Patents by Inventor Itai Grady
Itai Grady has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11818228Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.Type: GrantFiled: September 22, 2016Date of Patent: November 14, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
-
Patent number: 11025668Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: GrantFiled: November 13, 2018Date of Patent: June 1, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Patent number: 10623234Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.Type: GrantFiled: June 8, 2017Date of Patent: April 14, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Sivan Krigsman, Tal Be'ery, Itai Grady, Yaron Kaner, Amit Rosenzweig, Tom Jurgenson
-
Patent number: 10609048Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the loType: GrantFiled: August 27, 2018Date of Patent: March 31, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady
-
Publication number: 20190207956Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the loType: ApplicationFiled: August 27, 2018Publication date: July 4, 2019Inventors: Tal Arieh Be'ery, Itai Grady
-
Publication number: 20190104153Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: ApplicationFiled: November 13, 2018Publication date: April 4, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Publication number: 20180359136Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.Type: ApplicationFiled: June 8, 2017Publication date: December 13, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Sivan KRIGSMAN, Tal Be'ery, Itai Grady, Yaron Kaner, Amit Rosenzweig, Tom Jurgenson
-
Patent number: 10129298Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: GrantFiled: June 30, 2016Date of Patent: November 13, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Patent number: 10063571Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the loType: GrantFiled: January 4, 2016Date of Patent: August 28, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady
-
Publication number: 20180218134Abstract: The present disclosure is directed to systems, methods and devices for determining computer ownership in a distributed computer network associated with a directory service. Username similarity between username textual attributes and a computer's associated account management name may be determined. Network traffic information and event logs may be analyzed and determinations regarding local behavior and user behavior relating to a plurality of computers on a distributed computer network may be made. Local user data and an owner candidate list may be generated therefrom. Directory service data, including ownership attributes, may be analyzed to determine whether a user is the owner of a computer.Type: ApplicationFiled: May 27, 2017Publication date: August 2, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Igal Gofman, Marina Simakov, Itai Grady, Gil David
-
Publication number: 20180084069Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
-
Publication number: 20180007087Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: ApplicationFiled: June 30, 2016Publication date: January 4, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Patent number: 9860260Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.Type: GrantFiled: April 3, 2017Date of Patent: January 2, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik
-
Publication number: 20170208076Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.Type: ApplicationFiled: April 3, 2017Publication date: July 20, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik
-
Publication number: 20170195346Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the loType: ApplicationFiled: January 4, 2016Publication date: July 6, 2017Inventors: Tal Arieh BE'ERY, Itai GRADY
-
Patent number: 9614861Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.Type: GrantFiled: August 26, 2015Date of Patent: April 4, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik
-
Publication number: 20170063882Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.Type: ApplicationFiled: August 26, 2015Publication date: March 2, 2017Applicant: Microsoft Technology Licensing, LLC.Inventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik