Patents by Inventor Itai Grady

Itai Grady has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11818228
    Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: November 14, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
  • Patent number: 11025668
    Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: June 1, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
  • Patent number: 10623234
    Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: April 14, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Sivan Krigsman, Tal Be'ery, Itai Grady, Yaron Kaner, Amit Rosenzweig, Tom Jurgenson
  • Patent number: 10609048
    Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: March 31, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady
  • Publication number: 20190207956
    Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo
    Type: Application
    Filed: August 27, 2018
    Publication date: July 4, 2019
    Inventors: Tal Arieh Be'ery, Itai Grady
  • Publication number: 20190104153
    Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.
    Type: Application
    Filed: November 13, 2018
    Publication date: April 4, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
  • Publication number: 20180359136
    Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.
    Type: Application
    Filed: June 8, 2017
    Publication date: December 13, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Sivan KRIGSMAN, Tal Be'ery, Itai Grady, Yaron Kaner, Amit Rosenzweig, Tom Jurgenson
  • Patent number: 10129298
    Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: November 13, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
  • Patent number: 10063571
    Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: August 28, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady
  • Publication number: 20180218134
    Abstract: The present disclosure is directed to systems, methods and devices for determining computer ownership in a distributed computer network associated with a directory service. Username similarity between username textual attributes and a computer's associated account management name may be determined. Network traffic information and event logs may be analyzed and determinations regarding local behavior and user behavior relating to a plurality of computers on a distributed computer network may be made. Local user data and an owner candidate list may be generated therefrom. Directory service data, including ownership attributes, may be analyzed to determine whether a user is the owner of a computer.
    Type: Application
    Filed: May 27, 2017
    Publication date: August 2, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Igal Gofman, Marina Simakov, Itai Grady, Gil David
  • Publication number: 20180084069
    Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.
    Type: Application
    Filed: September 22, 2016
    Publication date: March 22, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
  • Publication number: 20180007087
    Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.
    Type: Application
    Filed: June 30, 2016
    Publication date: January 4, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
  • Patent number: 9860260
    Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.
    Type: Grant
    Filed: April 3, 2017
    Date of Patent: January 2, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik
  • Publication number: 20170208076
    Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.
    Type: Application
    Filed: April 3, 2017
    Publication date: July 20, 2017
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik
  • Publication number: 20170195346
    Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo
    Type: Application
    Filed: January 4, 2016
    Publication date: July 6, 2017
    Inventors: Tal Arieh BE'ERY, Itai GRADY
  • Patent number: 9614861
    Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: April 4, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik
  • Publication number: 20170063882
    Abstract: Monitoring of a life cycle of a connection of a network client device to a network via monitoring time synchronization traffic flowing between one or more network client devices and a time server in a network is provided. A system for monitoring a life cycle of a connection of a network client device to a network includes a security device operable to identify a true identity of the one or more network client devices, identify a network client device's connections to and disconnections from the network, determine which network client devices have been associated with a particular internet protocol (IP) address, and generate an output of connection and disconnection information associated with a network client device. In some examples, the security device is operable to detect anomalies and malicious patterns in the network.
    Type: Application
    Filed: August 26, 2015
    Publication date: March 2, 2017
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Tal Arieh Be'ery, Itai Grady, Idan Plotnik