Patents by Inventor Doron Kolton
Doron Kolton has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10015193Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.Type: GrantFiled: December 2, 2015Date of Patent: July 3, 2018Assignee: TOPSPIN SECURITY LTDInventors: Doron Kolton, Rami Mizrahi, Manor Hemel, Omer Zohar
-
Patent number: 9992225Abstract: A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.Type: GrantFiled: September 8, 2015Date of Patent: June 5, 2018Inventors: Doron Kolton, Rami Mizrahi, Omer Zohar, Benny Ben-Rabi, Alex Barbalat, Shlomi Gabai
-
Patent number: 9807115Abstract: A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.Type: GrantFiled: July 18, 2016Date of Patent: October 31, 2017Assignee: TOPSPIN SECURITY LTDInventors: Doron Kolton, Rami Mizrahi, Omer Zohar, Benny Ben-Rabi, Alex Barbalat, Shlomi Gabai
-
Patent number: 9807114Abstract: A system for identifying the presence of advanced persistent threats on a network including a plurality of resources, interconnected to form a network, at least one decoy resource, at least one mini-trap installed on at least one of the plurality of resources and functionally associated with at one of the at least one decoy resource, the at least one mini-trap comprising deceptive information directing malware accessing the at least one mini-trap to the decoy resource associated therewith, and a manager node forming part of the network, locally or remotely, and configured to manage placement of the at least one mini-trap on the at least one of the plurality of resources and association between the at least one mini-trap and the decoy resource associated therewith.Type: GrantFiled: September 3, 2015Date of Patent: October 31, 2017Assignee: TOPSPIN SECURTIY LTDInventors: Doron Kolton, Rami Mizrahi, Omer Zohar, Benny Ben-Rabi, Alex Barbalat, Shlomi Gabai
-
Publication number: 20160323316Abstract: A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.Type: ApplicationFiled: July 18, 2016Publication date: November 3, 2016Inventors: Doron Kolton, Rami Mizrahi, Omer Zohar, Benny Ben-Rabi, Alex Barbalat, Shlomi Gabai
-
Publication number: 20160112440Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.Type: ApplicationFiled: December 2, 2015Publication date: April 21, 2016Inventors: Doron KOLTON, Rami MIZRAHI, Manor HEMEL, Omer ZOHAR
-
Publication number: 20160080414Abstract: A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.Type: ApplicationFiled: September 8, 2015Publication date: March 17, 2016Inventors: Doron Kolton, Rami Mizrahi, Omer Zohar, Benny Ben-Rabi, Alex Barbalat, Shlomi Gabai
-
Publication number: 20160072838Abstract: A system for identifying the presence of advanced persistent threats on a network including a plurality of resources, interconnected to form a network, at least one decoy resource, at least one mini-trap installed on at least one of the plurality of resources and functionally associated with at one of the at least one decoy resource, the at least one mini-trap comprising deceptive information directing malware accessing the at least one mini-trap to the decoy resource associated therewith, and a manager node forming part of the network, locally or remotely, and configured to manage placement of the at least one mini-trap on the at least one of the plurality of resources and association between the at least one mini-trap and the decoy resource associated therewith.Type: ApplicationFiled: September 3, 2015Publication date: March 10, 2016Inventors: Doron Kolton, Rami Mizrahi, Omer Zohar, Benny Ben-Rabi, Alex Barbalat, Shlomi Gabai
-
Patent number: 8595835Abstract: Systems and methods for identification of network attacks are disclosed. An example system includes an adaptor module to route a received encrypted packet to a decryption module, receive a decrypted packet corresponding to the encrypted packet from the decryption module, and transmit the decrypted packet and the encrypted packet to a sensor module. The decryption module is to receive an encrypted packet, decrypt the encrypted packet to form the decrypted packet, and transmit the decrypted packet to the adaptor module. The sensor module is to inspect the decrypted packet and the encrypted packet received from the adaptor module to determine when an attack is detected.Type: GrantFiled: January 13, 2011Date of Patent: November 26, 2013Assignee: Trustwave Holdings, Inc.Inventors: Doron Kolton, Adi Stav, Asaf Wexler, Ariel Ernesto Frydman, Yoram Zahavi
-
Patent number: 8180886Abstract: In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.Type: GrantFiled: November 13, 2008Date of Patent: May 15, 2012Assignee: TrustWave Holdings, Inc.Inventors: Kevin Overcash, Doron Kolton, Rami Mizrahi
-
Publication number: 20110283101Abstract: A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.Type: ApplicationFiled: January 13, 2011Publication date: November 17, 2011Applicant: TRUSTWAVE HOLDINGS, INC.Inventors: Doron Kolton, Adi Stav, Asaf Wexler, Ariel Ernesto Frydman, Yoram Zahavi
-
Patent number: 7934253Abstract: A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat.Type: GrantFiled: September 14, 2006Date of Patent: April 26, 2011Assignee: TrustWave Holdings, Inc.Inventors: Kevin Overcash, Kate Delikat, Rami Mizrahi, Galit Efron, Doron Kolton, Asaf Wexler, Netta Gavrieli, Yoram Zahavi
-
Patent number: 7895652Abstract: A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.Type: GrantFiled: January 4, 2006Date of Patent: February 22, 2011Assignee: Trustwave Holdings, Inc.Inventors: Doron Kolton, Adi Stav, Asaf Wexler, Ariel Ernesto Frydman, Yoram Zahavi
-
Publication number: 20090138592Abstract: In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.Type: ApplicationFiled: November 13, 2008Publication date: May 28, 2009Inventors: Kevin Overcash, Doron Kolton, Rami Mizrahi
-
Publication number: 20080047009Abstract: A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.Type: ApplicationFiled: July 20, 2006Publication date: February 21, 2008Inventors: Kevin Overcash, Kate Delikat, Rami Mizrahi, Galit Efron (Njtzan), Doron Kolton, Asaf Wexler, Netta Gavrieli, Yoram Zahavi
-
Publication number: 20080034425Abstract: A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat.Type: ApplicationFiled: September 14, 2006Publication date: February 7, 2008Inventors: Kevin Overcash, Kate Delikate, Rami Mizrahi, Galit Efron, Doron Kolton, Asaf Wexler, Netta Gavrieli, Yoram Zahavi
-
Publication number: 20080034424Abstract: A system and method for protection of Web based applications are described. An agent is included in a web server such that traffic is routed through the agent. A security module is also in communication with the agent. The agent receives information about the application profile, and patterns of acceptable traffic behavior, from the security module. The agent acts as a gatekeeper, holding up suspicious traffic that does not match the pattern of acceptable traffic behavior until the suspicious traffic has been analyzed by the security module. Using the agent, malicious traffic can dropped before it can reach the application, or the user can be logged out, or both.Type: ApplicationFiled: September 14, 2006Publication date: February 7, 2008Inventors: Kevin Overcash, Kate Delikate, Rami Mizrahi, Galit Efron, Doron Kolton, Asaf Wexler, Netta Gavrieli, Yoram Zahavi
-
Publication number: 20070169190Abstract: A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.Type: ApplicationFiled: January 4, 2006Publication date: July 19, 2007Inventors: Doron Kolton, Adi Stav, Asaf Wexler, Ariel Frydman, Yoram Zahavi
-
Patent number: 6032168Abstract: In a parallel computer system having N parallel computing units a data pipeline connects all the computing units. In addition the computing units are coupled to a random access memory so that each computing unit is assigned to one column of the memory array. To perform a digital signal processing filter operation the required coefficients are stored in the memory so that one or more different filter operations can be carried out in an interleaved way.Type: GrantFiled: August 15, 1997Date of Patent: February 29, 2000Assignee: Motorola, Inc.Inventors: Yaron Ben-Arie, Effi Orian, Itzhak Barak, Jacob Kirschenbaum, Doron Kolton, Shay-Ping Thomas Wang, Shao-Wei Pan, Stephen-Chih-Hung Ma