Patents by Inventor ITAI GRADY ASHKENAZY
ITAI GRADY ASHKENAZY has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230244916Abstract: The techniques disclosed herein identify ransomware attacks as they are occurring, improving the security and functionality of computer systems. Ransomware attacks are identified using a new probabilistic machine learning model that better handles the unique properties of ransomware data. Ransomware data includes a list of computing operations, some of which are labeled as being associated with ransomware attacks. In contrast to deterministic machine learning techniques that learn weights, probabilistic machine learning techniques learn the parameters of a distribution function. In some configurations, a radial Spike and Slab distribution function is used within a Bayesian neural network framework to better handle sparse, missing, and imbalanced data. Once trained, the machine learning model may be provided with real-time operations, e.g., from a cloud service security module, from which to infer whether a ransomware attack is taking place.Type: ApplicationFiled: April 14, 2022Publication date: August 3, 2023Inventors: Jack Wilson STOKES, III, Jurijs NAZAROVS, Melissa TURCOTTE, Justin CARROLL, Itai GRADY ASHKENAZY
-
Publication number: 20210367956Abstract: A target system is verified against one or more security threats. A selection of a threat type for an attack vector for verifying defensive capabilities of a target system is received via a user interface. A selection of one or more selectable parameters for delivery of the threat type to the target system is received via the user interface. In response to selection of the threat type and the selected parameters, a base binary executable and a library comprising functions for generating attack vectors is accessed. One or more functions from the library are added to the base binary executable based on the selected threat type and the selected parameters. A payload is generated that implements the selected threat type and the selected parameters in a delivery format based on the selected parameters.Type: ApplicationFiled: May 22, 2020Publication date: November 25, 2021Inventors: Guy PERGAL, Israel Rotem SALINAS, Abhijeet Surendra HATEKAR, Itai GRADY ASHKENAZY
-
Patent number: 11126713Abstract: A system for detecting directory reconnaissance in a directory service includes a sensor and a directory reconnaissance detector, each of which is executing on one or more computing devices. The sensor determines whether a query that is submitted to a directory server is a suspicious query and, if the query is determined to be a suspicious query, transmits the suspicious query to the directory reconnaissance detector. The director reconnaissance detector includes a receiver, a context obtainer, an alert determiner and an alert transmitter. The receiver receives the suspicious query from the sensor and the context obtainer obtains context information associated with the suspicious query. The alert determiner determines whether a security alert should be generated based at least on the suspicious query and the context information. The alert transmitter generates the security alert responsive to a determination that the security alert should be generated.Type: GrantFiled: April 8, 2019Date of Patent: September 21, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Tal J. Maor, Itai Grady Ashkenazy, Gal Z. Bruchim, Jonathan M. Monsonego, Sivan Krigsman, Lior Schindler
-
Patent number: 11108818Abstract: Cybersecurity is enhanced to detect credential spray attacks. Accounts with access failure events are divided into buckets B1 . . . BN based on access failure count ranges R1 . . . RN. For instance, accounts with one logon failure may go in B1, accounts with two failures in B2, etc. Buckets will thus have account involvement extents E1 . . . EN, which are compared to thresholds T1 . . . TN. An intrusion detection tool generates an alert when some Ei hits its Ti. Detection may spot any credential sprays, not merely password sprays. False positives may be reduced by excluding items from consideration, such as logon attempts using old passwords. False positives and false negatives may be balanced by tuning threshold parameters. Breached accounts may be found. Detection may also permit other responses, such as attack disruption, harm mitigation, and attacker identification. Credential spray attack detection may be combined with other security mechanisms for defense in depth of cloud and other network accounts.Type: GrantFiled: February 17, 2019Date of Patent: August 31, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Tal Joseph Maor, Gal Zeev Bruchim, Igal Gofman, Itai Grady Ashkenazy
-
Patent number: 10915622Abstract: Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote admin interface, defenders gain visibility to local users' logons, group membership, password changes, and other parameters. Security applications enabled by this visibility include, but are not limited to, abnormal logons detection, abnormal group addition and removal detection, and abnormal password changes detection.Type: GrantFiled: June 20, 2017Date of Patent: February 9, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Marina Simakov, Tal Be'ery, Itai Grady Ashkenazy, Chaim Menachem Hoch, Tal Joseph Maor
-
Publication number: 20200320190Abstract: A system for detecting directory reconnaissance in a directory service includes a sensor and a directory reconnaissance detector, each of which is executing on one or more computing devices. The sensor determines whether a query that is submitted to a directory server is a suspicious query and, if the query is determined to be a suspicious query, transmits the suspicious query to the directory reconnaissance detector. The director reconnaissance detector includes a receiver, a context obtainer, an alert determiner and an alert transmitter. The receiver receives the suspicious query from the sensor and the context obtainer obtains context information associated with the suspicious query. The alert determiner determines whether a security alert should be generated based at least on the suspicious query and the context information. The alert transmitter generates the security alert responsive to a determination that the security alert should be generated.Type: ApplicationFiled: April 8, 2019Publication date: October 8, 2020Inventors: Tal J. Maor, Itai Grady Ashkenazy, Gal Z. Bruchim, Jonathan M. Monsonego, Sivan Krigsman, Lior Schindler
-
Publication number: 20200267178Abstract: Cybersecurity is enhanced to detect credential spray attacks. Accounts with access failure events are divided into buckets B1 . . . BN based on access failure count ranges R1 . . . RN. For instance, accounts with one logon failure may go in B1, accounts with two failures in B2, etc. Buckets will thus have account involvement extents E1 . . . EN, which are compared to thresholds T1 . . . TN. An intrusion detection tool generates an alert when some Ei hits its Ti. Detection may spot any credential sprays, not merely password sprays. False positives may be reduced by excluding items from consideration, such as logon attempts using old passwords. False positives and false negatives may be balanced by tuning threshold parameters. Breached accounts may be found. Detection may also permit other responses, such as attack disruption, harm mitigation, and attacker identification. Credential spray attack detection may be combined with other security mechanisms for defense in depth of cloud and other network accounts.Type: ApplicationFiled: February 17, 2019Publication date: August 20, 2020Inventors: Tal Joseph MAOR, Gal Zeev BRUCHIM, Igal GOFMAN, Itai GRADY ASHKENAZY
-
Patent number: 10587611Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.Type: GrantFiled: August 29, 2017Date of Patent: March 10, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Tal Joseph Maor, Itai Grady Ashkenazy, Michael Dubinsky, Marina Simakov
-
Publication number: 20190068573Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.Type: ApplicationFiled: August 29, 2017Publication date: February 28, 2019Inventors: TAL JOSEPH MAOR, ITAI GRADY ASHKENAZY, MICHAEL DUBINSKY, MARINA SIMAKOV