Patents by Inventor David Frederick Diehl
David Frederick Diehl has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9866528Abstract: A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.Type: GrantFiled: August 17, 2015Date of Patent: January 9, 2018Assignee: McAfee, LLCInventors: Geoffrey Howard Cooper, David Frederick Diehl, Vinay A. Mahadik, Ramnath Venugopalan
-
Patent number: 9858626Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: GrantFiled: July 6, 2015Date of Patent: January 2, 2018Assignee: CrowdStrike, Inc.Inventors: Dmitri Alperovitch, George Robert Kurtz, David Frederick Diehl, Sven Krasser, Adam S. Meyers
-
Patent number: 9798882Abstract: A model representing system components and events of a plurality of monitored devices as data objects is described herein. The model resides on a security service cloud and is updated in substantially real-time, as security-relevant information about the system components and events is received by the security service cloud. Each data object in the model has a scope and different actions are taken by security service cloud modules depending on different data object scopes. Further, the security service cloud maintains a model specific to each monitored device built in substantially real-time as the security-relevant information from that device is received. The security service cloud utilizes these device-specific models to detect security concerns and respond to those concerns in substantially real-time.Type: GrantFiled: June 6, 2014Date of Patent: October 24, 2017Assignee: CrowdStrike, Inc.Inventors: David Frederick Diehl, Leif Air Fire Grosch Jackson, James Robert Plush
-
Patent number: 9516062Abstract: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.Type: GrantFiled: December 22, 2014Date of Patent: December 6, 2016Assignee: McAfee, Inc.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Michael W. Green, Robert Ma
-
Patent number: 9413785Abstract: A method is described in example embodiments below that include receiving a content tag associated with transferring a file over a network connection. A session descriptor may also be received. The session descriptor and the content tag may be correlated with a network policy, which may be applied to the network connection. In some embodiments, the content tag may be received with the session descriptor. The file may be tainted by another file in some embodiments, and the content tag may be associated with other file.Type: GrantFiled: May 15, 2014Date of Patent: August 9, 2016Assignee: McAfee, Inc.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Robert Ma
-
Publication number: 20150365380Abstract: A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.Type: ApplicationFiled: August 17, 2015Publication date: December 17, 2015Applicant: MCAFEE, INC.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Vinay A. Mahadik, Ramnath Venugopalan
-
Publication number: 20150356301Abstract: A model representing system components and events of a plurality of monitored devices as data objects is described herein. The model resides on a security service cloud and is updated in substantially real-time, as security-relevant information about the system components and events is received by the security service cloud. Each data object in the model has a scope and different actions are taken by security service cloud modules depending on different data object scopes. Further, the security service cloud maintains a model specific to each monitored device built in substantially real-time as the security-relevant information from that device is received. The security service cloud utilizes these device-specific models to detect security concerns and respond to those concerns in substantially real-time.Type: ApplicationFiled: June 6, 2014Publication date: December 10, 2015Inventors: David Frederick Diehl, Leif Air Fire Grosch Jackson, James Robert Plush
-
Publication number: 20150326614Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: ApplicationFiled: July 6, 2015Publication date: November 12, 2015Inventors: Dmitri Alperovitch, George Robert Kurtz, David Frederick Diehl, Sven Krasser, Adam S. Meyers
-
Patent number: 9112830Abstract: A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.Type: GrantFiled: February 23, 2011Date of Patent: August 18, 2015Assignee: McAfee, Inc.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Vinay A. Mahadik, Ramnath Venugopalan
-
Patent number: 9106680Abstract: A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.Type: GrantFiled: June 27, 2011Date of Patent: August 11, 2015Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Zheng Bu, David Frederick Diehl, Sven Krasser
-
Publication number: 20150180903Abstract: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.Type: ApplicationFiled: December 22, 2014Publication date: June 25, 2015Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Michael W. Green, Robert Ma
-
Patent number: 9049171Abstract: A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.Type: GrantFiled: February 23, 2011Date of Patent: June 2, 2015Assignee: McAfee, Inc.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Vinay A. Mahadik, Ramnath Venugopalan
-
Patent number: 8931043Abstract: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.Type: GrantFiled: April 10, 2012Date of Patent: January 6, 2015Assignee: McAfee Inc.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Michael W. Green, Robert Ma
-
Publication number: 20140250492Abstract: A method is described in example embodiments below that include receiving a content tag associated with transferring a file over a network connection. A session descriptor may also be received. The session descriptor and the content tag may be correlated with a network policy, which may be applied to the network connection. In some embodiments, the content tag may be received with the session descriptor. The file may be tainted by another file in some embodiments, and the content tag may be associated with other file.Type: ApplicationFiled: May 15, 2014Publication date: September 4, 2014Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Robert Ma
-
Patent number: 8739272Abstract: A method is described in example embodiments below that include receiving a content tag associated with transferring a file over a network connection. A session descriptor may also be received. The session descriptor and the content tag may be correlated with a network policy, which may be applied to the network connection. In some embodiments, the content tag may be received with the session descriptor. The file may be tainted by another file in some embodiments, and the content tag may be associated with other file.Type: GrantFiled: April 2, 2012Date of Patent: May 27, 2014Assignee: McAfee, Inc.Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Robert Ma
-
Publication number: 20130268994Abstract: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.Type: ApplicationFiled: April 10, 2012Publication date: October 10, 2013Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Michael W. Green, Robert Ma
-
Publication number: 20120331556Abstract: A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.Type: ApplicationFiled: June 27, 2011Publication date: December 27, 2012Inventors: Dmitri Alperovitch, Zheng Bu, David Frederick Diehl, Sven Krasser
-
Publication number: 20120216271Abstract: A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.Type: ApplicationFiled: February 23, 2011Publication date: August 23, 2012Inventors: Geoffrey Howard Cooper, David Frederick Diehl, Vinay A. Mahadik, Ramnath Venugopalan