Patents by Inventor Maxime Lamothe-Brassard
Maxime Lamothe-Brassard has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11671445Abstract: In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.Type: GrantFiled: January 18, 2022Date of Patent: June 6, 2023Assignee: Chronicle LLCInventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Svetla Yankova Yankova
-
Publication number: 20220141249Abstract: In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.Type: ApplicationFiled: January 18, 2022Publication date: May 5, 2022Inventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Svetla Yankova Yankova
-
Patent number: 11265344Abstract: In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.Type: GrantFiled: January 22, 2020Date of Patent: March 1, 2022Assignee: Chronicle LLCInventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Svetla Yankova Yankova
-
Patent number: 10839071Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing telemetry to detect anomalous activity. One of the methods includes accessing data describing a telemetry tree that includes a plurality of nodes and edges; querying, for each of the edges in the telemetry tree using at least one value for the edge from a number of values, historical telemetry data that quantifies an anomaly score for each value to determine whether a relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship; and performing an action using a result of the querying of the historical telemetry data that indicates whether one of the anomaly scores indicates that the relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship.Type: GrantFiled: September 18, 2019Date of Patent: November 17, 2020Assignee: Chronicle LLCInventor: Maxime Lamothe-Brassard
-
Publication number: 20200162505Abstract: In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.Type: ApplicationFiled: January 22, 2020Publication date: May 21, 2020Inventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Svetla Yankova Yankova
-
Patent number: 10581896Abstract: In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.Type: GrantFiled: March 8, 2017Date of Patent: March 3, 2020Assignee: Chronicle LLCInventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Svetla Yankova Yankova
-
Publication number: 20200012786Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing telemetry to detect anomalous activity. One of the methods includes accessing data describing a telemetry tree that includes a plurality of nodes and edges; querying, for each of the edges in the telemetry tree using at least one value for the edge from a number of values, historical telemetry data that quantifies an anomaly score for each value to determine whether a relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship; and performing an action using a result of the querying of the historical telemetry data that indicates whether one of the anomaly scores indicates that the relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship.Type: ApplicationFiled: September 18, 2019Publication date: January 9, 2020Inventor: Maxime Lamothe-Brassard
-
Patent number: 10469509Abstract: The subject matter of this specification generally relates to computer security. In some implementations, a method includes receiving indicators of compromise from multiple security data providers. Each indicator of compromise can include data specifying one or more characteristics of one or more computer security threats. Each indicator of compromise can be configured to, when processed by a computer, cause the computer to detect the presence of the specified one or more characteristics of the one or more computer security threats. Telemetry data for computing systems of users can be received. The telemetry data can include data describing at least one event detected at the computing system. A determination is made that the telemetry data for a given user includes the one or more characteristics specified by a given indicator of compromise.Type: GrantFiled: December 29, 2016Date of Patent: November 5, 2019Assignee: Chronicle LLCInventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Shapor Naghibzadeh
-
Patent number: 10430581Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing telemetry to detect anomalous activity. One of the methods includes accessing data describing a telemetry tree that includes a plurality of nodes and edges; querying, for each of the edges in the telemetry tree using at least one value for the edge from a number of values, historical telemetry data that quantifies an anomaly score for each value to determine whether a relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship; and performing an action using a result of the querying of the historical telemetry data that indicates whether one of the anomaly scores indicates that the relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship.Type: GrantFiled: December 22, 2016Date of Patent: October 1, 2019Assignee: Chronicle LLCInventor: Maxime Lamothe-Brassard
-
Publication number: 20180191770Abstract: In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.Type: ApplicationFiled: March 8, 2017Publication date: July 5, 2018Inventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Svetla Yankova Yankova
-
Publication number: 20180191747Abstract: The subject matter of this specification generally relates to computer security. In some implementations, a method includes receiving indicators of compromise from multiple security data providers. Each indicator of compromise can include data specifying one or more characteristics of one or more computer security threats. Each indicator of compromise can be configured to, when processed by a computer, cause the computer to detect the presence of the specified one or more characteristics of the one or more computer security threats. Telemetry data for computing systems of users can be received. The telemetry data can include data describing at least one event detected at the computing system. A determination is made that the telemetry data for a given user includes the one or more characteristics specified by a given indicator of compromise.Type: ApplicationFiled: December 29, 2016Publication date: July 5, 2018Inventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Shapor Naghibzadeh
-
Patent number: 10015199Abstract: Devices described herein are configured to propagate tags among data objects representing system components. Such devices may detect an event associated with a plurality of system components. Based at least in part on detecting the event and on a configurable policy, the devices may propagate a tag that is assigned to a data object representing one of the plurality of system components to another data object representing another of the plurality of system components. One example of such a tag may be associated with a tree object that represents an execution chain of at least the system component represented by the data object and the other system component represented by the other data object. Another example of such a tag may be a user-specified tag of another entity that the entity associated with the devices subscribes to.Type: GrantFiled: February 15, 2017Date of Patent: July 3, 2018Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Maxime Lamothe-Brassard
-
Publication number: 20180181750Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing telemetry to detect anomalous activity. One of the methods includes accessing data describing a telemetry tree that includes a plurality of nodes and edges; querying, for each of the edges in the telemetry tree using at least one value for the edge from a number of values, historical telemetry data that quantifies an anomaly score for each value to determine whether a relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship; and performing an action using a result of the querying of the historical telemetry data that indicates whether one of the anomaly scores indicates that the relationship indicated by the edge in the telemetry tree represents a potentially malicious relationship.Type: ApplicationFiled: December 22, 2016Publication date: June 28, 2018Inventor: Maxime Lamothe-Brassard
-
Publication number: 20170163686Abstract: Devices described herein are configured to propagate tags among data objects representing system components. Such devices may detect an event associated with a plurality of system components. Based at least in part on detecting the event and on a configurable policy, the devices may propagate a tag that is assigned to a data object representing one of the plurality of system components to another data object representing another of the plurality of system components. One example of such a tag may be associated with a tree object that represents an execution chain of instances of at least the system component represented by the data object and the other system component represented by the other data object. Another example of such a tag may be a user-specified tag of another entity that the entity associated with the devices subscribes to.Type: ApplicationFiled: February 15, 2017Publication date: June 8, 2017Inventors: David F. Diehl, Maxime Lamothe-Brassard
-
Publication number: 20150222646Abstract: Devices described herein are configured to propagate tags among data objects representing system components. Such devices may detect an event associated with a plurality of system components. Based at least in part on detecting the event and on a configurable policy, the devices may propagate a tag that is assigned to a data object representing one of the plurality of system components to another data object representing another of the plurality of system components. One example of such a tag may be associated with a tree object that represents an execution chain of instances of at least the system component represented by the data object and the other system component represented by the other data object. Another example of such a tag may be a user-specified tag of another entity that the entity associated with the devices subscribes to.Type: ApplicationFiled: January 31, 2014Publication date: August 6, 2015Applicant: CrowdStrike, Inc.Inventors: David F. Diehl, Maxime Lamothe-Brassard