Patents by Inventor Mayuresh Vishwas Dani
Mayuresh Vishwas Dani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11968225Abstract: Methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device. The system exploitability information indicates one or more of: the vulnerability associated with the computing device, an exposure window associated with the computing device, and a protection window associated with the computing device.Type: GrantFiled: June 13, 2022Date of Patent: April 23, 2024Assignee: Qualys, Inc.Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi, Rishikesh Jayaram Bhide
-
Publication number: 20240080335Abstract: The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.Type: ApplicationFiled: October 30, 2023Publication date: March 7, 2024Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi
-
Publication number: 20240064177Abstract: The present disclosure describes defending against an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to defend against a first attack execution operation executed by a threat-actor.Type: ApplicationFiled: October 30, 2023Publication date: February 22, 2024Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi
-
Patent number: 11874933Abstract: A system for testing a security object is disclosed. The system comprises processors and memory storing a plurality of security engines and instructions that, when executed by the processors, causes the system to: access a decision tree comprising a first node and a plurality of second nodes; link a first leaf node of the decision tree with a first security engine; link a second leaf node of the decision tree with a second security engine; receive a security object comprising a digital asset that is attackable using one or more attack execution operations; and test the security object using the decision tree to determine a security threat parameter for the security object. The security threat parameter may be used to prioritize one or more remediation steps for mitigating against the one or more attack execution operations associated with the digital asset.Type: GrantFiled: December 29, 2021Date of Patent: January 16, 2024Assignee: Qualys, Inc.Inventors: Ankur Sunil Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20240007487Abstract: The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.Type: ApplicationFiled: September 15, 2023Publication date: January 4, 2024Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20230418938Abstract: The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.Type: ApplicationFiled: September 5, 2023Publication date: December 28, 2023Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Patent number: 11805147Abstract: The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.Type: GrantFiled: March 29, 2021Date of Patent: October 31, 2023Assignee: Qualys, Inc.Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi
-
Patent number: 11805152Abstract: The present disclosure describes defending against an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to defend against a first attack execution operation executed by a threat-actor.Type: GrantFiled: March 29, 2021Date of Patent: October 31, 2023Assignee: Qualys, Inc.Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi
-
Patent number: 11777961Abstract: The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.Type: GrantFiled: May 23, 2022Date of Patent: October 3, 2023Assignee: QUALYS, INC.Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Patent number: 11762991Abstract: The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.Type: GrantFiled: May 16, 2022Date of Patent: September 19, 2023Assignee: QUALYS, INC.Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20230205888Abstract: A system for testing a security object is disclosed. The system comprises processors and memory storing a plurality of security engines and instructions that, when executed by the processors, causes the system to: access a decision tree comprising a first node and a plurality of second nodes; link a first leaf node of the decision tree with a first security engine; link a second leaf node of the decision tree with a second security engine; receive a security object comprising a digital asset that is attackable using one or more attack execution operations; and test the security object using the decision tree to determine a security threat parameter for the security object. The security threat parameter may be used to prioritize one or more remediation steps for mitigating against the one or more attack execution operations associated with the digital asset.Type: ApplicationFiled: December 29, 2021Publication date: June 29, 2023Inventors: Ankur Sunil Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20230156017Abstract: The present disclosure provides a method and a system for generating a decision tree that tests security event files. The method comprises receiving attack data comprising a plurality of attack execution operations and determining threat attribute data based on the attack data. The method also comprises generating a decision tree using the threat attribute data. The decision tree includes at least one first node and a plurality of second nodes connected to the at least one first node. A first nodal data may be generated and assigned to each second node based on one or more threat attributes associated with the threat attribute data. In response to receiving a security event file, the method executes one or more security tests, using the decision tree, for the security event file.Type: ApplicationFiled: November 12, 2021Publication date: May 18, 2023Inventors: Ankur Sunil Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20220311798Abstract: Methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device. The system exploitability information indicates one or more of: the vulnerability associated with the computing device, an exposure window associated with the computing device, and a protection window associated with the computing device.Type: ApplicationFiled: June 13, 2022Publication date: September 29, 2022Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi, Rishikesh Jayaram Bhide
-
Publication number: 20220294810Abstract: The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.Type: ApplicationFiled: May 23, 2022Publication date: September 15, 2022Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20220277078Abstract: The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.Type: ApplicationFiled: May 16, 2022Publication date: September 1, 2022Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Patent number: 11363052Abstract: Methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device. The system exploitability information indicates one or more of: the vulnerability associated with the computing device, an exposure window associated with the computing device, and a protection window associated with the computing device.Type: GrantFiled: July 19, 2019Date of Patent: June 14, 2022Assignee: Qualys, Inc.Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi, Rishikesh Jayaram Bhide
-
Patent number: 11343263Abstract: The present disclosure relates to methods, systems, and computer program products for generating an asset remediation trend map used in remediating against an attack campaign. The method comprises receiving attack kill chain data. The attack kill chain data comprises steps for executing an attack campaign on one or more assets associated with a computing device. The method further comprises parsing the attack kill chain data to determine one or more attack execution operations for executing the attack campaign on the one or more assets associated with the computing device. The method determines based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations. In addition, the method sequences the one or more remediation operations to form an asset remediation trend map. In one implementation, the asset remediation trend map indicates steps for remediating the attack campaign.Type: GrantFiled: April 15, 2019Date of Patent: May 24, 2022Assignee: Qualys, Inc.Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Patent number: 11334666Abstract: The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.Type: GrantFiled: April 15, 2019Date of Patent: May 17, 2022Assignee: Qualys Inc.Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
-
Publication number: 20210243230Abstract: The present disclosure describes defending against an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to defend against a first attack execution operation executed by a threat-actor.Type: ApplicationFiled: March 29, 2021Publication date: August 5, 2021Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi
-
Publication number: 20210218767Abstract: The present describes simulating a threat-actor executing an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) simulant is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL simulant. In one implementation, the DSL simulant is executed to simulate a threat-actor executing an attack execution operation.Type: ApplicationFiled: March 29, 2021Publication date: July 15, 2021Inventors: Mayuresh Vishwas Dani, Ankur S. Tyagi