Patents by Inventor BLAKE DARCHE
BLAKE DARCHE has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11861563Abstract: In an embodiment, the disclosed technologies monitor electronic message traffic between a network and a recipient computer system. An embodiment includes obtaining, from an electronic message received from the network, a triple of a display name, email address, and sending domain, determining a name score for triple, and determining characteristics of the electronic message. The name score of the triple and the characteristics of the electronic message may be used to determine whether the electronic message is a spoofing attack such as a business email compromise (BEC) attack. In response to determining that the electronic message is malicious, an embodiment may cause the network to at least one of modify, delay, re-route, or block transmission of the electronic message to the recipient computer system.Type: GrantFiled: January 15, 2021Date of Patent: January 2, 2024Assignee: CLOUDFLARE, INC.Inventors: Umalatha Batchu, Torsten Zeppenfeld, Blake Darche, Philip Syme
-
Publication number: 20220230142Abstract: In an embodiment, the disclosed technologies monitor electronic message traffic between a network and a recipient computer system. An embodiment includes obtaining, from an electronic message received from the network, a triple of a display name, email address, and sending domain, determining a name score for triple, and determining characteristics of the electronic message. The name score of the triple and the characteristics of the electronic message may be used to determine whether the electronic message is a spoofing attack such as a business email compromise (BEC) attack. In response to determining that the electronic message is malicious, an embodiment may cause the network to at least one of modify, delay, re-route, or block transmission of the electronic message to the recipient computer system.Type: ApplicationFiled: January 15, 2021Publication date: July 21, 2022Inventors: Umalatha Batchu, Torsten Zeppenfeld, Blake Darche, Philip Syme
-
Patent number: 10587483Abstract: A method and apparatus for packet capture is provided.Type: GrantFiled: July 31, 2018Date of Patent: March 10, 2020Assignee: Area 1 Security, Inc.Inventors: Blake Darche, Javier Castro, Chiraag Aval
-
Patent number: 10574669Abstract: A computer system programmed to provide improved packet capture comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer; a command server that is programmed to determine an expiration time for capturing a first set of data packets that have been routed toward a first compromised computer, to determine a time interval indicating an interval for capturing the first set of data packets, to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter and a message, which comprises the time interval and the expiration time, to the first sensor computer of the plurality of sensor computers to capture the first set of data packets every the time interval and until the expiration time expires.Type: GrantFiled: January 18, 2019Date of Patent: February 25, 2020Assignee: Area 1 Security, Inc.Inventors: Javier Castro, Blake Darche, Chiraag Aval
-
Patent number: 10187400Abstract: A computer system programmed to provide improved packet capture comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer; a command server that is programmed to determine an expiration time for capturing a first set of data packets that have been routed toward a first compromised computer, to determine a time interval indicating an interval for capturing the first set of data packets, to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter and a message, which comprises the time interval and the expiration time, to the first sensor computer of the plurality of sensor computers to capture the first set of data packets every the time interval and until the expiration time expires.Type: GrantFiled: June 29, 2017Date of Patent: January 22, 2019Assignee: Area 1 Security, Inc.Inventors: Javier Castro, Blake Darche, Chiraag Aval
-
Patent number: 10084815Abstract: A computer-implemented method, comprising: detecting network messages that are emitted by a compromised computer, wherein the compromised computer comprises at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers; queuing copies of the network messages in a queue; forwarding the network messages to original destinations; determining whether the number of network messages exceeds a specified threshold associated with an attack vector; filtering by the processor, the copies that do not include one of a set of port values associated with known computer attacks; analyzing, by the processor, timing of the copies with respect to a predetermined schedule including active hours and inactive hours, detecting one or more security threats caused by the comprised computer based on the determining, filtering, and the analyzing, sending a result of the detecting to a security control computer over a communication network.Type: GrantFiled: June 13, 2017Date of Patent: September 25, 2018Assignee: Area 1 Security, Inc.Inventors: Oren Falkowitz, Philip Syme, Blake Darche
-
Patent number: 10038603Abstract: A method and apparatus for packet capture is provided.Type: GrantFiled: February 23, 2016Date of Patent: July 31, 2018Assignee: Area 1 Security, Inc.Inventors: Blake Darche, Javier Castro, Chiraag Aval
-
Publication number: 20170279816Abstract: A data processing system comprising: a sensor computer that is coupled to and co-located with a compromised computer, the compromised computer comprising at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers, wherein the compromised computer is coupled to a firewall that is configured to control ingress of packets to the compromised computer and is logically between one or more attacker computers and the one or more enterprise networks or enterprise computers; a security control computer that is coupled to the sensor computer; one or more non-transitory data storage media in the security control computer storing security logic comprising one or more sequences of instructions which when executed cause the security control computer to perform: obtaining, from the sensor computer, detection data relating to network messages that the compromised computer emits, as the compromised computer emits the network messages; usinType: ApplicationFiled: June 13, 2017Publication date: September 28, 2017Inventors: OREN FALKOWITZ, PHILIP SYME, BLAKE DARCHE
-
Patent number: 9712557Abstract: A data processing system comprising: a sensor computer that is coupled to and co-located with a compromised computer, the compromised computer comprising at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers, wherein the compromised computer is coupled to a firewall that is configured to control ingress of packets to the compromised computer and is logically between one or more attacker computers and the one or more enterprise networks or enterprise computers; a security control computer that is coupled to the sensor computer; one or more non-transitory data storage media in the security control computer storing security logic comprising one or more sequences of instructions which when executed cause the security control computer to perform: obtaining, from the sensor computer, detection data relating to network messages that the compromised computer emits, as the compromised computer emits the network messages; usinType: GrantFiled: May 27, 2015Date of Patent: July 18, 2017Assignee: Area 1 Security, Inc.Inventors: Oren Falkowitz, Philip Syme, Blake Darche
-
Patent number: 9374385Abstract: A data processing system comprises a security control computer performing operations comprising: receiving, an advertising exchange network computer, advertising presentation data indicating presentations of advertisements to particular browsers that have browsed to particular websites; determining, based upon detection data, whether the particular websites are associated with network attacks or malware; in response, storing transit data specifying computers that have visited the particular web sites and using the transit data to determine a plurality of particular web pages to inspect for threats; based on a hierarchical structure of the particular web pages and without consideration of content of the particular web pages, identifying one or more features, of links in the particular web page or files referenced in the particular web pages, that indicate one or more security threats in the web pages; and determining remediation measures to remediate security threats that are identified in one of the particulaType: GrantFiled: November 7, 2014Date of Patent: June 21, 2016Assignee: Area 1 Security, Inc.Inventors: Oren Falkowitz, Philip Syme, Blake Darche
-
Publication number: 20160134588Abstract: A data processing system comprising: a sensor computer that is coupled to and co-located with a compromised computer, the compromised computer comprising at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers, wherein the compromised computer is coupled to a firewall that is configured to control ingress of packets to the compromised computer and is logically between one or more attacker computers and the one or more enterprise networks or enterprise computers; a security control computer that is coupled to the sensor computer; one or more non-transitory data storage media in the security control computer storing security logic comprising one or more sequences of instructions which when executed cause the security control computer to perform: obtaining, from the sensor computer, detection data relating to network messages that the compromised computer emits, as the compromised computer emits the network messages; usinType: ApplicationFiled: May 27, 2015Publication date: May 12, 2016Inventors: OREN FALKOWITZ, PHILIP SYME, BLAKE DARCHE