Patents by Inventor Ben Bernstein
Ben Bernstein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12225043Abstract: A method and system for cyber-security processes mining are provided. The method comprises correlating events received from a plurality of data sources into a plurality of flows, wherein a flow of the plurality of flows is a sequence of events having a same identifier, and wherein at least one of the plurality of data sources is a cyber-security system; correlating the plurality of flows into a plurality of variants, wherein a variant out of the plurality of variants includes one or more flows having the same repeatable pattern; associating the plurality of variants with at least one cyber-security process based on a predefined template defining the cyber-security process; and causing a display of the least one cyber-security process and its plurality of variants.Type: GrantFiled: May 17, 2024Date of Patent: February 11, 2025Assignee: Gutsy.IO, LTDInventors: Ben Bernstein, John Morello, Dima Stopel
-
Publication number: 20240388596Abstract: A method and system for cyber-security processes mining are provided. The method comprises correlating events received from a plurality of data sources into a plurality of flows, wherein a flow of the plurality of flows is a sequence of events having a same identifier, and wherein at least one of the plurality of data sources is a cyber-security system; correlating the plurality of flows into a plurality of variants, wherein a variant out of the plurality of variants includes one or more flows having the same repeatable pattern; associating the plurality of variants with at least one cyber-security process based on a predefined template defining the cyber-security process; and causing a display of the least one cyber-security process and its plurality of variants.Type: ApplicationFiled: May 17, 2024Publication date: November 21, 2024Applicant: Gutsy.IO, LTDInventors: Ben BERNSTEIN, John MORELLO, Dima STOPEL
-
Patent number: 10915628Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. The method includes monitoring events triggered as a result of changes to an application layer of a software container; based on the monitored events, determining if at least one file has been changed; upon determination that at least one file has been changed, scanning the at least one file to detect at least one type of vulnerability; and upon determination of at least one type of known vulnerability, generating a detection event.Type: GrantFiled: September 28, 2016Date of Patent: February 9, 2021Assignee: Twistlock, Ltd.Inventors: Dima Stopel, Ben Bernstein
-
Patent number: 10719612Abstract: A system and method for detecting vulnerabilities in be images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.Type: GrantFiled: December 17, 2018Date of Patent: July 21, 2020Assignee: Twistlock, Ltd.Inventors: Dima Stopel, Ben Bernstein
-
Patent number: 10706145Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. This method includes intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment; migrating the new software container from the first execution environment to the second execution environment for execution therein; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action.Type: GrantFiled: September 28, 2016Date of Patent: July 7, 2020Assignee: TWISTLOCK, LTD.Inventors: Dima Stopel, Ben Bernstein
-
Patent number: 10567411Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.Type: GrantFiled: May 29, 2018Date of Patent: February 18, 2020Assignee: TWISTLOCK, LTD.Inventors: Ben Bernstein, John Morello, Dima Stopel, Liron Levin, Eran Yanay
-
Publication number: 20190121986Abstract: A system and method for detecting vulnerabilities in be images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.Type: ApplicationFiled: December 17, 2018Publication date: April 25, 2019Applicant: Twistlock, Ltd.Inventors: Dima STOPEL, Ben BERNSTEIN
-
Patent number: 10223534Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.Type: GrantFiled: October 13, 2016Date of Patent: March 5, 2019Assignee: Twistlock, Ltd.Inventors: Dima Stopel, Ben Bernstein
-
Publication number: 20180278639Abstract: A system and method for dynamically adapting traffic inspection and filtering in containerized environments. The method includes monitoring the containerized environment to identify deployment of a software container in the containerized environment; inspecting traffic redirected from the software container, wherein the inspecting includes detecting malicious activity of the software container; and filtering the traffic based on at least one filtering rule when the malicious activity is detected, wherein the at least one filtering rule is defined in a filtering profile for the software container, wherein the filtering profile is determined for the software container when a new container image of the software container is detected in the containerized environment.Type: ApplicationFiled: May 29, 2018Publication date: September 27, 2018Applicant: Twistlock, Ltd.Inventors: Ben BERNSTEIN, John MORELLO, Dima STOPEL, Liron LEVIN, Eran YANAY
-
Publication number: 20170109536Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.Type: ApplicationFiled: October 13, 2016Publication date: April 20, 2017Applicant: Twistlock, Ltd.Inventors: Dima STOPEL, Ben BERNSTEIN
-
Publication number: 20170098072Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. The method includes monitoring events triggered as a result of changes to an application layer of a software container; based on the monitored events, determining if at least one file has been changed; upon determination that at least one file has been changed, scanning the at least one file to detect at least one type of vulnerability; and upon determination of at least one type of known vulnerability, generating a detection event.Type: ApplicationFiled: September 28, 2016Publication date: April 6, 2017Applicant: Twistlock, Ltd.Inventors: Dima STOPEL, Ben BERNSTEIN
-
Publication number: 20170098071Abstract: A system and method for detecting vulnerabilities in software containers at runtime are provided. This method includes intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment; migrating the new software container from the first execution environment to the second execution environment for execution therein; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action.Type: ApplicationFiled: September 28, 2016Publication date: April 6, 2017Applicant: Twistlock, Ltd.Inventors: Dima STOPEL, Ben BERNSTEIN
-
Patent number: 9401911Abstract: Embodiments are directed to providing a certificate extension to an authentication certificate, to validating an authentication certificate request and to implementing authentication certificates that include certificate extensions. In an embodiment, a computer system accesses an authentication certificate request that is to be sent to a validation server for validation and to a certificate authority for issuance of an authentication certificate. The computer system appends an extension to the authentication certificate request. The extension includes origination information about the authentication certificate. The computer system then sends the authentication certificate request with the appended extension to the validation server for validation.Type: GrantFiled: February 10, 2011Date of Patent: July 26, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Ghila Castelnuovo, Ziv Ayalon, Anat Bar-Anan, Ben Bernstein, Philip Derbeko, Victor W. Heller, Aleksandr Radutskiy, Uzi Tuvian
-
Patent number: 8799649Abstract: A system adapted to condition access to a network over an IPsec session to clients providing a proper one-time-password, even though the network access control uses IKEv1, which does not support one-time-passwords. An authentication service receives from a client an access request including the one-time-password, and provides the one-time-password to a service that checks the password. The one-time-password service returns a cookie when the password is successfully validated and the client is properly authenticated. The cookie is passed on to the client computer, which uses the cookie as part of a request for a certificate. A certificate authority generates a certificate if a request for a certificate is received from an authenticated client, which in turn may be used to form the IPsec session for access to the network.Type: GrantFiled: May 13, 2010Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Anat Eyal, Ben Bernstein, Anat Bar-Anan, Nimrod Vered
-
Patent number: 8484666Abstract: Architecture that includes optimizations for “Bump-in-the-API” (BIA) as employed for multi-stack hosts. These optimizations reduce the limitations imposed by the existing translation technologies by simplifying the implementation and addressing possible compatibility issues. More specifically, the architecture discloses optimizations that use a preconfigured NAT64 prefix for mapping of NAT64 IPv6 addresses in the prefix subnet to IPv4 addresses, without a mapping table (stateless), use configuration information for enabling API translation per application (resolves possible compatibility issues), and use a local IPv4 socket and a data pump to reduce the number of translated API calls.Type: GrantFiled: September 13, 2010Date of Patent: July 9, 2013Assignee: Microsoft CorporationInventors: Yury Berezansky, Moshe Sapir, Ben Bernstein, Maxim Braitmaiere
-
Publication number: 20120210123Abstract: Embodiments are directed to providing a certificate extension to an authentication certificate, to validating an authentication certificate request and to implementing authentication certificates that include certificate extensions. In an embodiment, a computer system accesses an authentication certificate request that is to be sent to a validation server for validation and to a certificate authority for issuance of an authentication certificate. The computer system appends an extension to the authentication certificate request. The extension includes origination information about the authentication certificate. The computer system then sends the authentication certificate request with the appended extension to the validation server for validation.Type: ApplicationFiled: February 10, 2011Publication date: August 16, 2012Applicant: MICROSOFT CORPORATIONInventors: Ghila Castelnuovo, Ziv Ayalon, Anat Bar-Anan, Ben Bernstein, Philip Derbeko, Victor W. Heller, Aleksandr Radutskiy, Uzi Tuvian
-
Publication number: 20120066695Abstract: Architecture that includes optimizations for “Bump-in-the-API” (BIA) as employed for multi-stack hosts. These optimizations reduce the limitations imposed by the existing translation technologies by simplifying the implementation and addressing possible compatibility issues. More specifically, the architecture discloses optimizations that use a preconfigured NAT64 prefix for mapping of NAT64 IPv6 addresses in the prefix subnet to IPv4 addresses, without a mapping table (stateless), use configuration information for enabling API translation per application (resolves possible compatibility issues), and use a local IPv4 socket and a data pump to reduce the number of translated API calls.Type: ApplicationFiled: September 13, 2010Publication date: March 15, 2012Applicant: MICROSOFT CORPORATIONInventors: Yury Berezansky, Moshe Sapir, Ben Bernstein, Maxim Braitmaiere
-
Publication number: 20110283103Abstract: A system adapted to condition access to a network over an IPsec session to clients providing a proper one-time-password, even though the network access control uses IKEv1, which does not support one-time-passwords. An authentication service receives from a client an access request including the one-time-password, and provides the one-time-password to a service that checks the password. The one-time-password service returns a cookie when the password is successfully validated and the client is properly authenticated. The cookie is passed on to the client computer, which uses the cookie as part of a request for a certificate. A certificate authority generates a certificate if a request for a certificate is received from an authenticated client, which in turn may be used to form the IPsec session for access to the network.Type: ApplicationFiled: May 13, 2010Publication date: November 17, 2011Inventors: Anat Eyal, Ben Bernstein, Anat Bar-Anan, Nimrod Vered