Patents by Inventor Mathias Abraham Marc SCHERMAN
Mathias Abraham Marc SCHERMAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11503059Abstract: Disclosed herein is a system for predicting, given a pattern of triggered alerts, a next alert in order to identify malicious activity that is about to occur on resource(s) being monitored by a security operations center. A resource can include a server, a storage device, a user device (e.g., a personal computer, a tablet computer, a smartphone, etc.), a virtual machine, networking equipment, etc. Accordingly, the next alert is speculatively triggered in advance and a security analyst can be notified of a pattern of activity that is likely to be malicious. The security analyst can then investigate the pattern of triggered alerts and the speculatively triggered alert to determine whether steps to mitigate the malicious activity before it occurs should be taken.Type: GrantFiled: April 22, 2019Date of Patent: November 15, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Roy Levin, Mathias Abraham Marc Scherman, Yotam Livny
-
Patent number: 11263544Abstract: Systems, methods, and apparatuses are provided for clustering incidents in a computing environment. An incident notification relating to an event (e.g., a potential cyberthreat or any other alert) in the computing environment is received and a set of features may be generated based on the incident notification. The set of features may be provided as an input to a machine-learning engine to identify a similar incident notification in the computing environment. The similar incident notification may include a resolved incident notification or an unresolved incident notification. An action to resolve the incident notification may be received, and the received action may thereby be executed. In some implementations, in addition to resolving the received incident notification, the action may be executed to resolve a similar unresolved incident notification identified by the machine-learning engine.Type: GrantFiled: August 20, 2018Date of Patent: March 1, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Yotam Livny, Roy Levin, Ram Haim Pliskin, Ben Kliger, Mathias Abraham Marc Scherman, Moshe Israel, Michael Zeev Bargury
-
Patent number: 11184359Abstract: Methods, systems, and media are shown for generating access control rules for computer resources involving collecting historical access data for user accesses to a computer resource and separating the historical access data into a training data set and a validation data set. An access control rule is generated for the computer resource based on the properties of the user accesses to the computer resource in the training data set. The rule is validated against the validation data set to determine whether the rule produces a denial rate level is below a threshold when the rule is applied to the validation data set. If the rule is valid, then it is provided to an administrative interface so that an administrator can select the rule for application to incoming user requests.Type: GrantFiled: August 9, 2018Date of Patent: November 23, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ben Kliger, Yotam Livny, Ram Haim Pliskin, Roy Levin, Mathias Abraham Marc Scherman, Moshe Israel, Michael Zeev Bargury
-
Patent number: 11184363Abstract: Embodiments described herein are directed to securing network-based compute resources. The foregoing may be achieved by determining a tag representative of non-malicious network addresses. The tag is determined by analyzing network data traffic received by a plurality of compute resources. Machine-learning based techniques may be used to automatically classify each network address that communicates with a particular compute resource as being malicious or non-malicious. Determined non-malicious network addresses for a particular compute resource are automatically associated with a tag. The tag is used to configure a firewall application to prevent access to a corresponding compute resource by malicious network addresses not represented by the tag. The number of non-malicious network addresses associated with a tag may be expanded by clustering compute resources having a similar set of network addresses that communicate therewith.Type: GrantFiled: December 31, 2018Date of Patent: November 23, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Mathias Abraham Marc Scherman, Ben Kliger, Evan Clarke Smith
-
Patent number: 10944791Abstract: A system for predicting vulnerability of network resources is provided. The system can calculate an initial vulnerability score for each of the network resources and use the initial vulnerability scores along with activity data of the network resources to train a vulnerability model. After training, the vulnerability model can predict the vulnerability of the network resources based on new activity data collected from the network resources. Based on the predicted vulnerability, vulnerable network resources can be identified. Further analysis can be performed by comparing the activities of the vulnerable network resources and other network resources to identify activity patterns unique to the vulnerable network resources as attack patterns. Based on the attack patterns, one or more actions can be taken to increase the security of the vulnerable network resources to avoid further vulnerability.Type: GrantFiled: August 27, 2018Date of Patent: March 9, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Yotam Livny, Mathias Abraham Marc Scherman, Moshe Israel, Ben Kliger, Ram Haim Pliskin, Roy Levin, Michael Zeev Bargury
-
Publication number: 20200336506Abstract: Disclosed herein is a system for predicting, given a pattern of triggered alerts, a next alert in order to identify malicious activity that is about to occur on resource(s) being monitored by a security operations center. A resource can include a server, a storage device, a user device (e.g., a personal computer, a tablet computer, a smartphone, etc.), a virtual machine, networking equipment, etc. Accordingly, the next alert is speculatively triggered in advance and a security analyst can be notified of a pattern of activity that is likely to be malicious. The security analyst can then investigate the pattern of triggered alerts and the speculatively triggered alert to determine whether steps to mitigate the malicious activity before it occurs should be taken.Type: ApplicationFiled: April 22, 2019Publication date: October 22, 2020Inventors: Roy LEVIN, Mathias Abraham Marc SCHERMAN, Yotam LIVNY
-
Publication number: 20200213325Abstract: Embodiments described herein are directed to securing network-based compute resources. The foregoing may be achieved by determining a tag representative of non-malicious network addresses. The tag is determined by analyzing network data traffic received by a plurality of compute resources. Machine-learning based techniques may be used to automatically classify each network address that communicates with a particular compute resource as being malicious or non-malicious. Determined non-malicious network addresses for a particular compute resource are automatically associated with a tag. The tag is used to configure a firewall application to prevent access to a corresponding compute resource by malicious network addresses not represented by the tag. The number of non-malicious network addresses associated with a tag may be expanded by clustering compute resources having a similar set of network addresses that communicate therewith.Type: ApplicationFiled: December 31, 2018Publication date: July 2, 2020Inventors: Mathias Abraham Marc Scherman, Ben Kliger, Evan Clarke Smith
-
Publication number: 20200067980Abstract: A system for predicting vulnerability of network resources is provided. The system can calculate an initial vulnerability score for each of the network resources and use the initial vulnerability scores along with activity data of the network resources to train a vulnerability model. After training, the vulnerability model can predict the vulnerability of the network resources based on new activity data collected from the network resources. Based on the predicted vulnerability, vulnerable network resources can be identified. Further analysis can be performed by comparing the activities of the vulnerable network resources and other network resources to identify activity patterns unique to the vulnerable network resources as attack patterns. Based on the attack patterns, one or more actions can be taken to increase the security of the vulnerable network resources to avoid further vulnerability.Type: ApplicationFiled: August 27, 2018Publication date: February 27, 2020Inventors: Yotam LIVNY, Mathias Abraham Marc SCHERMAN, Moshe ISRAEL, Ben KLIGER, Ram Haim PLISKIN, Roy LEVIN, Michael Zeev BARGURY
-
Publication number: 20200057953Abstract: Systems, methods, and apparatuses are provided for clustering incidents in a computing environment. An incident notification relating to an event (e.g., a potential cyberthreat or any other alert) in the computing environment is received and a set of features may be generated based on the incident notification. The set of features may be provided as an input to a machine-learning engine to identify a similar incident notification in the computing environment. The similar incident notification may include a resolved incident notification or an unresolved incident notification. An action to resolve the incident notification may be received, and the received action may thereby be executed. In some implementations, in addition to resolving the received incident notification, the action may be executed to resolve a similar unresolved incident notification identified by the machine-learning engine.Type: ApplicationFiled: August 20, 2018Publication date: February 20, 2020Inventors: Yotam Livny, Roy Levin, Ram Haim Pliskin, Ben Kliger, Mathias Abraham Marc Scherman, Moshe Israel, Michael Zeev Bargury
-
Publication number: 20200053090Abstract: Methods, systems, and media are shown for generating access control rules for computer resources involving collecting historical access data for user accesses to a computer resource and separating the historical access data into a training data set and a validation data set. An access control rule is generated for the computer resource based on the properties of the user accesses to the computer resource in the training data set. The rule is validated against the validation data set to determine whether the rule produces a denial rate level is below a threshold when the rule is applied to the validation data set. If the rule is valid, then it is provided to an administrative interface so that an administrator can select the rule for application to incoming user requests.Type: ApplicationFiled: August 9, 2018Publication date: February 13, 2020Inventors: Ben KLIGER, Yotam LIVNY, Ram Haim PLISKIN, Roy LEVIN, Mathias Abraham Marc SCHERMAN, Moshe ISRAEL, Michael Zeev BARGURY