Patents by Inventor Constantin Mircea Adam
Constantin Mircea Adam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240114046Abstract: One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.Type: ApplicationFiled: October 4, 2022Publication date: April 4, 2024Inventors: Constantin Mircea Adam, Muhammed Fatih Bulut, Steven Ocepek
-
Patent number: 11924239Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.Type: GrantFiled: October 23, 2020Date of Patent: March 5, 2024Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Lilian Mathias Ngweta, Steven Ocepek, Constantin Mircea Adam, Sai Zeng, Muhammed Fatih Bulut, Milton H. Hernandez
-
Patent number: 11829766Abstract: Systems and techniques that facilitate compliance enforcement via service discovery analytics are provided. In various embodiments, a system can comprise a receiver component that can access one or more declarative deployment manifests associated with a computing application. In various instances, the system can comprise a dependency component that can build a dependency topology based on the one or more declarative deployment manifests. In various cases, the dependency topology can indicate dependencies among one or more computing objects that are declared by the one or more declarative deployment manifests. In various aspects, the system can comprise a compliance component that can determine, based on the dependency topology, whether the computing application satisfies one or more compliance standards.Type: GrantFiled: May 4, 2021Date of Patent: November 28, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Constantin Mircea Adam, Shripad Nadgowda, James R. Doran, John Rofrano
-
Publication number: 20230177169Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.Type: ApplicationFiled: December 8, 2021Publication date: June 8, 2023Inventors: Muhammed Fatih Bulut, Abdulhamid Adebowale Adebayo, Lilian Mathias Ngweta, Ting Dai, Constantin Mircea Adam, Daby Mousse Sow, Steven Ocepek
-
Publication number: 20230155984Abstract: Techniques for managing and processing of configuration changes associated with a service container associated with a service mesh are presented. An application management component can determine immutable configuration data (ICD) relating to configuration change processing for the service container based on policies received from an application owner. A message processing component (MMC) of a service proxy associated with the service container can receive, via a control plane, a message associated with an untrusted entity. MMC can determine whether the message comprises a configuration change request relating to interaction between the application and the service mesh, and, if so, can determine whether to allow the service proxy to process the configuration change based on analysis of the configuration change and ICD. If ICD indicates the configuration change is not allowed, service proxy can discard the request.Type: ApplicationFiled: November 18, 2021Publication date: May 18, 2023Inventors: Constantin Mircea Adam, Nerla Jean-Louis, Hubertus Franke, Edward Charles Snible, Abdulhamid Adebowale Adebayo
-
Publication number: 20230085001Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: ApplicationFiled: November 18, 2022Publication date: March 16, 2023Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai ZENG, Guan Qun Zhang, Bhavna Agrawal
-
Patent number: 11537602Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.Type: GrantFiled: May 12, 2020Date of Patent: December 27, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Muhammed Fatih Bulut, Arun Kumar, Kuntal Dey, Constantin Mircea Adam, Milton H. Hernandez
-
Patent number: 11533296Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: GrantFiled: September 1, 2017Date of Patent: December 20, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai Zeng, Guan Qun Zhang, Bhavna Agrawal
-
Patent number: 11522819Abstract: Techniques facilitating maintenance of tribal knowledge for accelerated compliance control deployment are provided. In one example, a system includes a memory that stores computer executable components and a processor that executes computer executable components stored in the memory, wherein the computer executable components include a knowledge base generation component that generates a knowledge graph corresponding to respective commitments created via tribal exchanges, the knowledge graph comprising a semantic level and an operational level; a semantic graph population component that populates the semantic level of the knowledge graph based on identified parties to the respective commitments; and an operational graph population component that populates the operational level of the knowledge graph based on tracked status changes associated with the respective commitments.Type: GrantFiled: November 11, 2019Date of Patent: December 6, 2022Assignee: INIERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Constantin Mircea Adam, Muhammed Fatih Bulut, Richard Baxter Hull, Anup Kalia, Maja Vukovic, Jin Xiao
-
Publication number: 20220382876Abstract: A vulnerability management method includes analyzing a system environment to uncover one or more vulnerabilities. The method includes subsequently identifying one or more system weaknesses corresponding to the one or more uncovered vulnerabilities and analyzing a set of historical data to identify similar past vulnerabilities. The method further includes analyzing available information to extract one or more impacts of the identified similar past vulnerabilities and determining one or more impacts to the present system environment that would correspond to the extracted one or more impacts of the identified similar past vulnerabilities. The method additionally includes recommending one or more actions to remediate the uncovered vulnerabilities.Type: ApplicationFiled: May 25, 2021Publication date: December 1, 2022Inventors: Sai ZENG, Jinho HWANG, Virginia Mayo Policarpio, Lisa M. Chambers, Constantin Mircea Adam, Muhammed Fatih Bulut
-
Patent number: 11502995Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: GrantFiled: December 14, 2017Date of Patent: November 15, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai Zeng, Guan Qun Zhang, Bhavna Agrawal
-
Publication number: 20220357954Abstract: Systems and techniques that facilitate compliance enforcement via service discovery analytics are provided. In various embodiments, a system can comprise a receiver component that can access one or more declarative deployment manifests associated with a computing application. In various instances, the system can comprise a dependency component that can build a dependency topology based on the one or more declarative deployment manifests. In various cases, the dependency topology can indicate dependencies among one or more computing objects that are declared by the one or more declarative deployment manifests. In various aspects, the system can comprise a compliance component that can determine, based on the dependency topology, whether the computing application satisfies one or more compliance standards.Type: ApplicationFiled: May 4, 2021Publication date: November 10, 2022Inventors: Constantin Mircea Adam, Shripad Nadgowda, James R. Doran, John Rofrano
-
Patent number: 11411979Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance process risk assessment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metric assignment component that assigns one or more risk assessment metrics based on vulnerability data of a compliance process. The computer executable components can further comprise a risk assignment component that assigns a risk score of the compliance process based on the one or more risk assessment metrics.Type: GrantFiled: September 6, 2019Date of Patent: August 9, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Muhammed Fatih Bulut, Milton H. Hernandez, Jinho Hwang, Constantin Mircea Adam, Daniel S. Riley
-
Publication number: 20220131887Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.Type: ApplicationFiled: October 23, 2020Publication date: April 28, 2022Inventors: Lilian Mathias Ngweta, Steven Ocepek, Constantin Mircea Adam, Sai Zeng, Muhammed Fatih Bulut, Milton H. Hernandez
-
Patent number: 11288360Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.Type: GrantFiled: March 4, 2020Date of Patent: March 29, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Richard Jay Cohen, Jeffrey Edward Lammers, Cheng Yi Lee, Brian Peterson, Maja Vukovic, Xiongfei Wei
-
Patent number: 11244012Abstract: Streamlining compliance reporting and remediation through clustering compliance deviations by receiving inspection scan compliance deviation report data, analyzing the inspection scan compliance deviation report data, in response to the analysis, creating normalized deviation report documents, comparing the normalized deviation report documents, in response to the comparisons, clustering the normalized deviation report documents, creating a common cluster deviation profile comprising clustered deviation reports, and generating a summary system asset compliance report comprising the common cluster deviation profile.Type: GrantFiled: November 6, 2019Date of Patent: February 8, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Muhammed Fatih Bulut, Milton H. Hernandez, Maja Vukovic
-
Publication number: 20210357392Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.Type: ApplicationFiled: May 12, 2020Publication date: November 18, 2021Inventors: Muhammed Fatih Bulut, Arun Kumar, Kuntal Dey, Constantin Mircea Adam, Milton H. Hernandez
-
Publication number: 20210279326Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.Type: ApplicationFiled: March 4, 2020Publication date: September 9, 2021Applicant: International Business Machines CorporationInventors: Constantin Mircea Adam, Richard Jay Cohen, Jeffrey Edward Lammers, Cheng Yi Lee, Brian Peterson, Maja Vukovic, Xiongfei Wei
-
Publication number: 20210133254Abstract: Streamlining compliance reporting and remediation through clustering compliance deviations by receiving inspection scan compliance deviation report data, analyzing the inspection scan compliance deviation report data, in response to the analysis, creating normalized deviation report documents, comparing the normalized deviation report documents, in response to the comparisons, clustering the normalized deviation report documents, creating a common cluster deviation profile comprising clustered deviation reports, and generating a summary system asset compliance report comprising the common cluster deviation profile.Type: ApplicationFiled: November 6, 2019Publication date: May 6, 2021Inventors: Constantin Mircea Adam, Muhammed Fatih Bulut, Milton H. Hernandez, Maja Vukovic
-
Publication number: 20210075814Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance process risk assessment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metric assignment component that assigns one or more risk assessment metrics based on vulnerability data of a compliance process. The computer executable components can further comprise a risk assignment component that assigns a risk score of the compliance process based on the one or more risk assessment metrics.Type: ApplicationFiled: September 6, 2019Publication date: March 11, 2021Inventors: Muhammed Fatih Bulut, Milton H. Hernandez, Jinho Hwang, Constantin Mircea Adam, Daniel S. Riley