Patents by Inventor Jon Ramsey

Jon Ramsey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11665201
    Abstract: Systems and methods for reversibly remediating security risks, which monitor a network or system for security risks, and upon detection of one or more of risks, apply a remedial action applicable to at least partially remedy or mitigate the one or more detected risk. The network or system is monitored for a change to the detected risk(s), and upon detection of a change to the detected risk(s), the applied remediation action is automatically reversed.
    Type: Grant
    Filed: November 11, 2020
    Date of Patent: May 30, 2023
    Assignee: Secureworks Corp.
    Inventors: Ross Rowland Kinder, William Urbanski, Ryan James Leavengood, Timothy Vidas, Jon Ramsey
  • Patent number: 11632398
    Abstract: Methods and systems for building security applications can be provided. Data policies for accessing security data can be set, and a module pipeline including one or more modules selected from a plurality of modules can be generated. The modules can include at least one module operable to apply a predictive security application or model for detection or identification of security threats. Module execution policies governing execution of the one or more modules in the module pipeline also can be set. Upon receipt of a request to initiate execution of the module pipeline, it can be determined if the execution thereof would violate the data policies or the module execution policies. If so, execution of the module pipeline can be blocked, otherwise the module pipeline can be executed to process the portion of the security data.
    Type: Grant
    Filed: July 15, 2020
    Date of Patent: April 18, 2023
    Assignee: Secureworks Corp.
    Inventors: Timothy Vidas, Jon Ramsey, Aaron Hackworth, Robert Danford, William Urbanski
  • Patent number: 11418524
    Abstract: The present disclosure provides systems and methods for detection of one or more security threats or malicious actions. According to the present disclosure, data can be received from one or more data producers and provided to a behavior processor. The behavior processor extracts, identifies, or detects one or more behaviors from the data based on one or more datum, features, or characteristics included therein, and provides the one or more identified behaviors to a tactic processor. The tactic processor extracts, identifies, or detects one or more tactics based on the one or more identified behaviors, and submits the one or more identified tactics to a tactic classifier to determine whether the one or more identified tactics are indicative of the one or more security threats or malicious actions. Other aspects are also described.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: August 16, 2022
    Assignee: SecureworksCorp.
    Inventors: William M. Urbanski, Timothy M. Vidas, Kyle Soeder, Jon Ramsey, Robert William Danford, Aaron Hackworth
  • Patent number: 11044263
    Abstract: The present disclosure provides systems and methods for organizations to use security date to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: June 22, 2021
    Assignee: SECUREWORKS CORP.
    Inventors: Lewis McLean, Jon Ramsey, Nash Borges
  • Publication number: 20210067562
    Abstract: Systems and methods for reversibly remediating security risks, which monitor a network or system for security risks, and upon detection of one or more of risks, apply a remedial action applicable to at least partially remedy or mitigate the one or more detected risk. The network or system is monitored for a change to the detected risk(s), and upon detection of a change to the detected risk(s), the applied remediation action is automatically reversed.
    Type: Application
    Filed: November 11, 2020
    Publication date: March 4, 2021
    Inventors: Ross Rowland Kinder, William Urbanski, Ryan James Leavengood, Timothy Vidas, Jon Ramsey
  • Publication number: 20210006575
    Abstract: The present disclosure provides systems and methods for organizations to use security date to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.
    Type: Application
    Filed: September 18, 2020
    Publication date: January 7, 2021
    Inventors: Lewis McLean, Jon Ramsey, Nash Borges
  • Patent number: 10841337
    Abstract: Systems and methods for reversibly remediating security risks, which monitor a network or system for security risks, and upon detection of one or more of risks, apply a remedial action applicable to at least partially remedy or mitigate the one or more detected risk. The network or system is monitored for a change to the detected risk(s), and upon detection of a change to the detected risk(s), the applied remediation action is automatically reversed.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: November 17, 2020
    Assignee: SECUREWORKS CORP.
    Inventors: Ross Rowland Kinder, William Urbanski, Ryan James Leavengood, Timothy Vidas, Jon Ramsey
  • Publication number: 20200358795
    Abstract: The present disclosure provides systems and methods for detection of one or more security threats or malicious actions. According to the present disclosure, data can be received from one or more data producers and provided to a behavior processor. The behavior processor extracts, identifies, or detects one or more behaviors from the data based on one or more datum, features, or characteristics included therein, and provides the one or more identified behaviors to a tactic processor. The tactic processor extracts, identifies, or detects one or more tactics based on the one or more identified behaviors, and submits the one or more identified tactics to a tactic classifier to determine whether the one or more identified tactics are indicative of the one or more security threats or malicious actions. Other aspects are also described.
    Type: Application
    Filed: May 7, 2019
    Publication date: November 12, 2020
    Inventors: William M. Urbanski, Timothy M. Vidas, Kyle Soeder, Jon Ramsey, Robert William Danford, Aaron Hackworth
  • Publication number: 20200351307
    Abstract: Methods and systems for building security applications can be provided. Data policies for accessing security data can be set, and a module pipeline including one or more modules selected from a plurality of modules can be generated. The modules can include at least one module operable to apply a predictive security application or model for detection or identification of security threats. Module execution policies governing execution of the one or more modules in the module pipeline also can be set. Upon receipt of a request to initiate execution of the module pipeline, it can be determined if the execution thereof would violate the data policies or the module execution policies. If so, execution of the module pipeline can be blocked, otherwise the module pipeline can be executed to process the portion of the security data.
    Type: Application
    Filed: July 15, 2020
    Publication date: November 5, 2020
    Inventors: Timothy Vidas, Jon Ramsey, Aaron Hackworth, Robert Danford, William Urbanski
  • Patent number: 10785238
    Abstract: The present disclosure provides systems and methods for organizations to use forensic to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, specific attributes or marks, such as low fidelity indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: September 22, 2020
    Assignee: Secureworks Corp.
    Inventors: Lewis McLean, Jon Ramsey, Nash Borges
  • Patent number: 10735470
    Abstract: Methods and systems for developing and distributing applications and data for building security applications can be provided. A plurality of data policies can be set for access and/or filtering security data based on selected parameters. One or more modules can be generated for processing the security data, with each of the modules governed by one or more module policies. Upon receipt of a request to initiate execution of the one or more modules to access and process a selected portion or filtered set of the security data, it can be determined if the request violates the data policies and/or the module policies applicable for processing the selected portion or filtered set of the security data, and if the data policies and/or the module policies are not violated, the one or more modules can be executed to process the selected portion or filtered set of the security data.
    Type: Grant
    Filed: November 6, 2017
    Date of Patent: August 4, 2020
    Assignee: SECUREWORKS CORP.
    Inventors: Timothy Vidas, Jon Ramsey, Aaron Hackworth, Robert Danford, William Urbanski
  • Patent number: 10645124
    Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: May 5, 2020
    Assignee: SecureWorks Corp.
    Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
  • Publication number: 20190379678
    Abstract: The present disclosure provides systems and methods for organizations to use forensic to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, specific attributes or marks, such as low fidelity indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.
    Type: Application
    Filed: June 12, 2018
    Publication date: December 12, 2019
    Inventors: Lewis McLean, Jon Ramsey, Nash Borges
  • Patent number: 10333992
    Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: June 25, 2019
    Assignee: Dell Products, LP
    Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
  • Publication number: 20190141079
    Abstract: Methods and systems for developing and distributing applications and data for building security applications can be provided. A plurality of data policies can be set for access and/or filtering security data based on selected parameters. One or more modules can be generated for processing the security data, with each of the modules governed by one or more module policies. Upon receipt of a request to initiate execution of the one or more modules to access and process a selected portion or filtered set of the security data, it can be determined if the request violates the data policies and/or the module policies applicable for processing the selected portion or filtered set of the security data, and if the data policies and/or the module policies are not violated, the one or more modules can be executed to process the selected portion or filtered set of the security data.
    Type: Application
    Filed: November 6, 2017
    Publication date: May 9, 2019
    Applicant: SECUREWORKS CORP.
    Inventors: Timothy Vidas, Jon Ramsey, Aaron Hackworth, Robert Danford, William Urbanski
  • Publication number: 20180152480
    Abstract: Systems and methods for reversibly remediating security risks, which monitor a network or system for security risks, and upon detection of one or more of risks, apply a remedial action applicable to at least partially remedy or mitigate the one or more detected risk. The network or system is monitored for a change to the detected risk(s), and upon detection of a change to the detected risk(s), the applied remediation action is automatically reversed.
    Type: Application
    Filed: November 17, 2017
    Publication date: May 31, 2018
    Applicant: SECUREWORKS CORP.
    Inventors: Ross Rowland Kinder, William Urbanski, Ryan James Leavengood, Timothy Vidas, Jon Ramsey
  • Publication number: 20170244750
    Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.
    Type: Application
    Filed: February 17, 2017
    Publication date: August 24, 2017
    Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
  • Publication number: 20170244762
    Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.
    Type: Application
    Filed: February 17, 2017
    Publication date: August 24, 2017
    Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
  • Publication number: 20120117640
    Abstract: The present disclosure is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present disclosure can be designed to communicate process or status information and packets with one another. The present disclosure can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.
    Type: Application
    Filed: January 16, 2012
    Publication date: May 10, 2012
    Applicant: DELL PRODUCTS, LP
    Inventors: Jon Ramsey, Kevin Ketts
  • Patent number: 8122495
    Abstract: The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.
    Type: Grant
    Filed: December 11, 2007
    Date of Patent: February 21, 2012
    Assignee: Dell Products, LP
    Inventors: Jon Ramsey, Kevin Ketts, Steve Buer