Patents by Inventor Deb Banerjee

Deb Banerjee has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12107869
    Abstract: A dynamic threat landscape to which computer resources of a specific enterprise are subject is tracked. Data feeds maintained by a security system of the enterprise are assessed. The effectiveness of data feed utilization by the security system is quantified, relative to the threat landscape. Threat detection rules deployed by the security system are assessed, and the effectiveness thereof by the security system is quantified. Processing capability of alerts generated by threat detection rules and threat response capability may also be assessed and quantified. The effectiveness of the security system as a whole is automatically quantified, based on the tracked threat landscape, the quantifications of the effectiveness of data feed utilization, threat detection rule utilization, processing capability of alerts generated by threat detection rules and/or threat response capability. Recommendations concerning more effectively protecting the enterprise against specific threats are output.
    Type: Grant
    Filed: January 20, 2021
    Date of Patent: October 1, 2024
    Assignee: Anvilogic, Inc.
    Inventors: Karthik Kannan, Deb Banerjee, Mackenzie Kyle, Benjamin Arnold, Kevin Gonzalez, Jeswanth Manikonda
  • Patent number: 11736527
    Abstract: A multi-enterprise system for selecting custom high-value sets of SIEM rules for individual member enterprises communicates with member enterprises via network connections. User interfaces are implemented to enable member enterprises to access the system for search, download, and other functions. Advanced rule identification using a sophisticated security knowledge graph enhances processing efficiency and effectiveness.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: August 22, 2023
    Assignee: ANVILOGIC, INC.
    Inventors: Satheesh Kumar Joseph Durairaj, Deb Banerjee, Karthik Kannan
  • Patent number: 11399041
    Abstract: Described are platforms, systems, and methods for providing a set of detection rules for a security threat. In one aspect, a method comprises receiving, from an interface, a request for a set of detection rules to detect a specified security threat, the request comprising a threat landscape of an enterprise; processing the request through a machine-learning model to determine the set of detection rules, the machine-learning model trained with threat context data and other detection rules provided by a plurality of other enterprises; wherein each detection rule is included in the set of detection rules based on a relevance factor meeting a threshold, and wherein the relevance factor for each respective detection rule is determined based on an efficacy of detecting the security threat within the threat landscape; and providing, through the interface, the set of detection rules.
    Type: Grant
    Filed: November 20, 2020
    Date of Patent: July 26, 2022
    Assignee: ANVILOGIC, INC.
    Inventors: Karthik Kannan, Deb Banerjee
  • Patent number: 11290483
    Abstract: Described are platforms, systems, and methods for providing a threat scenario rule to detect a specified threat scenario use case. In one aspect, a method comprises: receiving, from an interface, a set of threat detection parameters; determining a set of recommended threat identifier use cases from a plurality of threat identifier use cases based on the set of threat detection parameters; providing, to the interface, the set of recommended threat identifier use cases; receiving, from the interface, a threat scenario use case comprising a selection of the set of recommended threat identifier use cases; determining a threat scenario rule comprising logic to detect the threat scenario use case; and providing the threat scenario rule to the interface.
    Type: Grant
    Filed: April 6, 2021
    Date of Patent: March 29, 2022
    Assignee: ANVILOGIC, INC.
    Inventors: Karthik Kannan, Deb Banerjee, Mackenzie Kyle, Kevin Gonzalez, Jeswanth Manikonda
  • Patent number: 11055652
    Abstract: Described are platforms, systems, and methods for sharing detection logic through a cloud-based exchange platform. In one aspect, a method comprises receiving detection logic from an enterprise; standardizing the detection logic based on a plurality of security frameworks to define attacks and classify protection techniques; processing the standardized detection logic through a machine-learning model to curate and improve the detection logic, the machine-learning model trained with active telemetry regarding a performance of the detection logic in an operating environment; and providing the standardized detection logic and the active telemetry to an interface.
    Type: Grant
    Filed: November 20, 2020
    Date of Patent: July 6, 2021
    Assignee: ANVILOGIC, INC.
    Inventors: Karthik Kannan, Deb Banerjee
  • Patent number: 10291654
    Abstract: Techniques are disclosed for constructing network whitelists in server endpoints using host-based security controls. Once constructed, the network whitelists are used to detect unauthorized communications at the server endpoints. In one embodiment, a method is disclosed for constructing a network whitelist. The method includes identifying at least a first application hosted on a computing system. The method also includes inspecting one or more configuration files associated with the first application to identify one or more configuration settings that specify how the first application communicates with one or more second applications. The method further includes generating a whitelist that specifies expected network communications activity for the first application, based on the configuration settings.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: May 14, 2019
    Assignee: Symantec Corporation
    Inventors: Deb Banerjee, Susan Hassall
  • Patent number: 10171483
    Abstract: An intrusion device identifies network data to be sent to a destination endpoint and determines a sensitivity level of the destination endpoint based on asset valuation. The intrusion device identifies a subset of signatures that corresponds to the sensitivity level of the destination endpoint and determines whether the network data includes an intrusion based on the subset of signatures.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: January 1, 2019
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9880757
    Abstract: The present disclosure provides systems and methods for automatically provisioning the security profile for production data to copy data. In some instances the security provisioning for the copy data is made at the time the production data is copied. In other instances, the security provisioning occurs in a secondary application using the copy data.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: January 30, 2018
    Assignee: Symantec Corporation
    Inventors: Deb Banerjee, Steven A. Vranyes
  • Patent number: 9813418
    Abstract: A computing system detects an access transaction based on one or more resource authorization messages transmitted via a resource authorization protocol. The access transaction pertains to access of a protected resource by a consumer cloud, the protected resource hosted by a provider cloud. The computing system generates relationship data based on the resource authorization messages. The relationship data can indicate a resource owner that is granting the access, the consumer cloud, and/or the provider cloud. The computing system performs an access control action in relation to the access transaction based on the relationship data. The access control action can be allowing the consumer cloud access to the protected resource or denying the consumer cloud access to the protected resource.
    Type: Grant
    Filed: January 5, 2015
    Date of Patent: November 7, 2017
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9794289
    Abstract: A workload to be provided by one or more network resources may be identified. The workload may be analyzed to determine one or more attributes of the workload. Furthermore, a general policy may be identified based on the one or more attributes of the workload. One or more security policies may be applied to a network resource that provides the workload. The one or more security policies may satisfy one or more requirements of the general policy.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: October 17, 2017
    Assignee: Symantec Corporation
    Inventors: Deb Banerjee, Sheetal Venkatesh Yelimeli, Smita Gadre
  • Patent number: 9705923
    Abstract: A method of automating security provisioning is provided. The method includes receiving a request to start a virtual application and determining an owner of the virtual application. The method includes determining a workload based on the virtual application, the workload including an application and a virtual machine and assigning the workload to a security container or sub-container, among a plurality of security containers, based on the owner of the virtual application.
    Type: Grant
    Filed: September 2, 2014
    Date of Patent: July 11, 2017
    Assignee: SYMANTEC CORPORATION
    Inventor: Deb Banerjee
  • Patent number: 9699141
    Abstract: An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.
    Type: Grant
    Filed: April 3, 2013
    Date of Patent: July 4, 2017
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9690925
    Abstract: A server computer system identifies a request from an application hosted on a mobile device to consume a protected resource hosted by a cloud. The request is transmitted via a resource authorization protocol. The server computer system identifies a token state of an application on the mobile device. The token state is stored in a policy data store that is separate from expiration data that is stored on an access token on the mobile device. The server computer system determines whether the token state violates a security policy that is associated with a user that is assigned to the mobile device and prevents consumption of the protected resource in response to a determination that the token state violates the security policy. The server computer system allows consumption of the protected resource in response to a determination that the token state does not violate the security policy.
    Type: Grant
    Filed: August 30, 2012
    Date of Patent: June 27, 2017
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Publication number: 20170093918
    Abstract: Techniques are disclosed for constructing network whitelists in server endpoints using host-based security controls. Once constructed, the network whitelists are used to detect unauthorized communications at the server endpoints. In one embodiment, a method is disclosed for constructing a network whitelist. The method includes identifying at least a first application hosted on a computing system. The method also includes inspecting one or more configuration files associated with the first application to identify one or more configuration settings that specify how the first application communicates with one or more second applications. The method further includes generating a whitelist that specifies expected network communications activity for the first application, based on the configuration settings.
    Type: Application
    Filed: September 30, 2015
    Publication date: March 30, 2017
    Inventors: Deb BANERJEE, Susan HASSALL
  • Patent number: 9461984
    Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: October 4, 2016
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9448826
    Abstract: Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The policy may be based on user identities, virtual machine image attributes, data classifications, or other criteria. Upon determining whether the request conforms to policy, the policy management engine allows the request, blocks the request, or triggers a management approval workflow.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: September 20, 2016
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9407664
    Abstract: A computer-implemented method for enforcing enterprise data access control policies in cloud computing environments may include (1) intercepting, at a proxy, an attempt to configure a computing instance on a cloud computing platform with a permission that would provide the computing instance with access to secured data on the cloud computing platform, (2) identifying a user within an enterprise that initiated the attempt to configure the computing instance with the permission, (3) determining, based on a data access control policy for the enterprise, that the user is not entitled to access the secured data, and (4) blocking the attempt to configure the computing instance with the permission based on determining that the user is not entitled to access the secured data. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: August 2, 2016
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9300691
    Abstract: A computer-implemented method for enforcing secure network segmentation for sensitive workloads may include (1) identifying a sensitive workload that is deployed within a subnet of a segmented network on a remote workload hosting platform, (2) identifying a security policy that applies to the sensitive workload, wherein a deployment of the sensitive workload within the subnet of the segmented network complies with the security policy, (3) intercepting, at a proxy, an attempt to reconfigure the deployment of the sensitive workload within the segmented network on the remote workload hosting platform, (4) determining that the attempt to reconfigure the deployment of the sensitive workload could result in a violation of the security policy, and (5) enforcing, on the proxy, the security policy on the attempt to reconfigure the deployment of the sensitive workload. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 18, 2013
    Date of Patent: March 29, 2016
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Publication number: 20160065618
    Abstract: A method of automating security provisioning is provided. The method includes receiving a request to start a virtual application and determining an owner of the virtual application. The method includes determining a workload based on the virtual application, the workload including an application and a virtual machine and assigning the workload to a security container or sub-container, among a plurality of security containers, based on the owner of the virtual application.
    Type: Application
    Filed: September 2, 2014
    Publication date: March 3, 2016
    Inventor: Deb Banerjee
  • Patent number: 9225735
    Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: December 29, 2015
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee