Patents by Inventor Josef WEIZMAN
Josef WEIZMAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11956239Abstract: Technologies are shown for detection of identity misconfiguration that involve collecting identity/role binding and role/access rules data from multiple clusters supported by a computing resource system. Access rules for identities are extracted from the collected data and an access rule prediction model created to predict access rules for identities. An identity definition request for a tenant is received having a requested identity and a role assigned to the identity. A set of access rules is obtained for the role assigned to the identity and a predicted set of access rules is obtained for the requested identity from the prediction model. The access rules for the requested role are compared to the predicted set of access rules and a misconfiguration alert generated when there is a difference between the set of access rules for the requested role and the predicted set of access rules for the requested identity.Type: GrantFiled: October 7, 2021Date of Patent: April 9, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Idan Hen, Aharon Michaels, Dotan Patrich, Josef Weizman, Amit Magen
-
Publication number: 20240073223Abstract: Generally discussed herein are devices, systems, and methods for cloud resource security. A method can include receiving, at a monitor device and from a first cloud resource of cloud resources hosted by a cloud provider, a request for a token that uniquely identifies the first cloud resource, the request indicating a destination that is a metadata server. The method can include comparing, based on entries in an application programming interface (API) access log, the cloud provider associated with the first cloud resource and a cloud provider associated with the metadata server. The method can include responsive to the cloud provider of the first cloud resource being different from the cloud provider of the metadata server performing a security mitigation action.Type: ApplicationFiled: August 26, 2022Publication date: February 29, 2024Inventors: Josef WEIZMAN, Ram Haim Pliskin, Aharon Naftali Michaels
-
Publication number: 20230376604Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that may cause the processor to access vulnerabilities identified in a set of container images and to identify, from a set of reference vulnerabilities, which reference vulnerabilities the identified vulnerabilities match, in which each of the reference vulnerabilities is assigned one of a plurality of mitigation priority values. The processor may also determine mitigation priority values of the identified vulnerabilities based on the mitigation priority values assigned to the reference vulnerabilities to which the identified vulnerabilities match. In addition, the processor may output the determined mitigation priority values of the identified vulnerabilities.Type: ApplicationFiled: May 19, 2022Publication date: November 23, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Josef WEIZMAN, Aharon MICHAELS, Lior KESTEN, Assaf ISRAEL
-
Publication number: 20230325500Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that may cause the processor to identify a container image group of a plurality of container image groups to which a subject container image corresponds, in which each of the plurality of container image groups is assigned a respective behavioral profile. The processor may also determine whether activities in the subject container image comply with corresponding activities identified in the behavioral profile of the identified container image group. Based on a determination that at least one activity in the subject container image fails to comply with a corresponding at least one activity identified in the behavioral profile of the identified container image group, the processor may determine that the subject container image includes an anomalous activity and output an alert indicating that the subject container image includes an anomalous activity.Type: ApplicationFiled: April 8, 2022Publication date: October 12, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Dotan Patrich, Josef Weizman, Tomer Koren, Eran Goldstein
-
Publication number: 20230325489Abstract: A computing system is configured to access a cloud storage and make a copy of at least a portion of the cloud storage. The copy of the at least portion of the cloud storage to search for a data pattern associated with a credential. In response to finding the data pattern associated with the credential, the computing system extracts an identifier associated with the credential and a scope of permission that the identifier is granted to. The scope of permission is associated with a permission to access a cloud resource. Finally, a risk of potential exposure of the credential is mitigated, such as (but not limited to) notifying an owner of the cloud resource, deleting the credential from the cloud, or modifying or revoking the scope of permission associated with the credential.Type: ApplicationFiled: April 7, 2022Publication date: October 12, 2023Inventors: Josef WEIZMAN, Ram Haim PLISKIN, Lior SONNTAG
-
Publication number: 20230325490Abstract: A computing system is configured to cause an agent to be installed at a cloud consumer computing system. The cloud consumer computing system is configured to access a cloud service. The agent is configured to scan at least a portion of storage of the cloud consumer computing system for a data pattern associated with a credential. In response to finding the data pattern associated with the credential, the agent sends the data pattern to the computing system. In response to receiving the data pattern, the computing system is configured to extract an identifier associated with the credential based on the data pattern, identify a scope of permission to which the identifier is granted, and mitigate a risk of potential exposure of the credential.Type: ApplicationFiled: April 7, 2022Publication date: October 12, 2023Inventors: Josef WEIZMAN, Ram Haim PLISKIN, Lior SONNTAG
-
Publication number: 20230169168Abstract: A computing system is configured to detect a request for a deployment of a container at a container orchestration service. One or more datasets associated with the deployment of the container are collected, and a plurality of features associated with the deployment are extracted based on the one or more datasets. A probability score is then generated based on the plurality of features, using a machine-learning model trained on datasets associated with historical deployments of containers that have been performed via the container orchestration service. The probability score indicates a probability that the deployment of the container is anomalous compared to the historical deployments of containers. When the probability score is greater than a threshold, the deployment of the container is determined as anomalous.Type: ApplicationFiled: November 29, 2021Publication date: June 1, 2023Inventors: Amit MAGEN MEDINA, Dotan PATRICH, Josef WEIZMAN, Idan HEN
-
Patent number: 11651076Abstract: According to examples, an apparatus may include machine-readable instructions that may cause the processor to determine that a first malware was detected on a first computing device and to determine whether a second malware was detected on a second computing device within a predefined period of time of when the first malware was detected on the first computing device, in which the first computing device and the second computing device are associated with a shared data storage that is remote from the first and second computing devices. The instructions may also cause the processor to, based on a determination that the second malware was detected within the predefined period of time, output a notification that the first malware was likely spread to the first computing device and/or that the second malware was likely spread to the second computing device through the shared data storage.Type: GrantFiled: May 26, 2021Date of Patent: May 16, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Josef Weizman, Ram Haim Pliskin, Andrey Karpovsky
-
Publication number: 20230110080Abstract: Technologies are shown for detection of identity misconfiguration that involve collecting identity/role binding and role/access rules data from multiple clusters supported by a computing resource system. Access rules for identities are extracted from the collected data and an access rule prediction model created to predict access rules for identities. An identity definition request for a tenant is received having a requested identity and a role assigned to the identity. A set of access rules is obtained for the role assigned to the identity and a predicted set of access rules is obtained for the requested identity from the prediction model. The access rules for the requested role are compared to the predicted set of access rules and a misconfiguration alert generated when there is a difference between the set of access rules for the requested role and the predicted set of access rules for the requested identity.Type: ApplicationFiled: October 7, 2021Publication date: April 13, 2023Inventors: Idan HEN, Aharon MICHAELS, Dotan PATRICH, Josef WEIZMAN, Amit MAGEN
-
Publication number: 20230025488Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a request to upload a file to a directory and determine whether the request is a request to upload a predefined type of file to the directory. In addition, based on a determination that the request is a request to upload the predefined type of file to the directory, the processor may determine, through application of a predictive model, whether the directory is a user content directory and based on a determination that the application of the predictive model indicates that the directory is a user content directory, block the request and/or output a notification regarding the receipt of the request.Type: ApplicationFiled: September 21, 2022Publication date: January 26, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Omer KARIN, Josef WEIZMAN, Ram Haim PLISKIN
-
Publication number: 20220391509Abstract: Generally discussed herein are devices, systems, and methods for secure container operation. A behavior profile of normal container operation can be generated, such as by using crowd sourced data. A container monitor can provide container actions of an application in a deployed container. The container action can be compared to a behavior profile that indicates normal behavior of the container. A communication can in response to the container actions being inconsistent with the normal behavior of the behavior profile. The container can be halted to stop the abnormal behavior.Type: ApplicationFiled: August 16, 2022Publication date: December 8, 2022Inventors: Nadav Wolfin, Moshe Israel, Liran Englender, Benyamin Farshteindiker, Elizabeta Mash Levin, Lior Becker, Josef Weizman
-
Publication number: 20220382863Abstract: According to examples, an apparatus may include machine-readable instructions that may cause the processor to determine that a first malware was detected on a first computing device and to determine whether a second malware was detected on a second computing device within a predefined period of time of when the first malware was detected on the first computing device, in which the first computing device and the second computing device are associated with a shared data storage that is remote from the first and second computing devices. The instructions may also cause the processor to, based on a determination that the second malware was detected within the predefined period of time, output a notification that the first malware was likely spread to the first computing device and/or that the second malware was likely spread to the second computing device through the shared data storage.Type: ApplicationFiled: May 26, 2021Publication date: December 1, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Josef WEIZMAN, Ram Haim Pliskin, Andrey Karpovsky
-
Patent number: 11483375Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a request to upload a file to a directory and determine whether the request is a request to upload a predefined type of file to the directory. In addition, based on a determination that the request is a request to upload the predefined type of file to the directory, the processor may determine, through application of a predictive model, whether the directory is a user content directory and based on a determination that the application of the predictive model indicates that the directory is a user content directory, block the request and/or output a notification regarding the receipt of the request.Type: GrantFiled: June 19, 2020Date of Patent: October 25, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Omer Karin, Josef Weizman, Ram Haim Pliskin
-
Publication number: 20220321596Abstract: Embodiments detect risky situations in which a domain name record remains viable after the target it identified is not. Such dangling records create various risks because substitute targets, such as fraudulent websites, may be installed without the knowledge of the original target's owner. By obtaining and correlating data from multiple tenants, a cloud service provider detects dangling structures and any attempts to exploit them. Dangling records may specify a custom domain name, for example, or a static IP address that can be misused. In response, the provider's security infrastructure can alert the original target's owner, block the attempted exploit, or otherwise mitigate the risks. Traffic monitoring, control plane API invocations, and domain name server queries may be employed by the security infrastructure to detect resource deletion, resource creation, and resource access attempts that correspond with vulnerable records or suspect activity involving them.Type: ApplicationFiled: April 6, 2021Publication date: October 6, 2022Inventors: Josef WEIZMAN, Aharon Naftali MICHAELS, Ram Haim PLISKIN, Dotan PATRICH
-
Patent number: 11461469Abstract: Generally discussed herein are devices, systems, and methods for secure container operation. A behavior profile of normal container operation can be generated, such as by using crowd sourced data. A container monitor can provide container actions of an application in a deployed container. The container action can be compared to a behavior profile that indicates normal behavior of the container. A communication can in response to the container actions being inconsistent with the normal behavior of the behavior profile. The container can be halted to stop the abnormal behavior.Type: GrantFiled: January 22, 2019Date of Patent: October 4, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Nadav Wolfin, Moshe Israel, Liran Englender, Benyamin Farshteindiker, Elizabeta Mash Levin, Lior Becker, Josef Weizman
-
Patent number: 11416613Abstract: Cybersecurity enhancements expose likely cyberattacks and command abuse while reducing false positives. Some embodiments ascertain an operating system mismatch, which occurs when a command tailored for operating system X is asserted in an environment tailored to operating system Y. False positives may be reduced by alerting on such a mismatch only when a command's process belongs to a web server or other targeted process, or uses the same supporting technology (e.g., framework, scripting language, or runtime environment) as the web server or other targeted process. Some embodiments watch for command abuse by spotting assertions of commands that appear frequently in cyberattacks even though those commands also have legitimate uses such as system administration, network administration, or software development.Type: GrantFiled: May 30, 2019Date of Patent: August 16, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Josef Weizman, Ram Haim Pliskin, Tomer Koren, Dotan Patrich
-
Patent number: 11368473Abstract: The automated estimation that an interface service has been misconfigured. Sensitive interface services are first identified based on common characteristics, and those characteristics are associated with sensitivity based on behavior across multiple clusters. Thereafter, the threat assessment estimates that a particular interface service is misconfigured if the particular interface service has these same common characteristics, is accessible from outside the cluster, and does not require authentication. Cluster administrators can therefore be more fully and timely advised when a misconfiguration of an interface service subjects their cluster to undue security risks.Type: GrantFiled: September 21, 2020Date of Patent: June 21, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Josef Weizman, Ram Haim Pliskin, Dotan Patrich
-
Publication number: 20220094700Abstract: The automated estimation that an interface service has been misconfigured. Sensitive interface services are first identified based on common characteristics, and those characteristics are associated with sensitivity based on behavior across multiple clusters. Thereafter, the threat assessment estimates that a particular interface service is misconfigured if the particular interface service has these same common characteristics, is accessible from outside the cluster, and does not require authentication. Cluster administrators can therefore be more fully and timely advised when a misconfiguration of an interface service subjects their cluster to undue security risks.Type: ApplicationFiled: September 21, 2020Publication date: March 24, 2022Inventors: Josef WEIZMAN, Ram Haim PLISKIN, Dotan PATRICH
-
Patent number: 11223637Abstract: A previously-unknown type of attack on a web application can be detected dynamically using server logs. An alert can be raised for an application that returns a valid response to the potential attacker (e.g., when an http (hypertext transfer protocol) status code of 200 is returned to the requestor). Server logs can be analyzed to identify an external computer that uses the same attack methodology on multiple targets. The external computer may attempt to access the same Uniform Resource Identifier (URI) on various web sites. In many cases, the http status code that is returned is an error code. Characteristics such as but not limited to fast crawling and numerous error status codes being returned to a particular requestor can be used by a machine learning (ML) system to identify potentially malicious external computing devices and/or vulnerable URIs.Type: GrantFiled: January 7, 2018Date of Patent: January 11, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Hani Hana Neuvirth, Ram Haim Pliskin, Tomer Koren, Josef Weizman, Karl William Reinsch, Efim Hudis
-
Publication number: 20210400106Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to receive a request to upload a file to a directory and determine whether the request is a request to upload a predefined type of file to the directory. In addition, based on a determination that the request is a request to upload the predefined type of file to the directory, the processor may determine, through application of a predictive model, whether the directory is a user content directory and based on a determination that the application of the predictive model indicates that the directory is a user content directory, block the request and/or output a notification regarding the receipt of the request.Type: ApplicationFiled: June 19, 2020Publication date: December 23, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Omer KARIN, Josef WEIZMAN, Ram Haim PLISKIN