Patents by Inventor Idan Yehoshua Hen
Idan Yehoshua Hen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240396918Abstract: Multiple variate anomaly detection against multiple scopes of the requested resource. Even if one of the variates patterns is sensitive to physical location of the requestor and/or the resource, not all of the variates of the access pattern will be. Furthermore, even if one of the scopes of the resource is sensitive to physical location of the resource, not all scopes will be. Thus, the use of multiple variates of the access pattern and multiple scopes of the anomaly detection allows for better estimates of anomaly detection to be made, even when the source of the access request is virtualized and/or the location of the resource is virtualized.Type: ApplicationFiled: August 2, 2024Publication date: November 28, 2024Inventors: Andrey KARPOVSKY, Idan Yehoshua HEN
-
Publication number: 20240380785Abstract: Methods, systems, and computer storage media for providing security incident management using a security graph layering engine in a security management system. Security incident management is provided using the security graph layering engine that include multi-layer security graph that supports querying a security graph using a multi-layer representation of data associated with security graph. In operation, a security graph associated with a plurality of security resources in a cloud environment is accessed. Based on accessing the security graph, a multi-layer security graph is generated. The multi-layer security graph is a multi-layer representation of the security. The multi-layer security graph is deployed. A security query associated with the multi-layer security graph is accessed. The security query is executed based on the multi-layer security graph, executing the security query generates a query result.Type: ApplicationFiled: May 9, 2023Publication date: November 14, 2024Inventors: Chen LAHAV, Idan Yehoshua HEN
-
Patent number: 12126637Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.Type: GrantFiled: May 12, 2021Date of Patent: October 22, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Idan Yehoshua Hen, Ilay Grossman, Avichai Ben David
-
Patent number: 12095792Abstract: Multiple variate anomaly detection against multiple scopes of the requested resource. Even if one of the variates patterns is sensitive to physical location of the requestor and/or the resource, not all of the variates of the access pattern will be. Furthermore, even if one of the scopes of the resource is sensitive to physical location of the resource, not all scopes will be. Thus, the use of multiple variates of the access pattern and multiple scopes of the anomaly detection allows for better estimates of anomaly detection to be made, even when the source of the access request is virtualized and/or the location of the resource is virtualized.Type: GrantFiled: January 31, 2022Date of Patent: September 17, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Andrey Karpovsky, Idan Yehoshua Hen
-
Patent number: 11811807Abstract: Conditionally initiating a security measure in response to an estimated increase in risk imposed related to a particular user of a computing network. The risk is determined using a rolling time window. Accordingly, sudden increases in risk are quickly detected, allowing security measures to be taken quickly within that computing network. Thus, improper infiltration into a computing network is less likely to escalate or move laterally to other users or resources within the computing network. Furthermore, the security measure may be automatically initiated using settings pre-configured by the entity. Thus, the security measures go no further than what the entity instructed, thereby minimizing risk of overreaching with the security measure.Type: GrantFiled: May 27, 2021Date of Patent: November 7, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Itay Argoety, Michael Shlomo Navat, Idan Yehoshua Hen, Efrat Reef Guttman
-
Publication number: 20230300156Abstract: Multiple variate anomaly detection against multiple scopes of the requested resource. Even if one of the variates patterns is sensitive to physical location of the requestor and/or the resource, not all of the variates of the access pattern will be. Furthermore, even if one of the scopes of the resource is sensitive to physical location of the resource, not all scopes will be. Thus, the use of multiple variates of the access pattern and multiple scopes of the anomaly detection allows for better estimates of anomaly detection to be made, even when the source of the access request is virtualized and/or the location of the resource is virtualized.Type: ApplicationFiled: January 31, 2022Publication date: September 21, 2023Inventors: Andrey KARPOVSKY, Idan Yehoshua HEN
-
Publication number: 20230231859Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine baseline behaviors from collected data. The processor may also detect that an anomalous event has occurred and may determine at least one feature of the anomalous event that caused the event to be determined to be anomalous. The processor may further identify, from the determined baseline behaviors, a set of baseline behaviors corresponding to the determined at least one feature. The processor may still further generate a message to include an indication that the anomalous event has been detected and the identified set of baseline behaviors and may output the generated message.Type: ApplicationFiled: January 18, 2022Publication date: July 20, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Idan Yehoshua HEN, Andrey KARPOVSKY
-
Publication number: 20230205746Abstract: According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that, when executed by the processor, may cause the processor to receive tabular data of a data source and extract a characteristic of a column based on the received tabular data The processor may determine, through application of modeling, a recommended column type from a predefined table format based on the extracted characteristic of the column. The recommended column type may have at least a predetermined level of match to the extracted characteristic of the column. The processor may assign the recommended column type as a type of the column in the received tabular data to normalize the received tabular data to the predefined table format.Type: ApplicationFiled: December 23, 2021Publication date: June 29, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Idan Yehoshua Hen, Idan Belaiev
-
Publication number: 20220400127Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify a timing at which a user activity occurred and may apply an anomaly detection model on the identified timing at which the user activity occurred, in which the anomaly detection model is to output a risk score corresponding to a deviation of the timing at which the user activity occurred from timings at which the user normally performs user activities. The processor may also determine whether the timing at which the user activity occurred is anomalous based on the risk score and, based on a determination that the timing at which the user activity occurred is anomalous, may output an alert regarding the anomalous timing of the user activity occurrence.Type: ApplicationFiled: June 9, 2021Publication date: December 15, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Idan Yehoshua HEN, Itay ARGOETY, Idan BELAIEV
-
Publication number: 20220385681Abstract: Conditionally initiating a security measure in response to an estimated increase in risk imposed related to a particular user of a computing network. The risk is determined using a rolling time window. Accordingly, sudden increases in risk are quickly detected, allowing security measures to be taken quickly within that computing network. Thus, improper infiltration into a computing network is less likely to escalate or move laterally to other users or resources within the computing network. Furthermore, the security measure may be automatically initiated using settings pre-configured by the entity. Thus, the security measures go no further than what the entity instructed, thereby minimizing risk of overreaching with the security measure.Type: ApplicationFiled: May 27, 2021Publication date: December 1, 2022Inventors: Itay ARGOETY, Michael Shlomo NAVAT, Idan Yehoshua HEN, Efrat Reef GUTTMAN
-
Publication number: 20220366039Abstract: A system to detect an abnormally permissive role definition, which can include an abnormally permissive custom role definition, and take action is described. The system receives a role definition for a security principal over a scope of resources in which the role definition includes a built-in role and a custom role. Permissions of the role definition and a creation event of the role definition are analyzed. A security score based on the role definition and creation event for the scope of resources is determined. An action is taken based on the security score and the creation event analysis.Type: ApplicationFiled: May 13, 2021Publication date: November 17, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Idan Yehoshua Hen, Ilay Grossman, Avichai Ben David
-
Publication number: 20220368712Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to determine that an entity was granted an anomalous role assignment to a managed environment. The processor may also, based on the determination that the role assignment of the entity is anomalous, identify at least one indicator associated with the role assignment, determine an indicator value corresponding to the identified at least one indicator, and determine whether the indicator value exceeds a predefined threshold value. The processor may, based on a determination that the indicator value exceeds the predefined threshold value, output an alert indicating that the role assignment is suspicious.Type: ApplicationFiled: May 12, 2021Publication date: November 17, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Idan Yehoshua HEN, Ilay GROSSMAN, Avichai BEN DAVID