Patents by Inventor Jesse Abraham Rothstein
Jesse Abraham Rothstein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11916771Abstract: Embodiments are directed monitoring network traffic using network monitoring computers. Metrics may be determined based on monitoring network traffic associated with entities in the network such that the metrics may be included in profiles associated each entity. The profiles may be compared with other profiles in a context database based on the metrics included in each profile and each other profile. In response to the profiles being unmatched by other profiles one or more active probes may be performed to collect other metrics that may be used to update profiles. In response to the one or more profiles being matched by the other profiles in the context database, a timestamp associated with the other profiles may be updated to a current time value. Reports that include information associated with the entities and the profiles or the updated profiles may be generated.Type: GrantFiled: April 4, 2022Date of Patent: February 27, 2024Assignee: ExtraHop Networks, Inc.Inventors: Jesse Abraham Rothstein, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Patent number: 11706233Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.Type: GrantFiled: March 26, 2021Date of Patent: July 18, 2023Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein, Xue Jun Wu, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Patent number: 11665207Abstract: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.Type: GrantFiled: November 1, 2021Date of Patent: May 30, 2023Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein
-
Patent number: 11652714Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: GrantFiled: July 11, 2022Date of Patent: May 16, 2023Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Publication number: 20230087451Abstract: Embodiments are directed monitoring network traffic using network monitoring computers. Metrics may be determined based on monitoring network traffic associated with entities in the network such that the metrics may be included in profiles associated each entity. The profiles may be compared with other profiles in a context database based on the metrics included in each profile and each other profile. In response to the profiles being unmatched by other profiles one or more active probes may be performed to collect other metrics that may be used to update profiles. In response to the one or more profiles being matched by the other profiles in the context database, a timestamp associated with the other profiles may be updated to a current time value. Reports that include information associated with the entities and the profiles or the updated profiles may be generated.Type: ApplicationFiled: April 4, 2022Publication date: March 23, 2023Inventors: Jesse Abraham Rothstein, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Patent number: 11546153Abstract: Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.Type: GrantFiled: November 8, 2019Date of Patent: January 3, 2023Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Charlotte Ching-Hsing Tan, Jesse Abraham Rothstein
-
Publication number: 20220407881Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Metrics may be determined based on monitoring network traffic associated with a plurality of entities each associated with a profile that includes the metrics for each entity. Beaconing metrics associated with beaconing activity may be determined based on the metrics. The profile of each entity may be compared with the beaconing metrics to determine the entities that may be engaged in beaconing activity. The entities may be characterized based on beaconing activity such that the beaconing activity includes communication with endpoints associated with the third parties, employing communication protocols associated with the third-parties, or exchanging payloads consistent with the beaconing activity. Reports that include information associated with the entities and its beaconing activity may be generated.Type: ApplicationFiled: May 26, 2022Publication date: December 22, 2022Inventors: Jeff James Costlow, Michael Ryan Corder, Edmund Hope Driggs, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kenneth Perrault, Jesse Abraham Rothstein, Jonathan Jacob Scott, Marc Adam Winners, Xue Jun Wu
-
Publication number: 20220345384Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: ApplicationFiled: July 11, 2022Publication date: October 27, 2022Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 11388072Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: GrantFiled: June 2, 2021Date of Patent: July 12, 2022Assignee: ExtraHop Networks, Inc.Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 11349861Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Metrics may be determined based on monitoring network traffic associated with a plurality of entities each associated with a profile that includes the metrics for each entity. Beaconing metrics associated with beaconing activity may be determined based on the metrics. The profile of each entity may be compared with the beaconing metrics to determine the entities that may be engaged in beaconing activity. The entities may be characterized based on beaconing activity such that the beaconing activity includes communication with endpoints associated with the third parties, employing communication protocols associated with the third-parties, or exchanging payloads consistent with the beaconing activity. Reports that include information associated with the entities and its beaconing activity may be generated.Type: GrantFiled: June 18, 2021Date of Patent: May 31, 2022Assignee: ExtraHop Networks, Inc.Inventors: Jeff James Costlow, Michael Ryan Corder, Edmund Hope Driggs, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kenneth Perrault, Jesse Abraham Rothstein, Jonathan Jacob Scott, Marc Adam Winners, Xue Jun Wu
-
Patent number: 11296967Abstract: Embodiments are directed monitoring network traffic using network monitoring computers. Metrics may be determined based on monitoring network traffic associated with entities in the network such that the metrics may be included in profiles associated each entity. The profiles may be compared with other profiles in a context database based on the metrics included in each profile and each other profile. In response to the profiles being unmatched by other profiles one or more active probes may be performed to collect other metrics that may be used to update profiles. In response to the one or more profiles being matched by the other profiles in the context database, a timestamp associated with the other profiles may be updated to a current time value. Reports that include information associated with the entities and the profiles or the updated profiles may be generated.Type: GrantFiled: September 23, 2021Date of Patent: April 5, 2022Assignee: ExtraHop Networks, Inc.Inventors: Jesse Abraham Rothstein, Benjamin Thomas Higgins, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Publication number: 20220060518Abstract: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.Type: ApplicationFiled: November 1, 2021Publication date: February 24, 2022Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein
-
Publication number: 20220021694Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.Type: ApplicationFiled: March 26, 2021Publication date: January 20, 2022Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein, Xue Jun Wu, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Patent number: 11165831Abstract: Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.Type: GrantFiled: May 4, 2018Date of Patent: November 2, 2021Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein
-
Publication number: 20210288895Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Two or more network segments coupled by a traffic forwarding device (TFD) may be monitored. External network addresses and internal network addresses may be determined based on encrypted network traffic exchanged between external endpoints and the TFD and internal network traffic exchanged between internal endpoints and the TFD. Metrics associated with the external network addresses or the internal network addresses may be determined based on the monitoring. Correlation scores may be provided for the external network addresses and the internal network addresses based on of a correlation model, the metrics, or the other metrics. If a correlation score associated with an external network address and an internal network address exceeds a threshold value, the external network address and the internal network address may be associated with each other based on the correlation score.Type: ApplicationFiled: June 2, 2021Publication date: September 16, 2021Inventors: Xue Jun Wu, Arindum Mukerji, Jeff James Costlow, Michael Kerber Krause Montague, Jesse Abraham Rothstein, Matthew Alexander Schurr
-
Patent number: 10965702Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.Type: GrantFiled: May 28, 2019Date of Patent: March 30, 2021Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein, Xue Jun Wu, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Publication number: 20200382529Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). NMCs may determine requests provided to a server based on a first portion of network traffic. NMCs may determine suspicious requests based on characteristics of the provided requests. NMCs may employ the characteristics of the suspicious requests to provide correlation information that is associated with the suspicious requests. NMCs may determine dependent actions associated with the server based on a second portion of the network traffic and the correlation information. And, in response to determining anomalous activity associated with the evaluation of the dependent actions, NMCs may provide reports associated with the anomalous activity.Type: ApplicationFiled: May 28, 2019Publication date: December 3, 2020Inventors: Benjamin Thomas Higgins, Jesse Abraham Rothstein, Xue Jun Wu, Michael Kerber Krause Montague, Kevin Michael Seguin
-
Patent number: 10616084Abstract: Embodiments are directed to monitoring network traffic over a network. A monitoring engine may monitor flows of network packets in the network. The monitoring engine may determine an observation port that provided the network packets. The monitoring engine may determine primary network packets provided by an authoritative observation port based on which observation port provided the network packets and provide them to an analysis engine. The monitoring engine may discard a remainder of the network packets that may be associated with non-authoritative observation ports. The analysis engine may analyze the one or more primary network packets.Type: GrantFiled: July 1, 2019Date of Patent: April 7, 2020Assignee: ExtraHop Networks, Inc.Inventors: Eric Joseph Hammerle, Jesse Abraham Rothstein, Michael Kerber Krause Montague
-
Publication number: 20200076597Abstract: Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.Type: ApplicationFiled: November 8, 2019Publication date: March 5, 2020Inventors: Benjamin Thomas Higgins, Charlotte Ching-Hsing Tan, Jesse Abraham Rothstein
-
Patent number: 10476673Abstract: Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.Type: GrantFiled: March 22, 2017Date of Patent: November 12, 2019Assignee: ExtraHop Networks, Inc.Inventors: Benjamin Thomas Higgins, Charlotte Ching-Hsing Tan, Jesse Abraham Rothstein