Patents by Inventor Michael Balber
Michael Balber has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11943228Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.Type: GrantFiled: October 27, 2021Date of Patent: March 26, 2024Assignee: CYBERARK SOFTWARE LTD.Inventor: Michael Balber
-
Patent number: 11907394Abstract: Disclosed embodiments relate to systems and methods for securely performing actions on a resource. Techniques include receiving a request by the entity to perform a privileged action on a resource, the request including a token associated with the entity; providing a first indication of the request to a first handler; providing a second indication of the request to a second handler configured to perform the privileged action on the resource, wherein when the privileged action includes a query, the second indication of the request is provided to a query handler, and when the privileged action includes a write command, the second indication of the request is provided to a command handler.Type: GrantFiled: December 13, 2022Date of Patent: February 20, 2024Assignee: CyberArk Software Ltd.Inventors: Niv Rabin, Michael Balber, Eli Shemesh
-
Publication number: 20230367911Abstract: Disclosed embodiments relate to systems and methods for enforcing security policies in dynamic development pipelines. Techniques include accessing a build script, including a set of instructions for a software build process, parsing the build script to identify a set of scripted build instructions, determining a set of expected build actions based on the scripted build instructions, and constructing a representation of the set of expected build actions. The techniques may further include automatically generating a tiered security policy based on the representation of the set of expected build actions, monitoring a dynamic pipeline running the build script, and enforcing the security policy for the dynamic pipeline environment.Type: ApplicationFiled: March 16, 2023Publication date: November 16, 2023Applicant: CyberArk Software Ltd.Inventors: Michael Balber, Eli Shemesh
-
Patent number: 11693651Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.Type: GrantFiled: November 10, 2022Date of Patent: July 4, 2023Assignee: CyberArk Software Ltd.Inventors: Michael Balber, Shai Dvash
-
Patent number: 11609985Abstract: Disclosed embodiments relate to systems and methods for enforcing security policies in dynamic development pipelines. Techniques include accessing a build script, including a set of instructions for a software build process, parsing the build script to identify a set of scripted build instructions, determining a set of expected build actions based on the scripted build instructions, and constructing a representation of the set of expected build actions. The techniques may further include automatically generating a security policy based on the representation of the set of expected build actions, monitoring a build machine running the build script, and enforcing the security policy on the build machine.Type: GrantFiled: May 11, 2022Date of Patent: March 21, 2023Assignee: CyberArk Software Ltd.Inventors: Eli Shemesh, Michael Balber
-
Patent number: 11500985Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.Type: GrantFiled: April 28, 2022Date of Patent: November 15, 2022Assignee: CyberArk Software Ltd.Inventors: Michael Balber, Shai Dvash
-
Publication number: 20220201003Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.Type: ApplicationFiled: October 27, 2021Publication date: June 23, 2022Inventor: Michael BALBER
-
Patent number: 11178154Abstract: Disclosed embodiments relate to iteratively developing least-privilege profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity; evaluating each permission within the set of permission vectors, the evaluation being based on at least: whether each permission within the set of permission vectors provides sufficient authorization privileges for the network entity to perform an action, and a number of permissions in the set of permission vectors; selecting a group of the set of permission vectors; creating a new set of permission vectors for the network entity; iterating the evaluation for the new set of permission vectors; determining, following at least one instance of the iteration, whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.Type: GrantFiled: December 22, 2020Date of Patent: November 16, 2021Assignee: CYBERARK SOFTWARE LTD.Inventor: Michael Balber
-
Publication number: 20210203687Abstract: Disclosed embodiments relate to systems and methods for dynamically performing entity-specific security assessments for entities of virtualized network environments. Techniques include identifying an entity associated with a virtualized network environment, identifying a plurality of security factors, determining entity-specific weights to the plurality of security factors, and generating a composite exposure assessment for the entity.Type: ApplicationFiled: March 11, 2021Publication date: July 1, 2021Applicant: CyberArk Software Ltd.Inventors: Niv Rabin, Michael Balber, Noa Moyal, Asaf Hecht, Gal Naor
-
Patent number: 11038927Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.Type: GrantFiled: July 23, 2020Date of Patent: June 15, 2021Assignee: CyberArk Software Ltd.Inventors: Michael Balber, Asaf Hecht
-
Patent number: 10880336Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.Type: GrantFiled: July 23, 2020Date of Patent: December 29, 2020Assignee: CyberArk Software Ltd.Inventors: Michael Balber, Asaf Hecht
-
Patent number: 10749910Abstract: Disclosed embodiments relate to systems and methods for multidimensional vectors for analyzing and visually displaying identity permissions. Techniques include identifying a plurality of identities, privileges used by the identities, and data associated with the identities, developing privilege vectors based on the identified information, and generating groupings of the identities based on the privilege vectors. Further techniques include generating a group score for an identity grouping, using the group score to determine if the grouping is a least privilege grouping, and updating the privileges of the identities within the grouping.Type: GrantFiled: April 24, 2020Date of Patent: August 18, 2020Assignee: CyberArk Software Ltd.Inventors: Michael Balber, Asaf Hecht