Patents by Inventor Dmitri Alperovitch
Dmitri Alperovitch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240028717Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: October 3, 2023Publication date: January 25, 2024Inventors: Adam S. Meyers, David F. Diehl, Dmitri Alperovitch, George Robert Kurtz, Sven Krasser
-
Patent number: 11809555Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: GrantFiled: May 27, 2020Date of Patent: November 7, 2023Assignee: CrowdStrike, Inc.Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Publication number: 20210117544Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.Type: ApplicationFiled: June 28, 2019Publication date: April 22, 2021Inventors: George Robert Kurtz, Dmitri Alperovitch, Amol Kulkarni, Jan Miller, Daniel Radu
-
Patent number: 10853491Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: June 13, 2018Date of Patent: December 1, 2020Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Publication number: 20200285739Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: May 27, 2020Publication date: September 10, 2020Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Publication number: 20200285740Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: ApplicationFiled: May 27, 2020Publication date: September 10, 2020Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Patent number: 10713356Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.Type: GrantFiled: March 4, 2013Date of Patent: July 14, 2020Assignee: CrowdStrike, Inc.Inventors: Adam S. Meyers, Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser
-
Publication number: 20190138723Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: June 13, 2018Publication date: May 9, 2019Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 10050917Abstract: Methods and systems for assigning reputation to communications entities include collecting communications data from distributed agents, aggregating the communications data, analyzing the communications data and identifying relationships between communications entities based upon the communications data.Type: GrantFiled: June 16, 2014Date of Patent: August 14, 2018Assignee: McAfee, LLCInventors: Dmitri Alperovitch, Martin Stecher, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski, Tomo Foote-Lennox, Jeremy Gould, Paula Greve, Alejandro Manuel Hernandez, Paul Judge, Sven Krasser, Tim Lange, Phyllis Adele Schneck
-
Patent number: 10002250Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: December 29, 2016Date of Patent: June 19, 2018Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9904784Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: April 10, 2017Date of Patent: February 27, 2018Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9858626Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: GrantFiled: July 6, 2015Date of Patent: January 2, 2018Assignee: CrowdStrike, Inc.Inventors: Dmitri Alperovitch, George Robert Kurtz, David Frederick Diehl, Sven Krasser, Adam S. Meyers
-
Publication number: 20170213031Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: April 10, 2017Publication date: July 27, 2017Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9661017Abstract: A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection.Type: GrantFiled: August 31, 2015Date of Patent: May 23, 2017Assignee: McAfee, Inc.Inventors: Dmitri Alperovitch, Sven Krasser
-
Publication number: 20170109530Abstract: A security agent is described herein. The security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The security agent may also deceive an adversary associated with malicious code. Further, the security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: ApplicationFiled: December 29, 2016Publication date: April 20, 2017Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9621515Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: May 12, 2015Date of Patent: April 11, 2017Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9571453Abstract: A kernel-level security agent is described herein. The kernel-level security agent is configured to observe events, filter the observed events using configurable filters, route the filtered events to one or more event consumers, and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel-level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code, performs a preventative action. The kernel-level security agent may also deceive an adversary associated with malicious code. Further, the kernel-level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.Type: GrantFiled: December 24, 2013Date of Patent: February 14, 2017Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Dmitri Alperovitch, Ion-Alexandru Ionescu, George Robert Kurtz
-
Patent number: 9544272Abstract: Methods and systems for operation upon one or more data processors for detecting image spam by detecting an image and analyzing the content of the image to determine whether the incoming communication comprises an unwanted communication.Type: GrantFiled: June 16, 2014Date of Patent: January 10, 2017Assignee: Intel CorporationInventors: Dmitri Alperovitch, Nick Black, Jeremy Gould, Paul Judge, Sven Krasser, Phyllis Adele Schneck, Yuchun Tang, Aarjav Jyotindra Neeta Trivedi, Lamar Lorenzo Willis, Weilai Yang, Jonathan Alexander Zdziarski
-
Patent number: 9292881Abstract: Techniques for social sharing security information between client entities forming a group are described herein. The group of client entities is formed as a result of a security server providing one or more secure mechanisms for forming a group among client entities, the client entities each belonging to a different organization. The security service then automatically shares security information of a client entity in the group with one or more other client entities in the group.Type: GrantFiled: June 29, 2012Date of Patent: March 22, 2016Assignee: CrowdStrike, Inc.Inventors: Dmitri Alperovitch, George Robert Kurtz, David F. Diehl, Sven Krasser, Adam S. Meyers
-
Publication number: 20150373033Abstract: A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection.Type: ApplicationFiled: August 31, 2015Publication date: December 24, 2015Inventors: Dmitri Alperovitch, Sven Krasser