Patents by Inventor Lawrence Bruce Huston III
Lawrence Bruce Huston III has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902293Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity of the entity, the security related activity being of analytic utility; accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors; and performing a security operation via a distributed security analytics environment, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.Type: GrantFiled: December 22, 2020Date of Patent: February 13, 2024Assignee: Forcepoint LLCInventors: Lawrence Bruce Huston, III, Nicolas Christian Fischbach, Raffael Marty
-
Patent number: 11895158Abstract: A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having security policy visualization. At least one embodiment is directed to a computer-implemented method for implementing security policies in a secured network, including: retrieving a set of rules of a security policy; analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy; and generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions. In at least one embodiment, two or more security policies are presented with visual indicia representing differences between the security policies, including representations of one or more targeted policy dimensions with respect to one or more fixed policy dimensions.Type: GrantFiled: May 19, 2020Date of Patent: February 6, 2024Assignee: Forcepoint LLCInventors: Lawrence Bruce Huston, III, David Coffey, Andrew Mortensen
-
Patent number: 11888862Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying an event of analytic utility; analyzing the event of analytic utility, the analyzing the event of analytic utility identifying an entity behavior associated with the event of analytic utility; and, performing the security operation in response to the analyzing the event of analytic utility, where the monitoring, identifying, analyzing and performing are performed via a distributed security analytics framework.Type: GrantFiled: December 22, 2020Date of Patent: January 30, 2024Assignee: Forcepoint LLCInventors: Lawrence Bruce Huston, III, David Coffey
-
Patent number: 11888864Abstract: A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation.Type: GrantFiled: December 22, 2020Date of Patent: January 30, 2024Assignee: Forcepoint LLCInventors: Lawrence Bruce Huston, III, David Coffey
-
Patent number: 11888863Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a plurality of actions of an entity, the plurality of actions of the entity corresponding to a plurality of events enacted by the entity; maintaining information relating to the monitoring within a user edge component; identifying an event of analytic utility; analyzing the event of analytic utility at the user edge component, the analyzing generating a security risk assessment; and, providing the security risk assessment to a network edge component.Type: GrantFiled: December 22, 2020Date of Patent: January 30, 2024Assignee: Forcepoint LLCInventors: Lawrence Bruce Huston, III, David Coffey
-
Patent number: 11516206Abstract: A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having a digital certificate reputation system. At least one embodiment is directed to a computer-implemented method executing operations including receiving a communication having an internet protocol (IP) address and a digital certificate at a device within the secured network; determining whether the IP address is identified as having a high-security risk level; if the IP address has a high-security risk level, assigning a security risk level to the digital certificate based on the security risk level of the IP address; and using the security risk level for the digital certificate in executing the one or more security policies. Other embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices.Type: GrantFiled: May 1, 2020Date of Patent: November 29, 2022Assignee: Forcepoint LLCInventors: Lawrence Bruce Huston, III, David Coffey
-
Publication number: 20210367979Abstract: A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having security policy visualization. At least one embodiment is directed to a computer-implemented method for implementing security policies in a secured network, including: retrieving a set of rules of a security policy; analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy; and generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions. In at least one embodiment, two or more security policies are presented with visual indicia representing differences between the security policies, including representations of one or more targeted policy dimensions with respect to one or more fixed policy dimensions.Type: ApplicationFiled: May 19, 2020Publication date: November 25, 2021Inventors: Lawrence Bruce Huston, III, David Coffey, Andrew Mortensen
-
Publication number: 20210344667Abstract: A system, method, and computer-readable medium are disclosed for implementing a cybersecurity system having a digital certificate reputation system. At least one embodiment is directed to a computer-implemented method executing operations including receiving a communication having an internet protocol (IP) address and a digital certificate at a device within the secured network; determining whether the IP address is identified as having a high-security risk level; if the IP address has a high-security risk level, assigning a security risk level to the digital certificate based on the security risk level of the IP address; and using the security risk level for the digital certificate in executing the one or more security policies. Other embodiments include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices.Type: ApplicationFiled: May 1, 2020Publication date: November 4, 2021Inventors: Lawrence Bruce Huston, III, David Coffey
-
Publication number: 20210297437Abstract: A system, method, and computer-readable medium are disclosed for implementing a security analytics system configured to instantiate user behavior baselines using historical data stored on an endpoint device. At least one embodiment is directed to a computer-implemented method including: accessing historical data stored on an endpoint device during an initialization of the endpoint device on the secured network, instantiating user behavior baselines for the endpoint device using the accessed historical data, and storing the instantiated user behavior baselines on a security system of the secured network for detecting instances of anomalous user behavior occurring at the endpoint device. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.Type: ApplicationFiled: March 23, 2020Publication date: September 23, 2021Inventors: Lawrence Bruce Huston, III, David Coffey
-
Publication number: 20210152567Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying a security related activity of the entity, the security related activity being of analytic utility; accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors; and performing a security operation via a distributed security analytics environment, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.Type: ApplicationFiled: December 22, 2020Publication date: May 20, 2021Inventors: Lawrence Bruce Huston, III, Nicolas Christian Fischbach, Raffael Marty
-
Publication number: 20210112076Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; identifying an event of analytic utility; analyzing the event of analytic utility, the analyzing the event of analytic utility identifying an entity behavior associated with the event of analytic utility; and, performing the security operation in response to the analyzing the event of analytic utility, where the monitoring, identifying, analyzing and performing are performed via a distributed security analytics framework.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Inventors: Lawrence Bruce Huston, III, David Coffey
-
Publication number: 20210112077Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a plurality of actions of an entity, the plurality of actions of the entity corresponding to a plurality of events enacted by the entity; maintaining information relating to the monitoring within a user edge component; identifying an event of analytic utility; analyzing the event of analytic utility at the user edge component, the analyzing generating a security risk assessment; and, providing the security risk assessment to a network edge component.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Inventors: Lawrence Bruce Huston, III, David Coffey
-
Publication number: 20210112078Abstract: A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Inventors: Lawrence Bruce Huston, III, David Coffey
-
Patent number: 10965553Abstract: A method for optimizing performance analysis of a plurality of network hosts associated with a communications network includes aggregating captured network performance data including a plurality of captured network performance metrics for a plurality of network flows. Each one of the plurality of network flows is associated with a plurality of network hosts. The aggregated captured network performance data is encoded by employing at least one data modification function. Dimensionality of the encoded captured network performance data is reduced using a neural network model. One or more reduced-dimensional clusters of the encoded captured network performance data are generated. Each of the one or more reduced-dimensional clusters is grouping one or more hosts of the plurality of network hosts based on the captured network performance metrics.Type: GrantFiled: August 20, 2018Date of Patent: March 30, 2021Assignee: Arbor Networks, Inc.Inventors: Mathew Ralph Richardson, Lawrence Bruce Huston, III, R. Grant Reed
-
Publication number: 20200099597Abstract: A method for optimizing performance analysis of a plurality of network hosts associated with a communications network includes aggregating captured network performance data including a plurality of captured network performance metrics for a plurality of network flows. Each one of the plurality of network flows is associated with a plurality of network hosts. The aggregated captured network performance data is encoded by employing at least one data modification function. Dimensionality of the encoded captured network performance data is reduced using a neural network model. One or more reduced-dimensional clusters of the encoded captured network performance data are generated. Each of the one or more reduced-dimensional clusters is grouping one or more hosts of the plurality of network hosts based on the captured network performance metrics.Type: ApplicationFiled: August 20, 2018Publication date: March 26, 2020Applicant: Arbor Networks. Inc.Inventors: Mathew Ralph Richardson, Lawrence Bruce Huston, III, R. Grant Reed
-
Patent number: 9432385Abstract: A method to mitigate attack by an upstream service provider using cloud mitigation services. An edge detection device, which located at the subscriber's network edge, is able to communicate information via status messages about attacks to an upstream service provider. The service provider is then able to mitigate attacks based on the status messages. There is a feedback loop whereby the amount of dropped traffic by the service provider is added to the network traffic to keep the mitigation request open and prevent flapping. Likewise, the detection device includes time-to-engage and time-to-disengage timers to further prevent flapping.Type: GrantFiled: December 16, 2011Date of Patent: August 30, 2016Assignee: Arbor Networks, Inc.Inventors: Chester Kustarz, Lawrence Bruce Huston, III, James A. Simpson, James Edward Winquist, Olan Patrick Barnes, Eric Jackson
-
Patent number: 9060020Abstract: A system, method and computer readable storage medium that receives traffic/packets from external devices attempting to access protected devices in a protected network. A determination is made to whether a received packet belongs to one of a plurality of packet classifications. Each packet classification indicative of different classes of IP traffic. Countermeasures are applied to a received packet to prevent attack upon the protected devices. Applying a countermeasure to a received packet determined to belong to one of the plurality of packet classifications includes countermeasure modification/selection contingent upon the determined packet classification for the received packet.Type: GrantFiled: April 24, 2013Date of Patent: June 16, 2015Assignee: Arbor Networks, Inc.Inventors: Scott Iekel-Johnson, Aaron Campbell, Lawrence Bruce Huston, III, Brian Moran, Jeff Edwards, Marc Eisenbarth, Jose Oscar Nazario
-
Patent number: 8990938Abstract: A system and method are provided to receive mirrored versions of transmissions sent by a node in response to initiating transmissions received by the node over a network. At least one mirrored response transmission sent from the node in response to at least one corresponding initiating transmission is analyzed to determine whether or not the corresponding at least one initiating transmission is malicious.Type: GrantFiled: May 16, 2013Date of Patent: March 24, 2015Assignee: Arbor Networks, Inc.Inventors: Lawrence Bruce Huston, III, Aaron Campbell
-
Publication number: 20140325634Abstract: A system, method and computer readable storage medium that receives traffic/packets from external devices attempting to access protected devices in a protected network. A determination is made to whether a received packet belongs to one of a plurality of packet classifications. Each packet classification indicative of different classes of IP traffic. Countermeasures are applied to a received packet to prevent attack upon the protected devices. Applying a countermeasure to a received packet determined to belong to one of the plurality of packet classifications includes countermeasure modification/selection contingent upon the determined packet classification for the received packet.Type: ApplicationFiled: April 24, 2013Publication date: October 30, 2014Inventors: Scott Iekel-Johnson, Aaron Campbell, Lawrence Bruce Huston, III, Brian Moran, Jeff Edwards, Marc Eisenbarth, Jose Oscar Nazario
-
Patent number: 8856913Abstract: A system and methods for mitigation slow HTTP, SSL/HTTPS, SMTP, and/or SIP attacks. A protection system monitors each TCP connection between a client and a server. The protection system monitors the header request time and minimum transfer rate for each client and TCP connection. If the client has not completed the data transfer in the minimum time or the data are not transferred at the minimum transfer rate, the protection system determines the connections are potentially a slow attack and resets the connections for the protected devices.Type: GrantFiled: January 23, 2012Date of Patent: October 7, 2014Assignee: Arbor Networks, Inc.Inventors: Kevin Russell Cline, Chester Kustarz, Christopher R. Hand, Lawrence Bruce Huston, III