Patents by Inventor Marco Casassa Mont

Marco Casassa Mont has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10262132
    Abstract: Examples relate to model-based computer attack analytics orchestration. In one example, a computing device may: generate, using an attack model that specifies behavior of a particular attack on a computing system, a hypothesis for the particular attack, the hypothesis specifying, for a particular state of the particular attack, at least one attack action; identify, using the hypothesis, at least one analytics function for determining whether the at least one attack action specified by the hypothesis occurred on the computing system; provide an analytics device with instructions to execute the at least one analytics function on the computing system; receive analytics results from the analytics device; and update a state of the attack model based on the analytics results.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: April 16, 2019
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Philipp Reinecke, Marco Casassa Mont, Yolanta Beresna
  • Patent number: 10250627
    Abstract: Remediating a security threat to a network includes obtaining, from a network, security information about the network to determine traffic patterns of the network, identifying, based on the traffic patterns of the network, a security threat to the network, determining, from a playbook library and a workflow library, a workflow template and at least one software-defined networking (SDN) flow rule template to remediate the security threat, and deploying, via a SDN controller, a SDN flow rule based on the at least one SDN flow rule template in the network to remediate the security threat by altering a control path of the network.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: April 2, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Marco Casassa Mont, Simon Ian Arnell
  • Patent number: 10193892
    Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a restriction associated with a resource of the environment, a monitor engine to maintain resource utilization information, and a control engine to limit execution of the procedure based on the restriction and the resource utilization information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a restriction associated with a resource of the environment, receiving a procedure to access the set of data, ascertaining resource utilization information, and providing a view of the set of data based on the restriction and the resource utilization information.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: January 29, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Patrick Goldsack, Marco Casassa Mont, Simon Kai-Ying Shiu, Suksant Sae Lor
  • Patent number: 10192066
    Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a semantic restriction associated with a semantic term of the environment, a tracker engine to track the procedure during execution, and a control engine to maintain execution of the procedure based on the restriction and trace information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a procedure to access the set of data, receiving a semantic restriction associated with a semantic term of the environment, tracing the procedure during execution, and providing a view of the set of data based on the restriction and a semantic mapping of trace information.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: January 29, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Patrick Goldsack, Marco Casassa Mont, Suksant Sae Lor, Simon Kai-Ying Shiu
  • Publication number: 20180375953
    Abstract: The present disclosure relates to a network device that determines a persistent network identity for a networked device. Specifically, the network device receives a service request that includes an identifier for a second network device in a sub-network among a plurality of sub-networks. The identifier uniquely corresponds to the second network device during a limited period of time. At least one sub-networks are unreachable by the service request. The network device aggregates partial networked device profiles corresponding to the second network device received from other network devices in at least the at least one sub-networks to generate a networked device profile. Moreover, the network device searches at least one caches to obtain the networked device profile based on the identifier in the service request, and correlates the identifier to a persistent network identity corresponding to the second network device based on the networked device profile.
    Type: Application
    Filed: April 21, 2016
    Publication date: December 27, 2018
    Applicant: Hewlett Packard Enterprise Development LP
    Inventors: Marco Casassa Mont, Yolanta Beresna, Simon Ian Amell, Nipun Balan Thekkummal
  • Publication number: 20180337943
    Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.
    Type: Application
    Filed: November 17, 2015
    Publication date: November 22, 2018
    Inventors: Simon Ian ARNELL, Marco CASASSA MONT, Yolanta BERESNA, Theofrastos KOULOURIS, Jon POTTER
  • Publication number: 20180219884
    Abstract: Example implementations relate to changing deployment statuses. An example implementation includes updating a data source data store comprising descriptors of available data sources, a pre-processor data store comprising descriptors of available pre-processors, or an analytic data store comprising descriptors of available analytics. A change request may be initiated responsive to a change in the data source data, pre-processor data, or analytic data and a deployment status of a pre-processor or an analytic may be changed responsive to the change request.
    Type: Application
    Filed: January 27, 2017
    Publication date: August 2, 2018
    Inventors: Yolanta Beresna, Marco Casassa Mont, Philipp Reinecke
  • Patent number: 10027632
    Abstract: In an implementation, a view of a set of data may be based on a context. The context may include an attribute associated with an attribute list. A set of symbols may be associated with the attribute list and the set of data. A key may be associated with the attribute list and a function list.
    Type: Grant
    Filed: July 26, 2013
    Date of Patent: July 17, 2018
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Luis Miguel Vaquero Gonzalez, Suksant Sae Lor, Marco Casassa Mont
  • Publication number: 20180139224
    Abstract: Examples relate to collecting domain name system traffic. In one example, a computing device may: receive, from a first intermediary network device, a DNS query packet that was sent by a client computing device operating on a private network, the DNS query packet specifying i) a query domain name, and ii) a source address that specifies the client computing device; store, in a data storage device, a query record specifying the query domain name and the source address specified by the DNS query packet; receive, from a second intermediary network device, a DNS response packet; determine that the DNS response packet specifies a response domain name that matches the query domain name; in response to the determination, extract, from the DNS response packet, a resolved address that corresponds to the response domain name; and store, in the query record, the resolved address specified by the DNS response packet.
    Type: Application
    Filed: August 31, 2015
    Publication date: May 17, 2018
    Inventors: Simon Ian Arnell, Marco Casassa Mont, Yolanta Beresna
  • Publication number: 20180004941
    Abstract: Examples relate to model-based computer attack analytics orchestration. In one example, a computing device may: generate, using an attack model that specifies behavior of a particular attack on a computing system, a hypothesis for the particular attack, the hypothesis specifying, for a particular state of the particular attack, at least one attack action; identify, using the hypothesis, at least one analytics function for determining whether the at least one attack action specified by the hypothesis occurred on the computing system; provide an analytics device with instructions to execute the at least one analytics function on the computing system; receive analytics results from the analytics device; and update a state of the attack model based on the analytics results.
    Type: Application
    Filed: July 1, 2016
    Publication date: January 4, 2018
    Inventors: Philipp Reinecke, Marco Casassa Mont, Yolanta Beresna
  • Publication number: 20180004958
    Abstract: Examples relate to computer attack model management. In one example, a computing device may: identify a first set of attack models, each attack model in the first set specifying behavior of a particular attack on a computing system; obtain, for each attack model in the first set, performance data that indicates at least one measure of attack model performance for a previous use of the attack model in determining whether the particular attack occurred on the computing system; and update the first set of attack models based on the performance data.
    Type: Application
    Filed: July 1, 2016
    Publication date: January 4, 2018
    Inventors: Philipp Reinecke, Marco Casassa Mont, Yolanta Beresna
  • Patent number: 9798888
    Abstract: An example method for managing data in accordance with aspects of the present disclosure includes receiving from a user in the computer network environment a policy about how a piece of data should be treated, an encryption of the piece of data, a signature of a cryptographic hash of the policy and a cryptographic key, requesting from a trust authority the cryptographic key to access the piece of data, transmitting an encryption of at least one share to the trust authority, wherein the at least one share is created by and received from the trust authority, receiving from the trust authority the cryptographic key, wherein the cryptographic key is recreated by a combiner using a subset of the at least one share, shares associated with the trust authority and shares associated with the combiner, and decrypting the encryption of the piece of data using the recreated cryptographic key.
    Type: Grant
    Filed: July 30, 2013
    Date of Patent: October 24, 2017
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Michael Bernd Beiter, Siani Pearson, Marco Casassa Mont, Liqun Chen
  • Publication number: 20170295196
    Abstract: Examples relate to detecting network anomalies. In one example, a computing device may: receive, from each of a plurality of packet capture devices of a private network, domain name system (DNS) query packets that were sent by a particular client computing device operating on the private network, each DNS query packet specifying i) a destination DNS server, ii) a query domain name, and iii) a source address that specifies the particular client computing device; provide at least one of the DNS query packets to a DNS traffic analyzer that is trained to identify DNS anomalies based on characteristics of the DNS query packets; receive anomaly output from the DNS traffic analyzer, the anomaly output indicating a DNS anomaly that was identified for the DNS query packets; and in response to receiving the anomaly output, provide a user device with data specifying the identified DNS anomaly.
    Type: Application
    Filed: April 10, 2015
    Publication date: October 12, 2017
    Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Simon Ian ARNELL, Marco CASASSA MONT, David Andrew GRAVES, Edward REYNOLDS, Niall Lawrence SAUNDERS
  • Publication number: 20170228537
    Abstract: Examples relate to dynamically adjusting a model for a security operations center (“SOC”). As such, the examples disclosed herein enable constructing a customer storage model over a set of time periods for a customer based on a set of resources of the SOC, a storage distribution model received from the customer related to expected usage of the set of resources, and a threat landscape for the customer. The customer storage model may be revised for a second time period based on actual storage use of the customer during a first time period, and a projection of an amount of data to be consumed in the second time period based on the threat landscape. Allocation of the resources in the SOC may be revised for the second time period based on the revision to the customer storage model.
    Type: Application
    Filed: March 11, 2015
    Publication date: August 10, 2017
    Inventors: Marco Casassa Mont, Simon Ian Arnell, Mihaela Gittler
  • Publication number: 20170223039
    Abstract: Remediating a security threat to a network includes obtaining, from a network, security information about the network to determine traffic patterns of the network, identifying, based on the traffic patterns of the network, a security threat to the network, determining, from a playbook library and a workflow library, a workflow template and at least one software-defined networking (SDN) flow rule template to remediate the security threat, and deploying, via a SDN controller, a SDN flow rule based on the at least one SDN flow rule template in the network to remediate the security threat by altering a control path of the network.
    Type: Application
    Filed: July 31, 2014
    Publication date: August 3, 2017
    Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Marco Casassa Mont, Simon Ian Arnell
  • Publication number: 20170214711
    Abstract: Creating a security report for a customer network includes obtaining from a customer network, security information about the customer network, preparing, based on modification rules, the security information to create modified security information, analyzing, based on big data threat analytics, the security threats to create a number of metrics, refining the number of metrics using a refining model, creating, based on the refined number of metrics used as an input for model-based predictive analytics and the security threats, a security report representing security intelligence for the customer network in which the number of metrics are refined by a refining model and used as an input for the model-based predictive analytics.
    Type: Application
    Filed: July 31, 2014
    Publication date: July 27, 2017
    Inventors: Simon Ian Arnell, Neil Passingham, Marco Casassa Mont
  • Patent number: 9628516
    Abstract: Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
    Type: Grant
    Filed: October 21, 2015
    Date of Patent: April 18, 2017
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Siani Pearson, Archie Reed, Marco Casassa Mont, Gina Kounga, Liqun Chen
  • Publication number: 20170004319
    Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a semantic restriction associated with a semantic term of the environment, a tracker engine to track the procedure during execution, and a control engine to maintain execution of the procedure based on the restriction and trace information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a procedure to access the set of data, receiving a semantic restriction associated with a semantic term of the environment, tracing the procedure during execution, and providing a view of the set of data based on the restriction and a semantic mapping of trace information.
    Type: Application
    Filed: March 14, 2014
    Publication date: January 5, 2017
    Inventors: Patrick GOLDSACK, Marco CASASSA MONT, Suksant SAE LOR, Simon Kai-Ying SHIU
  • Publication number: 20160381036
    Abstract: In one implementation, a data sharing system can comprise a trust engine to identify an environment that satisfies a level of trust, an access engine to request access to a set of data, a procedure engine to receive a procedure, a restriction engine to receive a restriction associated with a resource of the environment, a monitor engine to maintain resource utilization information, and a control engine to limit execution of the procedure based on the restriction and the resource utilization information. In another implementation, a method for sharing a set of data can comprise validating an environment satisfies a level of trust, receiving a restriction associated with a resource of the environment, receiving a procedure to access the set of data, ascertaining resource utilization information, and providing a view of the set of data based on the restriction and the resource utilization information.
    Type: Application
    Filed: March 14, 2014
    Publication date: December 29, 2016
    Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Patrick Goldsack, Marco CASASSA MONT, Simon Kai-Ying SHIU, Suksant SAE LOR
  • Publication number: 20160217295
    Abstract: According to an example, trusted function based data access security control may include determining a restriction set by a first entity and related to access to and/or analysis related to data under the control of the first entity. A trusted function including meta-data that describes a transformation of the data may be ascertained. A determination may be made as to whether the meta-data of the trusted function matches the restriction related to the access to and/or analysis related to the data. In response to a determination that the meta-data of the trusted function matches the restriction, the trusted function may be executed to allow controlled access to the data by a second entity. In response to a determination that the meta-data of the trusted function does not match the restriction, execution of the trusted function may be prevented to prevent access to the data by the second entity.
    Type: Application
    Filed: October 31, 2013
    Publication date: July 28, 2016
    Inventors: Patrick Goldsack, Marco Casassa Mont, Suksant Sae Lor, Simon Kai-Ying Shiu