Patents by Inventor Joseph Auguste Zadeh
Joseph Auguste Zadeh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11870795Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.Type: GrantFiled: June 14, 2021Date of Patent: January 9, 2024Assignee: SPLUNK INC.Inventors: Joseph Auguste Zadeh, Rodolfo Soto, Madhupreetha Chandrasekaran, Yijiang Li
-
Patent number: 11463464Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.Type: GrantFiled: May 26, 2020Date of Patent: October 4, 2022Assignee: SPLUNK INC.Inventors: Joseph Auguste Zadeh, Rodolfo Soto, George Apostolopoulos, John Clifton Pierce
-
Patent number: 11258807Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.Type: GrantFiled: July 3, 2019Date of Patent: February 22, 2022Assignee: SPLUNK INC.Inventors: Sudhakar Muddu, Christos Tryfonas, Joseph Auguste Zadeh, Alexander Beebe Bond, Ashwin Athalye
-
Patent number: 11038905Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.Type: GrantFiled: January 25, 2017Date of Patent: June 15, 2021Assignee: SPLUNK, INC.Inventors: Joseph Auguste Zadeh, Rodolfo Soto, Madhupreetha Chandrasekaran, Yijiang Li
-
Publication number: 20200287927Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.Type: ApplicationFiled: May 26, 2020Publication date: September 10, 2020Inventors: Joseph Auguste Zadeh, Rodolfo Soto, George Apostolopoulos, John Clifton Pierce
-
Patent number: 10693900Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.Type: GrantFiled: January 17, 2019Date of Patent: June 23, 2020Assignee: SPLUNK INC.Inventors: Joseph Auguste Zadeh, Rodolfo Soto, George Apostolopoulos, John Clifton Pierce
-
Publication number: 20190327251Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.Type: ApplicationFiled: July 3, 2019Publication date: October 24, 2019Inventors: Sudhakar Muddu, Christos Tryfonas, Joseph Auguste Zadeh, Alexander Beebe Bond, Ashwin Athalye
-
Patent number: 10389738Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.Type: GrantFiled: October 30, 2015Date of Patent: August 20, 2019Assignee: SPLUNK INC.Inventors: Sudhakar Muddu, Christos Tryfonas, Joseph Auguste Zadeh, Alexander Beebe Bond, Ashwin Athalye
-
Publication number: 20190158524Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.Type: ApplicationFiled: January 17, 2019Publication date: May 23, 2019Inventors: Joseph Auguste Zadeh, Rodolfo Soto, George Apostolopoulos, John Clifton Pierce
-
Patent number: 10237294Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate a entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.Type: GrantFiled: January 30, 2017Date of Patent: March 19, 2019Assignee: SPLUNK INC.Inventors: Joseph Auguste Zadeh, Rodolfo Soto, George Apostolopoulos, John Clifton Pierce
-
Publication number: 20180212985Abstract: Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. The security monitoring system analyzes a second set of raw machine data received from the first client device, where the second set of raw machine data is associated with subsequent network traffic received by or transmitted from the first client device. The security monitoring system detects an anomaly in the second set of raw machine data based on the behavior profile, and initiates a mitigation action in response to detecting the anomaly.Type: ApplicationFiled: January 25, 2017Publication date: July 26, 2018Inventors: Joseph Auguste Zadeh, Rodolfo Soto, Madhupreetha Chandrasekaran, Yijiang Li
-
Publication number: 20170063888Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.Type: ApplicationFiled: October 30, 2015Publication date: March 2, 2017Inventors: Sudhakar Muddu, Christos Tryfonas, Joseph Auguste Zadeh, Alexander Beebe Bond, Ashwin Athalye