificate authority for issuance of an authentication certificate. The computer system appends an extension to the authentication certificate request. The extension includes origination information about the authentication certificate. The computer system then sends the authentication certificate request with the appended extension to the validation server for validation.
    Type: Grant
    Filed: February 10, 2011
    Date of Patent: July 26, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ghila Castelnuovo, Ziv Ayalon, Anat Bar-Anan, Ben Bernstein, Philip Derbeko, Victor W. Heller, Aleksandr Radutskiy, Uzi Tuvian
  • Patent number: 8799649
    Abstract: A system adapted to condition access to a network over an IPsec session to clients providing a proper one-time-password, even though the network access control uses IKEv1, which does not support one-time-passwords. An authentication service receives from a client an access request including the one-time-password, and provides the one-time-password to a service that checks the password. The one-time-password service returns a cookie when the password is successfully validated and the client is properly authenticated. The cookie is passed on to the client computer, which uses the cookie as part of a request for a certificate. A certificate authority generates a certificate if a request for a certificate is received from an authenticated client, which in turn may be used to form the IPsec session for access to the network.
    Type: Grant
    Filed: May 13, 2010
    Date of Patent: August 5, 2014
    Assignee: Microsoft Corporation
    Inventors: Anat Eyal, Ben Bernstein, Anat Bar-Anan, Nimrod Vered
  • Patent number: 8484666
    Abstract: Architecture that includes optimizations for “Bump-in-the-API” (BIA) as employed for multi-stack hosts. These optimizations reduce the limitations imposed by the existing translation technologies by simplifying the implementation and addressing possible compatibility issues. More specifically, the architecture discloses optimizations that use a preconfigured NAT64 prefix for mapping of NAT64 IPv6 addresses in the prefix subnet to IPv4 addresses, without a mapping table (stateless), use configuration information for enabling API translation per application (resolves possible compatibility issues), and use a local IPv4 socket and a data pump to reduce the number of translated API calls.
    Type: Grant
    Filed: September 13, 2010
    Date of Patent: July 9, 2013
    Assignee: Microsoft Corporation
    Inventors: Yury Berezansky, Moshe Sapir, Ben Bernstein, Maxim Braitmaiere
  • Publication number: 20120210123
    Abstract: Embodiments are directed to providing a certificate extension to an authentication certificate, to validating an authentication certificate request and to implementing authentication certificates that include certificate extensions. In an embodiment, a computer system accesses an authentication certificate request that is to be sent to a validation server for validation and to a certificate authority for issuance of an authentication certificate. The computer system appends an extension to the authentication certificate request. The extension includes origination information about the authentication certificate. The computer system then sends the authentication certificate request with the appended extension to the validation server for validation.
    Type: Application
    Filed: February 10, 2011
    Publication date: August 16, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: Ghila Castelnuovo, Ziv Ayalon, Anat Bar-Anan, Ben Bernstein, Philip Derbeko, Victor W. Heller, Aleksandr Radutskiy, Uzi Tuvian
  • Publication number: 20120066695
    Abstract: Architecture that includes optimizations for “Bump-in-the-API” (BIA) as employed for multi-stack hosts. These optimizations reduce the limitations imposed by the existing translation technologies by simplifying the implementation and addressing possible compatibility issues. More specifically, the architecture discloses optimizations that use a preconfigured NAT64 prefix for mapping of NAT64 IPv6 addresses in the prefix subnet to IPv4 addresses, without a mapping table (stateless), use configuration information for enabling API translation per application (resolves possible compatibility issues), and use a local IPv4 socket and a data pump to reduce the number of translated API calls.
    Type: Application
    Filed: September 13, 2010
    Publication date: March 15, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: Yury Berezansky, Moshe Sapir, Ben Bernstein, Maxim Braitmaiere
  • Publication number: 20110283103
    Abstract: A system adapted to condition access to a network over an IPsec session to clients providing a proper one-time-password, even though the network access control uses IKEv1, which does not support one-time-passwords. An authentication service receives from a client an access request including the one-time-password, and provides the one-time-password to a service that checks the password. The one-time-password service returns a cookie when the password is successfully validated and the client is properly authenticated. The cookie is passed on to the client computer, which uses the cookie as part of a request for a certificate. A certificate authority generates a certificate if a request for a certificate is received from an authenticated client, which in turn may be used to form the IPsec session for access to the network.
    Type: Application
    Filed: May 13, 2010
    Publication date: November 17, 2011
    Inventors: Anat Eyal, Ben Bernstein, Anat Bar-Anan, Nimrod Vered