Patents by Inventor Jeffrey Albin Kraemer
Jeffrey Albin Kraemer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11657152Abstract: A security engine may use event-stream processing and behavioral techniques to detect ransomware. The engine may detect process behavior associated with encrypting a file, encrypting a storage device, or disabling a backup file, and may assign a ransomware category to the process based thereon. The engine may initiate protection actions to protect system resources from the process, which may continue to execute. The engine may monitor the process for specific behavior corresponding to its ransomware category. Based on the extent to which such specific behavior is detected, the engine may determine that the process is not ransomware, assign a ransomware subcategory to the process, or adjust the process's threat score. Monitoring of the process may continue, and the threat score may be updated based on the process's behavior. If the threat score exceeds a threshold corresponding to the ransomware category (or subcategory), a corresponding policy action may be initiated.Type: GrantFiled: April 16, 2021Date of Patent: May 23, 2023Assignee: VMWare, Inc.Inventors: Jeffrey Albin Kraemer, Adam Karol Malinowski
-
Patent number: 11343280Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.Type: GrantFiled: May 31, 2019Date of Patent: May 24, 2022Assignee: Carbon Black, Inc.Inventor: Jeffrey Albin Kraemer
-
Patent number: 11102223Abstract: A system and method for tracking data security threats within an organization is proposed. A threat aggregator process executing on an analysis computer system within the organization receives events indicating possible threats observed by and sent from different user devices and aggregates related events into threats. This enables the threats to be analyzed and acted upon at a level of the organization (e.g., across user devices) rather than at the level of the individual user devices. An endpoint telemetry system analyzes threats sent from the aggregator and provides security policies for responding to the threats. In examples, the system can identify attacks of related threats and act upon the related threats of the attack collectively, and can characterize false positive threats sent from multiple user devices as a single extraneous threat. This has advantages over the per-user device focus for responding to threats provided by current systems and methods.Type: GrantFiled: June 27, 2019Date of Patent: August 24, 2021Assignee: Carbon Black, Inc.Inventors: Jeffrey Albin Kraemer, Ranganathan Gopalan
-
Publication number: 20210232685Abstract: A security engine may use event-stream processing and behavioral techniques to detect ransom ware. The engine may detect process behavior associated with encrypting a file, encrypting a storage device, or disabling a backup file, and may assign a ransomware category to the process based thereon The engine may initiate protection actions to protect system resources from the process, which may continue to execute. The engine may monitor the process for specific behavior corresponding to its ransomware category. Based on the extent to which such specific behavior is detected, the engine may determine that the process is not ransomware, assign a ransomware subcategory to the process, or adjust the process's threat score. Monitoring of the process may continue, and the threat score may be updated based on the process's behavior. If the threat score exceeds a threshold corresponding to the ransomware category (or subcategory), a corresponding policy action may be initiated.Type: ApplicationFiled: April 16, 2021Publication date: July 29, 2021Inventors: Jeffrey Albin KRAEMER, Adam Karol MALINOWSKI
-
Patent number: 11044270Abstract: A distributed security system and method are disclosed that enable access to known threat events from threat intelligence feeds when the system includes public cloud components. A cloud-based security policy system stores observable events for security incidents detected by and sent from user devices within an enterprise network. The observable events include observable indicators for characterizing the observable events. The threat events within the feeds include threat indicators for characterizing the threat events. An on-premises connector within the enterprise network downloads the observable indicators from the security policy system and the threat indicators from the feeds. In response to determining that any observable indicators match any threat indicators, the on-premises connector provides access to the threat events and/or the observable events having the matching indicators.Type: GrantFiled: March 13, 2017Date of Patent: June 22, 2021Assignee: Carbon Black, Inc.Inventors: Jeffrey Albin Kraemer, Sanket Choksey, Ranganathan Gopalan
-
Patent number: 11003775Abstract: A security engine may use event-stream processing and behavioral techniques to detect ransomware. The engine may detect process behavior associated with encrypting a file, encrypting a storage device, or disabling a backup file, and may assign a ransomware category to the process based thereon. The engine may initiate protection actions to protect system resources from the process, which may continue to execute. The engine may monitor the process for specific behavior corresponding to its ransomware category. Based on the extent to which such specific behavior is detected, the engine may determine that the process is not ransomware, assign a ransomware subcategory to the process, or adjust the process's threat score. Monitoring of the process may continue, and the threat score may be updated based on the process's behavior. If the threat score exceeds a threshold corresponding to the ransomware category (or subcategory), a corresponding policy action may be initiated.Type: GrantFiled: September 11, 2018Date of Patent: May 11, 2021Assignee: Carbon Black, Inc.Inventors: Jeffrey Albin Kraemer, Adam Karol Malinowski
-
Patent number: 10691792Abstract: A method and system for remediating a process hollowing intrusion on a user device comprising detecting a process starting on the user device, preparing the process to monitor Application Programming Interface (API) calls between the process and an operating system of the user device, determining whether the process is associated with a process hollowing intrusion based on information associated with the process and/or the API calls, and executing security policies against the process associated with the process hollowing intrusion. In examples, it is determined whether the child process is associated with a process hollowing intrusion in response to determining whether one or more API calls associated with known process hollowing intrusions modify executable memory of and/or modify an entry point address of the child process.Type: GrantFiled: July 3, 2018Date of Patent: June 23, 2020Assignee: Carbon Black, Inc.Inventors: Jeffrey Albin Kraemer, Paul Matthew Drapeau
-
Patent number: 10599841Abstract: A system and method for detecting reverse command shell intrusions at a process-level on a user device is disclosed. In one embodiment, the system detects each process starting on an operating system of the user device, such as a mobile phone or laptop computer, and monitors Application Programming Interface (API) calls between each process and the operating system. The system then determines whether each process is associated with a reverse command shell intrusion based on information associated with each process and/or the API calls, and executes security policies against the processes associated with the reverse command shell intrusion to remediate the processes. In another embodiment, the system determines whether processes starting on a user device are associated with a reverse command shell intrusion by monitoring and analyzing information associated with the parent process of each process and/or API calls between each parent process and the operating system.Type: GrantFiled: August 9, 2018Date of Patent: March 24, 2020Assignee: Carbon Black, Inc.Inventor: Jeffrey Albin Kraemer
-
Publication number: 20190319973Abstract: A system and method for tracking data security threats within an organization is proposed. A threat aggregator process executing on an analysis computer system within the organization receives events indicating possible threats observed by and sent from different user devices and aggregates related events into threats. This enables the threats to be analyzed and acted upon at a level of the organization (e.g., across user devices) rather than at the level of the individual user devices. An endpoint telemetry system analyzes threats sent from the aggregator and provides security policies for responding to the threats. In examples, the system can identify attacks of related threats and act upon the related threats of the attack collectively, and can characterize false positive threats sent from multiple user devices as a single extraneous threat. This has advantages over the per-user device focus for responding to threats provided by current systems and methods.Type: ApplicationFiled: June 27, 2019Publication date: October 17, 2019Inventors: Jeffrey Albin Kraemer, Ranganathan Gopalan
-
Publication number: 20190306195Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.Type: ApplicationFiled: May 31, 2019Publication date: October 3, 2019Inventor: Jeffrey Albin Kraemer
-
Patent number: 10375089Abstract: A system and method for tracking data security threats within an organization is proposed. A threat aggregator process executing on an analysis computer system within the organization receives events indicating possible threats observed by and sent from different user devices and aggregates related events into threats. This enables the threats to be analyzed and acted upon at a level of the organization (e.g., across user devices) rather than at the level of the individual user devices. An endpoint telemetry system analyzes threats sent from the aggregator and provides security policies for responding to the threats. In examples, the system can identify attacks of related threats and act upon the related threats of the attack collectively, and can characterize false positive threats sent from multiple user devices as a single extraneous threat. This has advantages over the per-user device focus for responding to threats provided by current systems and methods.Type: GrantFiled: March 13, 2017Date of Patent: August 6, 2019Assignee: Carbon Black, Inc.Inventors: Jeffrey Albin Kraemer, Ranganathan Gopalan
-
Patent number: 10348771Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.Type: GrantFiled: January 26, 2018Date of Patent: July 9, 2019Assignee: CARBON BLACK, INC.Inventor: Jeffrey Albin Kraemer
-
Publication number: 20190121978Abstract: A security engine may use event-stream processing and behavioral techniques to detect ransomware. The engine may detect process behavior associated with encrypting a file, encrypting a storage device, or disabling a backup file, and may assign a ransomware category to the process based thereon. The engine may initiate protection actions to protect system resources from the process, which may continue to execute. The engine may monitor the process for specific behavior corresponding to its ransomware category. Based on the extent to which such specific behavior is detected, the engine may determine that the process is not ransomware, assign a ransomware subcategory to the process, or adjust the process's threat score. Monitoring of the process may continue, and the threat score may be updated based on the process's behavior. If the threat score exceeds a threshold corresponding to the ransomware category (or subcategory), a corresponding policy action may be initiated.Type: ApplicationFiled: September 11, 2018Publication date: April 25, 2019Inventors: Jeffrey Albin Kraemer, Adam Karol Malinowski
-
Publication number: 20180373867Abstract: A system and method for detecting reverse command shell intrusions at a process-level on a user device is disclosed. In one embodiment, the system detects each process starting on an operating system of the user device, such as a mobile phone or laptop computer, and monitors Application Programming Interface (API) calls between each process and the operating system. The system then determines whether each process is associated with a reverse command shell intrusion based on information associated with each process and/or the API calls, and executes security policies against the processes associated with the reverse command shell intrusion to remediate the processes. In another embodiment, the system determines whether processes starting on a user device are associated with a reverse command shell intrusion by monitoring and analyzing information associated with the parent process of each process and/or API calls between each parent process and the operating system.Type: ApplicationFiled: August 9, 2018Publication date: December 27, 2018Inventor: Jeffrey Albin Kraemer
-
Publication number: 20180316720Abstract: A method and system for remediating a process hollowing intrusion on a user device comprising detecting a process starting on the user device, preparing the process to monitor Application Programming Interface (API) calls between the process and an operating system of the user device, determining whether the process is associated with a process hollowing intrusion based on information associated with the process and/or the API calls, and executing security policies against the process associated with the process hollowing intrusion. In examples, it is determined whether the child process is associated with a process hollowing intrusion in response to determining whether one or more API calls associated with known process hollowing intrusions modify executable memory of and/or modify an entry point address of the child process.Type: ApplicationFiled: July 3, 2018Publication date: November 1, 2018Inventors: Jeffrey Albin Kraemer, Paul Matthew Drapeau
-
Patent number: 10073970Abstract: A system and method for detecting reverse command shell intrusions at a process-level on a user device is disclosed. In one embodiment, the system detects each process starting on an operating system of the user device, such as a mobile phone or laptop computer, and monitors Application Programming Interface (API) calls between each process and the operating system. The system then determines whether each process is associated with a reverse command shell intrusion based on information associated with each process and/or the API calls, and executes security policies against the processes associated with the reverse command shell intrusion to remediate the processes. In another embodiment, the system determines whether processes starting on a user device are associated with a reverse command shell intrusion by monitoring and analyzing information associated with the parent process of each process and/or API calls between each parent process and the operating system.Type: GrantFiled: March 13, 2017Date of Patent: September 11, 2018Assignee: Carbon Black, Inc.Inventor: Jeffrey Albin Kraemer
-
Patent number: 10043000Abstract: A method and system for remediating a process hollowing intrusion on a user device comprising detecting a process starting on the user device, preparing the process to monitor Application Programming Interface (API) calls between the process and an operating system of the user device, determining whether the process is associated with a process hollowing intrusion based on information associated with the process and/or the API calls, and executing security policies against the process associated with the process hollowing intrusion. In examples, it is determined whether the child process is associated with a process hollowing intrusion in response to determining whether one or more API calls associated with known process hollowing intrusions modify executable memory of and/or modify an entry point address of the child process.Type: GrantFiled: March 13, 2017Date of Patent: August 7, 2018Assignee: Carbon Black, Inc.Inventors: Jeffrey Albin Kraemer, Paul Matthew Drapeau
-
Publication number: 20180152481Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.Type: ApplicationFiled: January 26, 2018Publication date: May 31, 2018Inventor: Jeffrey Albin Kraemer
-
Patent number: 9917864Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.Type: GrantFiled: September 2, 2016Date of Patent: March 13, 2018Assignee: Carbon Black, Inc.Inventor: Jeffrey Albin Kraemer
-
Publication number: 20170270296Abstract: A system and method for detecting reverse command shell intrusions at a process-level on a user device is disclosed. In one embodiment, the system detects each process starting on an operating system of the user device, such as a mobile phone or laptop computer, and monitors Application Programming Interface (API) calls between each process and the operating system. The system then determines whether each process is associated with a reverse command shell intrusion based on information associated with each process and/or the API calls, and executes security policies against the processes associated with the reverse command shell intrusion to remediate the processes. In another embodiment, the system determines whether processes starting on a user device are associated with a reverse command shell intrusion by monitoring and analyzing information associated with the parent process of each process and/or API calls between each parent process and the operating system.Type: ApplicationFiled: March 13, 2017Publication date: September 21, 2017Inventor: Jeffrey Albin Kraemer