Patents by Inventor Idan Yehoshua Hen

Idan Yehoshua Hen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240396918
    Abstract: Multiple variate anomaly detection against multiple scopes of the requested resource. Even if one of the variates patterns is sensitive to physical location of the requestor and/or the resource, not all of the variates of the access pattern will be. Furthermore, even if one of the scopes of the resource is sensitive to physical location of the resource, not all scopes will be. Thus, the use of multiple variates of the access pattern and multiple scopes of the anomaly detection allows for better estimates of anomaly detection to be made, even when the source of the access request is virtualized and/or the location of the resource is virtualized.
    Type: Application
    Filed: August 2, 2024
    Publication date: November 28, 2024
    Inventors: Andrey KARPOVSKY, Idan Yehoshua HEN
  • Publication number: 20240380785
    Abstract: Methods, systems, and computer storage media for providing security incident management using a security graph layering engine in a security management system. Security incident management is provided using the security graph layering engine that include multi-layer security graph that supports querying a security graph using a multi-layer representation of data associated with security graph. In operation, a security graph associated with a plurality of security resources in a cloud environment is accessed. Based on accessing the security graph, a multi-layer security graph is generated. The multi-layer security graph is a multi-layer representation of the security. The multi-layer security graph is deployed. A security query associated with the multi-layer security graph is accessed. The security query is executed based on the multi-layer security graph, executing the security query generates a query result.
    Type: Application
    Filed: May 9, 2023
    Publication date: November 14, 2024
    Inventors: Chen LAHAV, Idan Yehoshua HEN
  • Patent number: 12126637
    Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.
    Type: Grant
    Filed: May 12, 2021
    Date of Patent: October 22, 2024
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Idan Yehoshua Hen, Ilay Grossman, Avichai Ben David
  • Patent number: 12095792
    Abstract: Multiple variate anomaly detection against multiple scopes of the requested resource. Even if one of the variates patterns is sensitive to physical location of the requestor and/or the resource, not all of the variates of the access pattern will be. Furthermore, even if one of the scopes of the resource is sensitive to physical location of the resource, not all scopes will be. Thus, the use of multiple variates of the access pattern and multiple scopes of the anomaly detection allows for better estimates of anomaly detection to be made, even when the source of the access request is virtualized and/or the location of the resource is virtualized.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: September 17, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrey Karpovsky, Idan Yehoshua Hen
  • Patent number: 11811807
    Abstract: Conditionally initiating a security measure in response to an estimated increase in risk imposed related to a particular user of a computing network. The risk is determined using a rolling time window. Accordingly, sudden increases in risk are quickly detected, allowing security measures to be taken quickly within that computing network. Thus, improper infiltration into a computing network is less likely to escalate or move laterally to other users or resources within the computing network. Furthermore, the security measure may be automatically initiated using settings pre-configured by the entity. Thus, the security measures go no further than what the entity instructed, thereby minimizing risk of overreaching with the security measure.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: November 7, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Itay Argoety, Michael Shlomo Navat, Idan Yehoshua Hen, Efrat Reef Guttman
  • Publication number: 20230300156
    Abstract: Multiple variate anomaly detection against multiple scopes of the requested resource. Even if one of the variates patterns is sensitive to physical location of the requestor and/or the resource, not all of the variates of the access pattern will be. Furthermore, even if one of the scopes of the resource is sensitive to physical location of the resource, not all scopes will be. Thus, the use of multiple variates of the access pattern and multiple scopes of the anomaly detection allows for better estimates of anomaly detection to be made, even when the source of the access request is virtualized and/or the location of the resource is virtualized.
    Type: Application
    Filed: January 31, 2022
    Publication date: September 21, 2023
    Inventors: Andrey KARPOVSKY, Idan Yehoshua HEN
  • Publication number: 20230231859
    Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine baseline behaviors from collected data. The processor may also detect that an anomalous event has occurred and may determine at least one feature of the anomalous event that caused the event to be determined to be anomalous. The processor may further identify, from the determined baseline behaviors, a set of baseline behaviors corresponding to the determined at least one feature. The processor may still further generate a message to include an indication that the anomalous event has been detected and the identified set of baseline behaviors and may output the generated message.
    Type: Application
    Filed: January 18, 2022
    Publication date: July 20, 2023
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Idan Yehoshua HEN, Andrey KARPOVSKY
  • Publication number: 20230205746
    Abstract: According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that, when executed by the processor, may cause the processor to receive tabular data of a data source and extract a characteristic of a column based on the received tabular data The processor may determine, through application of modeling, a recommended column type from a predefined table format based on the extracted characteristic of the column. The recommended column type may have at least a predetermined level of match to the extracted characteristic of the column. The processor may assign the recommended column type as a type of the column in the received tabular data to normalize the received tabular data to the predefined table format.
    Type: Application
    Filed: December 23, 2021
    Publication date: June 29, 2023
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Idan Yehoshua Hen, Idan Belaiev
  • Publication number: 20220400127
    Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify a timing at which a user activity occurred and may apply an anomaly detection model on the identified timing at which the user activity occurred, in which the anomaly detection model is to output a risk score corresponding to a deviation of the timing at which the user activity occurred from timings at which the user normally performs user activities. The processor may also determine whether the timing at which the user activity occurred is anomalous based on the risk score and, based on a determination that the timing at which the user activity occurred is anomalous, may output an alert regarding the anomalous timing of the user activity occurrence.
    Type: Application
    Filed: June 9, 2021
    Publication date: December 15, 2022
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Idan Yehoshua HEN, Itay ARGOETY, Idan BELAIEV
  • Publication number: 20220385681
    Abstract: Conditionally initiating a security measure in response to an estimated increase in risk imposed related to a particular user of a computing network. The risk is determined using a rolling time window. Accordingly, sudden increases in risk are quickly detected, allowing security measures to be taken quickly within that computing network. Thus, improper infiltration into a computing network is less likely to escalate or move laterally to other users or resources within the computing network. Furthermore, the security measure may be automatically initiated using settings pre-configured by the entity. Thus, the security measures go no further than what the entity instructed, thereby minimizing risk of overreaching with the security measure.
    Type: Application
    Filed: May 27, 2021
    Publication date: December 1, 2022
    Inventors: Itay ARGOETY, Michael Shlomo NAVAT, Idan Yehoshua HEN, Efrat Reef GUTTMAN
  • Publication number: 20220366039
    Abstract: A system to detect an abnormally permissive role definition, which can include an abnormally permissive custom role definition, and take action is described. The system receives a role definition for a security principal over a scope of resources in which the role definition includes a built-in role and a custom role. Permissions of the role definition and a creation event of the role definition are analyzed. A security score based on the role definition and creation event for the scope of resources is determined. An action is taken based on the security score and the creation event analysis.
    Type: Application
    Filed: May 13, 2021
    Publication date: November 17, 2022
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Idan Yehoshua Hen, Ilay Grossman, Avichai Ben David
  • Publication number: 20220368712
    Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.
    Type: Application
    Filed: May 12, 2021
    Publication date: November 17, 2022
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Idan Yehoshua HEN, Ilay GROSSMAN, Avichai BEN DAVID