Patents by Inventor Marc Woolward
Marc Woolward has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11876817Abstract: A system and a method for modeling queue-based message-oriented middleware (MoM) are provided. The method commences with connecting with a MoM system and converting information associated with the MoM system into a standardized object model. The standardized object model may include a queue-based node, at least one producer application, and at least one consumer application. The at least one producer application provides a message to the queue-based node. The at least one consumer application receives the message from the queue-based node. The message persists in the queue until consumed by the at least one consumer application. The method continues with generating a standardized graph of relationships between a producer and a consumer over a period of time. The method further includes creating a policy, periodically analyzing the standardized graph for at least one deviation from the policy, and issuing an alert in response to detecting the at least one deviation.Type: GrantFiled: December 23, 2020Date of Patent: January 16, 2024Assignee: vArmour Networks, Inc.Inventors: Colin Ross, Marc Woolward, Keith Stewart
-
Patent number: 11863580Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.Type: GrantFiled: December 23, 2020Date of Patent: January 2, 2024Assignee: vArmour Networks, Inc.Inventors: Colin Ross, Marc Woolward, Keith Stewart
-
Patent number: 11818152Abstract: A system and a method for modeling topic-based message-oriented middleware (MoM) are provided. The method commences with connecting with a MoM system and converting information associated with the MoM system into a standardized object model. The standardized object model may include a topic-based node associated with a topic, at least one producer application, and at least one consumer application. The at least one producer application provides one or more messages related to the topic to the topic-based node. The at least one consumer application receives the one or more messages from the topic-based node. The method continues with generating a standardized graph of relationships between producers and consumers over a period of time. The method further includes creating a policy, periodically analyzing the standardized graph for at least one deviation from the policy, and issuing an alert in response to detecting the at least one deviation.Type: GrantFiled: December 23, 2020Date of Patent: November 14, 2023Assignee: vArmour Networks, Inc.Inventors: Colin Ross, Marc Woolward, Keith Stewart
-
Patent number: 11777978Abstract: Systems and methods for assessing an application access risk are provided. An example method commences with collecting data concerning relationships between an application, one or more client devices, and one or more users in a computing environment. The method includes updating a graph database including nodes and edges. The nodes represent the application, the one or more client devices, and the one or more users and the edges represent relationships between the application, the one or more client devices, and the one or more users. The method continues with enriching the graph database by associating the nodes with metadata including information concerning the one or more users accessing the application from the one or more client devices. The method further includes analyzing the graph database to identify a subset of nodes used to access the application and displaying a graphical representation of the subset of nodes.Type: GrantFiled: January 29, 2021Date of Patent: October 3, 2023Assignee: vArmour Networks, Inc.Inventors: Paul Bigbee, Marc Woolward, Hsisheng Wang, Keith Stewart, Jason Parry
-
Patent number: 11711374Abstract: Methods and systems for understanding identity and organizational access to applications within an enterprise environment are provided.Type: GrantFiled: February 8, 2021Date of Patent: July 25, 2023Assignee: vArmour Networks, Inc.Inventors: Colin Ross, Marc Woolward, Keith Stewart, Paul Bigbee, Hsisheng Wang
-
Patent number: 11575563Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.Type: GrantFiled: May 31, 2019Date of Patent: February 7, 2023Assignee: vArmour Networks, Inc.Inventors: Marc Woolward, Keith Stewart, Timothy Eades, Meng Xu, Myo Zarny, Matthew M. Williamson, Jason Parry, Hong Xiao, Hsisheng Wang, Cheng-Lin Hou
-
Publication number: 20220247774Abstract: Systems and methods for assessing an application access risk are provided. An example method commences with collecting data concerning relationships between an application, one or more client devices, and one or more users in a computing environment. The method includes updating a graph database including nodes and edges. The nodes represent the application, the one or more client devices, and the one or more users and the edges represent relationships between the application, the one or more client devices, and the one or more users. The method continues with enriching the graph database by associating the nodes with metadata including information concerning the one or more users accessing the application from the one or more client devices. The method further includes analyzing the graph database to identify a subset of nodes used to access the application and displaying a graphical representation of the subset of nodes.Type: ApplicationFiled: January 29, 2021Publication date: August 4, 2022Inventors: Paul Bigbee, Marc Woolward, Hsi-Sheng Wang, Keith Stewart, Jason Parry
-
Publication number: 20220245256Abstract: Systems and methods for attributing user behavior from multiple technical telemetry sources are provided. An example method includes determining that the user has logged into the computing device, in response of the determination, collecting log data from a plurality of telemetry sources associated with the computing device, extracting, from the log data, activity data concerning activities of the computing device, analyzing the activity data to determine that the activity data are attributed to the user, generating, based on the activity data, behavior attributes of the user, associating the behavior attributes with a unique identifier of the computing device, and estimating security integrity of the computing device based on a comparison of the behavior attributes to reference behavior attributes. The reference behavior attributes include further behavior attributes determined using log data of at least one further computing device associated with the user.Type: ApplicationFiled: January 29, 2021Publication date: August 4, 2022Inventors: Hsi-Sheng Wang, Paul Bigbee, Marc Woolward, Keith Stewart, Meng Xu
-
Publication number: 20220201024Abstract: A system and a method for modeling topic-based message-oriented middleware (MoM) are provided. The method commences with connecting with a MoM system and converting information associated with the MoM system into a standardized object model. The standardized object model may include a topic-based node associated with a topic, at least one producer application, and at least one consumer application. The at least one producer application provides one or more messages related to the topic to the topic-based node. The at least one consumer application receives the one or more messages from the topic-based node. The method continues with generating a standardized graph of relationships between producers and consumers over a period of time. The method further includes creating a policy, periodically analyzing the standardized graph for at least one deviation from the policy, and issuing an alert in response to detecting the at least one deviation.Type: ApplicationFiled: December 23, 2020Publication date: June 23, 2022Inventors: Colin Ross, Marc Woolward, Keith Stewart
-
Publication number: 20220201025Abstract: A system and a method for modeling queue-based message-oriented middleware (MoM) are provided. The method commences with connecting with a MoM system and converting information associated with the MoM system into a standardized object model. The standardized object model may include a queue-based node, at least one producer application, and at least one consumer application. The at least one producer application provides a message to the queue-based node. The at least one consumer application receives the message from the queue-based node. The message persists in the queue until consumed by the at least one consumer application. The method continues with generating a standardized graph of relationships between a producer and a consumer over a period of time. The method further includes creating a policy, periodically analyzing the standardized graph for at least one deviation from the policy, and issuing an alert in response to detecting the at least one deviation.Type: ApplicationFiled: December 23, 2020Publication date: June 23, 2022Inventors: Colin Ross, Marc Woolward, Keith Stewart
-
Patent number: 11310284Abstract: Methods and systems for validating security policy in a cloud computing environment are provided. An example method includes providing a graph database, the graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, receiving a security policy, the security policy logically describing rules for the relationships between the workloads, determining, based on the security policy and the graph database, a list of violations, the list of violations including at least one relationship from the relationships between the workloads in the graph database, the at least one relationship being not allowed by at least one of the rules in the security policy, and providing the list of violations to a user.Type: GrantFiled: May 31, 2019Date of Patent: April 19, 2022Assignee: vArmour Networks, Inc.Inventors: Marc Woolward, Meng Xu, Hong Xiao, Keith Stewart, Matthew M. Williamson
-
Patent number: 11290493Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: receiving a target, the target specifying workloads of a plurality of workloads to be included in the security policy, the plurality of workloads being associated with the cloud computing environment; identifying nodes and edges in the graph database using the target, the graph database representing the plurality of workloads as nodes and relationships between the plurality of workloads as edges; getting a security intent, the security intent including a high-level security objective in a natural language; obtaining a security template associated with the security intent; and applying the security template to the identified nodes and edges to produce security rules for the security policy, the security rules at least one of allowing and denying communications between the target and other workloads of the plurality of workloads.Type: GrantFiled: May 31, 2019Date of Patent: March 29, 2022Assignee: vArmour Networks, Inc.Inventors: Marc Woolward, Meng Xu, Hong Xiao, Keith Stewart, Matthew M. Williamson
-
Patent number: 11290494Abstract: Methods and systems for reliability prediction of security policies in a cloud computing environment are provided. An example method includes providing a graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, the relationships being associated with points in time, receiving a security policy including rules for the relationships between the workloads, generating a plurality of earliest points in time based on the rules and the graph database, wherein generating the plurality of earliest points in time includes: determining, for each rule of the rules, a subset of the relationships in the graph database such that each of the subset of the relationships matches the rule, and selecting an earliest point in time from points in time associated with relationships from the subset, and analyzing the plurality of earliest points in time to determine a reliability score for the security policy.Type: GrantFiled: May 31, 2019Date of Patent: March 29, 2022Assignee: vArmour Networks, Inc.Inventors: Xiaodan Li, Marc Woolward
-
Publication number: 20210168150Abstract: Methods and systems for understanding identity and organizational access to applications within an enterprise environment are provided.Type: ApplicationFiled: February 8, 2021Publication date: June 3, 2021Inventors: Colin Ross, Marc Woolward, Keith Stewart, Paul Bigbee, Hsi-Sheng Wang
-
Publication number: 20210120029Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.Type: ApplicationFiled: December 23, 2020Publication date: April 22, 2021Inventors: Colin Ross, Marc Woolward, Keith Stewart
-
Publication number: 20200382557Abstract: Methods and systems for reliability prediction of security policies in a cloud computing environment are provided. An example method includes providing a graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, the relationships being associated with points in time, receiving a security policy including rules for the relationships between the workloads, generating a plurality of earliest points in time based on the rules and the graph database, wherein generating the plurality of earliest points in time includes: determining, for each rule of the rules, a subset of the relationships in the graph database such that each of the subset of the relationships matches the rule, and selecting an earliest point in time from points in time associated with relationships from the subset, and analyzing the plurality of earliest points in time to determine a reliability score for the security policy.Type: ApplicationFiled: May 31, 2019Publication date: December 3, 2020Inventors: Marc Woolward, Xiaodan Li
-
Publication number: 20200382560Abstract: Methods and systems for validating security policy in a cloud computing environment are provided. An example method includes providing a graph database, the graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, receiving a security policy, the security policy logically describing rules for the relationships between the workloads, determining, based on the security policy and the graph database, a list of violations, the list of violations including at least one relationship from the relationships between the workloads in the graph database, the at least one relationship being not allowed by at least one of the rules in the security policy, and providing the list of violations to a user.Type: ApplicationFiled: May 31, 2019Publication date: December 3, 2020Inventors: Marc Woolward, Meng Xu, Hong Xiao, Keith Stewart, Matthew M. Williamson
-
Publication number: 20200382556Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: receiving a target, the target specifying workloads of a plurality of workloads to be included in the security policy, the plurality of workloads being associated with the cloud computing environment; identifying nodes and edges in the graph database using the target, the graph database representing the plurality of workloads as nodes and relationships between the plurality of workloads as edges; getting a security intent, the security intent including a high-level security objective in a natural language; obtaining a security template associated with the security intent; and applying the security template to the identified nodes and edges to produce security rules for the security policy, the security rules at least one of allowing and denying communications between the target and other workloads of the plurality of workloads.Type: ApplicationFiled: May 31, 2019Publication date: December 3, 2020Inventors: Marc Woolward, Meng Xu, Hong Xiao, Keith Stewart, Matthew M. Williamson
-
Publication number: 20200382363Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.Type: ApplicationFiled: May 31, 2019Publication date: December 3, 2020Inventors: Marc Woolward, Keith Stewart, Timothy Eades, Meng Xu, Myo Zarny, Matthew M. Williamson, Jason Parry, Hong Xiao, Hsisheng Wang, Cheng-Lin Hou
-
Patent number: 10333986Abstract: Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include receiving a declarative policy associated with a computer network security policy; collecting information from at least one external system of record; generating a firewall rule set using the declarative policy and information, the firewall rule set including addresses to or from which network communications are permitted, denied, redirected or logged, the firewall rule set being at a lower level of abstraction than the declarative policy; and provisioning the firewall rule set to a plurality of enforcement points of a distributed firewall, the firewall selectively policing network communications among workloads using the firewall rule set.Type: GrantFiled: April 5, 2017Date of Patent: June 25, 2019Assignee: vArmour Networks, Inc.Inventors: Jia-Jyi Lian, Anthony Paterra, Marc Woolward