Patents by Inventor Jeff James Costlow
Jeff James Costlow has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11652714Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: GrantFiled: July 11, 2022Date of Patent: May 16, 2023Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 11558413Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.Type: GrantFiled: April 15, 2022Date of Patent: January 17, 2023Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, Jr., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
-
Publication number: 20220407881Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Metrics may be determined based on monitoring network traffic associated with a plurality of entities each associated with a profile that includes the metrics for each entity. Beaconing metrics associated with beaconing activity may be determined based on the metrics. The profile of each entity may be compared with the beaconing metrics to determine the entities that may be engaged in beaconing activity. The entities may be characterized based on beaconing activity such that the beaconing activity includes communication with endpoints associated with the third parties, employing communication protocols associated with the third-parties, or exchanging payloads consistent with the beaconing activity. Reports that include information associated with the entities and its beaconing activity may be generated.Type: ApplicationFiled: May 26, 2022Publication date: December 22, 2022Inventors: Jeff James Costlow, Michael Ryan Corder, Edmund Hope Driggs, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kenneth Perrault, Jesse Abraham Rothstein, Jonathan Jacob Scott, Marc Adam Winners, Xue Jun Wu
-
Publication number: 20220345384Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: ApplicationFiled: July 11, 2022Publication date: October 27, 2022Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 11463466Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.Type: GrantFiled: April 15, 2022Date of Patent: October 4, 2022Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, Jr., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
-
Patent number: 11438247Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by bridge devices may be monitored by NMCs. The bridge devices may modify network traffic passed from one network segment to another network segment. Flows in network segments may be determined based on monitored network traffic associated with the network segments. Other flows in other network segments may be determined based on other monitored network traffic associated with the other network segments. A correlation score for two or more flows in different network segments may be provided based on a correlation model. Two or more related flows may be determined based on a value of the correlation score of the two or more related flows located in different network segments. A report that includes information about the two or more related flows may be provided.Type: GrantFiled: August 10, 2020Date of Patent: September 6, 2022Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague
-
Publication number: 20220247771Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.Type: ApplicationFiled: April 15, 2022Publication date: August 4, 2022Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, JR., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
-
Publication number: 20220239685Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.Type: ApplicationFiled: April 15, 2022Publication date: July 28, 2022Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, JR., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
-
Patent number: 11388072Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: GrantFiled: June 2, 2021Date of Patent: July 12, 2022Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 11349861Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Metrics may be determined based on monitoring network traffic associated with a plurality of entities each associated with a profile that includes the metrics for each entity. Beaconing metrics associated with beaconing activity may be determined based on the metrics. The profile of each entity may be compared with the beaconing metrics to determine the entities that may be engaged in beaconing activity. The entities may be characterized based on beaconing activity such that the beaconing activity includes communication with endpoints associated with the third parties, employing communication protocols associated with the third-parties, or exchanging payloads consistent with the beaconing activity. Reports that include information associated with the entities and its beaconing activity may be generated.Type: GrantFiled: June 18, 2021Date of Patent: May 31, 2022Assignee: ExtraHop Networks, Inc.Inventors: Jeff James Costlow, Michael Ryan Corder, Edmund Hope Driggs, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kenneth Perrault, Jesse Abraham Rothstein, Jonathan Jacob Scott, Marc Adam Winners, Xue Jun Wu
-
Patent number: 11310256Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.Type: GrantFiled: September 23, 2021Date of Patent: April 19, 2022Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, Jr., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
-
Publication number: 20220094706Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.Type: ApplicationFiled: September 23, 2021Publication date: March 24, 2022Inventors: Benjamin Thomas Higgins, Jeff James Costlow, John Gemignani, JR., Michael Kerber Krause Montague, Eric James Rongo, Xue Jun Wu
-
Publication number: 20210288895Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: ApplicationFiled: June 2, 2021Publication date: September 16, 2021Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Publication number: 20210194781Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by bridge devices may be monitored by NMCs. The bridge devices may modify network traffic passed from one network segment to another network segment. Flows in network segments may be determined based on monitored network traffic associated with the network segments. Other flows in other network segments may be determined based on other monitored network traffic associated with the other network segments. A correlation score for two or more flows in different network segments may be provided based on a correlation model. Two or more related flows may be determined based on a value of the correlation score of the two or more related flows located in different network segments. A report that includes information about the two or more related flows may be provided.Type: ApplicationFiled: August 10, 2020Publication date: June 24, 2021Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague
-
Patent number: 10797993Abstract: Embodiments are directed to a relay that receives packets from a source gateway associated with a source gateway identifier (GID) and a target GID associated with a target gateway where each GID is separate from a network address or a hostname of the source gateway or the target gateway. The relay determines a connection route based on an association between the connection route and an ingress identifier obtained from the packets. The relay provides the connection route based on the source GID and the target GID. The relay determines network address information associated with the target gateway based on the connection route. And, the relay forwards the packets provided by the source gateway to the target gateway based on the network address information.Type: GrantFiled: February 4, 2019Date of Patent: October 6, 2020Assignee: Tempered Networks, Inc.Inventors: Jeffrey Michael Ahrenholz, Orlie Thomas Brewer, Jr., Jeff James Costlow
-
Patent number: 10742530Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by bridge devices may be monitored by NMCs. The bridge devices may modify network traffic passed from one network segment to another network segment. Flows in network segments may be determined based on monitored network traffic associated with the network segments. Other flows in other network segments may be determined based on other monitored network traffic associated with the other network segments. A correlation score for two or more flows in different network segments may be provided based on a correlation model. Two or more related flows may be determined based on a value of the correlation score of the two or more related flows located in different network segments. A report that includes information about the two or more related flows may be provided.Type: GrantFiled: August 5, 2019Date of Patent: August 11, 2020Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague
-
Publication number: 20200007443Abstract: Embodiments are directed to a relay that receives packets from a source gateway associated with a source gateway identifier (GID) and a target GID associated with a target gateway where each GID is separate from a network address or a hostname of the source gateway or the target gateway. The relay determines a connection route based on an association between the connection route and an ingress identifier obtained from the packets. The relay provides the connection route based on the source GID and the target GID. The relay determines network address information associated with the target gateway based on the connection route. And, the relay forwards the packets provided by the source gateway to the target gateway based on the network address information.Type: ApplicationFiled: February 4, 2019Publication date: January 2, 2020Inventors: Jeffrey Michael Ahrenholz, Orlie Thomas Brewer, JR., Jeff James Costlow
-
Patent number: 10326799Abstract: Embodiments are directed to secure communication over a network. If a source node sends a communication to a target node, a source gateway may forward the communication to the target node. The source gateway may provide a gateway identifier (GID) that may be associated with one or more target gateways associated with the target node. Further, the source gateway may embed marker information that includes at least a portion of the GID in the communication. If the GID is associated with more than one target gateway, a TMD selects one target gateway from the more than one target gateways. Also, the TMD provides a gateway key associated with the selected target gateway that is associated with the communication. And, the TMD may provide the communication to the selected target gateway that provides the communication to the target node.Type: GrantFiled: August 7, 2017Date of Patent: June 18, 2019Assignee: Tempered Networks, Inc. Reel/Frame: 043222/0041Inventors: Bryan David Skene, Jeff James Costlow, Ludwin Fuchs
-
Patent number: 10200281Abstract: Embodiments are directed to a relay that receives packets from a source gateway associated with a source gateway identifier (GID) and a target GID associated with a target gateway where each GID is separate from a network address or a hostname of the source gateway or the target gateway. The relay determines a connection route based on an association between the connection route and an ingress identifier obtained from the packets. The relay provides the connection route based on the source GID and the target GID. The relay determines network address information associated with the target gateway based on the connection route. And, the relay forwards the packets provided by the source gateway to the target gateway based on the network address information.Type: GrantFiled: August 31, 2018Date of Patent: February 5, 2019Assignee: Tempered Networks, Inc.Inventors: Jeffrey Michael Ahrenholz, Orlie Thomas Brewer, Jr., Jeff James Costlow
-
Patent number: 10069726Abstract: Embodiments are directed to a relay that receives packets from a source gateway. associated with a source gateway identifier (GID) and a target GID associated with a target gateway where each GID is separate from a network address or a hostname of the source gateway or the target gateway. The relay determines a connection route based on an association between the connection route and an ingress identifier obtained from the packets The relay provides the connection route based on the source GID and the target GID. The relay determines network address information associated with the target gateway based on the connection route. And, the relay forwards the packets provided by the source gateway to the target gateway based on the network address information.Type: GrantFiled: March 16, 2018Date of Patent: September 4, 2018Assignee: Tempered Networks, Inc.Inventors: Jeffrey Michael Ahrenholz, Orlie Thomas Brewer, Jr., Jeff James Costlow