Patents by Inventor Michael James Bailey
Michael James Bailey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12647460Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.Type: GrantFiled: February 14, 2024Date of Patent: June 2, 2026Assignee: OPEN TEXT INC.Inventor: Michael James Bailey
-
Publication number: 20250342257Abstract: Systems and methods for event threat prioritization are provided. In some embodiments, an event priority engine receives event data detected by event agents executing on devices. The events are prioritized and ranked according to threat scores for events generated according to threat indicators which are fed event data and threat data. In some embodiments, security systems may take the approach of prioritizing events based on the endpoints from which they originate using attributes associated with those endpoints. In this way, events can be prioritized at least in part based on the damage to the enterprise that may occur if those events were to compromise security, not just the likelihood of those events actually resulting in a security breach.Type: ApplicationFiled: July 9, 2025Publication date: November 6, 2025Inventors: Michael James Bailey, Ricardo Jose Moncada, Craig Sam Wong
-
Patent number: 12400001Abstract: Systems and methods for event threat prioritization are provided. In some embodiments, an event priority engine receives event data detected by event agents executing on devices. The events are prioritized and ranked according to threat scores for events generated according to threat indicators which are fed event data and threat data. In some embodiments, security systems may take the approach of prioritizing events based on the endpoints from which they originate using attributes associated with those endpoints. In this way, events can be prioritized at least in part based on the damage to the enterprise that may occur if those events were to compromise security, not just the likelihood of those events actually resulting in a security breach.Type: GrantFiled: September 6, 2022Date of Patent: August 26, 2025Assignee: OPEN TEXT HOLDINGS, INC.Inventors: Michael James Bailey, Ricardo Jose Moncada, Craig Sam Wong
-
Publication number: 20250240311Abstract: An endpoint agent is enhanced with a kernel-level event tracing facility, an event manager having telemetry filters, a persistence manager, and a detection engine. The endpoint agent receives an instruction from a controller system to enable a selection of filters, including a custom-built telemetry filter for the kernel-level event tracing facility which feeds events to the event manager as they are occurring. The event manager determines which enabled telemetry filters are applicable to the events, apply them to identify events of interest, and provide those events to the detection engine which, in turn, applies detection filters to the events of interest to detect possible threats to the endpoint. The telemetry filters are evaluated in memory as the events are occurring. To increase the speed of processing, expression trees representing the telemetry filters can be compiled into machine code just in time of execution. The machine code executes extremely fast natively.Type: ApplicationFiled: April 8, 2025Publication date: July 24, 2025Inventors: Michael James Bailey, Jacob Harris Therrien, James Daniel DeMarchi
-
Patent number: 12301590Abstract: An endpoint agent is enhanced with a kernel-level event tracing facility, an event manager having telemetry filters, a persistence manager, and a detection engine. The endpoint agent receives an instruction from a controller system to enable a selection of filters, including a custom-built telemetry filter for the kernel-level event tracing facility which feeds events to the event manager as they are occurring. The event manager determines which enabled telemetry filters are applicable to the events, apply them to identify events of interest, and provide those events to the detection engine which, in turn, applies detection filters to the events of interest to detect possible threats to the endpoint. The telemetry filters are evaluated in memory as the events are occurring. To increase the speed of processing, expression trees representing the telemetry filters can be compiled into machine code just in time of execution. The machine code executes extremely fast natively.Type: GrantFiled: September 23, 2021Date of Patent: May 13, 2025Assignee: OPEN TEXT HOLDINGS, INC.Inventors: Michael James Bailey, Jacob Harris Therrien, James Daniel DeMarchi
-
Publication number: 20250143910Abstract: Examples relate to devices. systems, and methods for fluid collection. A fluid collection device may include a fluid impermeable barrier defining at least a chamber, at least one opening extending there through, and a permeable material disposed in the chamber. The fluid impermeable barrier including at least one foaming agent incorporated therein, the at least one foaming agent is composed to increase a flexibility of the fluid impermeable barrier and maintain a selected geometric configuration. The fluid collection device may also include a conduit having an inlet and an outlet. The inlet being positioned in the chamber and the outlet extending through an aperture in the fluid impermeable barrier.Type: ApplicationFiled: February 3, 2022Publication date: May 8, 2025Inventors: Matthew Jordan Rothberg, Michael James Bailey, Anthony Esposito, Jeffrey Reed, Seth Schneider
-
Publication number: 20250094144Abstract: An endpoint protection system implementing a new blocking strategy allows a user to specify an arbitrary number of protection rules through a user interface. In user mode, the protection rules are compiled into a single expression tree, which is then compiled into byte code. In kernel mode, the byte code is dynamically loaded in memory (e.g., kernel space) and the assembler validates the byte code and performs a plurality of security checks, then ultimately assembles the byte code into machine code that is native to the processor. Because complex detection/protection logic is compiled in user mode, the invention allows for highly expressive and powerful protection rules. Further, because complex detection/protection logic is not manually written in kernel mode, but validated then evaluated via simple machine code instructions in the privileged mode, the invention is safer and will not slow down the entire operating system.Type: ApplicationFiled: December 3, 2024Publication date: March 20, 2025Inventors: Michael James Bailey, Jacob Harris Therrien
-
Patent number: 12197900Abstract: An endpoint protection system implementing a new blocking strategy allows a user to specify an arbitrary number of protection rules through a user interface. In user mode, the protection rules are compiled into a single expression tree, which is then compiled into byte code. In kernel mode, the byte code is dynamically loaded in memory (e.g., kernel space) and the assembler validates the byte code and performs a plurality of security checks, then ultimately assembles the byte code into machine code that is native to the processor. Because complex detection/protection logic is compiled in user mode, the invention allows for highly expressive and powerful protection rules. Further, because complex detection/protection logic is not manually written in kernel mode, but validated then evaluated via simple machine code instructions in the privileged mode, the invention is safer and will not slow down the entire operating system.Type: GrantFiled: May 10, 2022Date of Patent: January 14, 2025Assignee: OPEN TEXT HOLDINGS, INC.Inventors: Michael James Bailey, Jacob Harris Therrien
-
Patent number: 12069096Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.Type: GrantFiled: July 30, 2021Date of Patent: August 20, 2024Assignee: OPEN TEXT HOLDINGS, INC.Inventors: Ilian Waclaw Fortuna, Matthew S. Garrett, Michael James Bailey, Saikumar Ramaswami
-
Publication number: 20240223616Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.Type: ApplicationFiled: February 14, 2024Publication date: July 4, 2024Inventor: Michael James Bailey
-
Patent number: 11949719Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.Type: GrantFiled: January 26, 2022Date of Patent: April 2, 2024Assignee: OPEN TEXT HOLDINGS, INC.Inventor: Michael James Bailey
-
Publication number: 20230367564Abstract: An endpoint protection system implementing a new blocking strategy allows a user to specify an arbitrary number of protection rules through a user interface. In user mode, the protection rules are compiled into a single expression tree, which is then compiled into byte code. In kernel mode, the byte code is dynamically loaded in memory (e.g., kernel space) and the assembler validates the byte code and performs a plurality of security checks, then ultimately assembles the byte code into machine code that is native to the processor. Because complex detection/protection logic is compiled in user mode, the invention allows for highly expressive and powerful protection rules. Further, because complex detection/protection logic is not manually written in kernel mode, but validated then evaluated via simple machine code instructions in the privileged mode, the invention is safer and will not slow down the entire operating system.Type: ApplicationFiled: May 10, 2022Publication date: November 16, 2023Inventors: Michael James Bailey, Jacob Harris Therrien
-
Publication number: 20230070650Abstract: Systems and methods for event threat prioritization are provided. In some embodiments, an event priority engine receives event data detected by event agents executing on devices. The events are prioritized and ranked according to threat scores for events generated according to threat indicators which are fed event data and threat data. In some embodiments, security systems may take the approach of prioritizing events based on the endpoints from which they originate using attributes associated with those endpoints. In this way, events can be prioritized at least in part based on the damage to the enterprise that may occur if those events were to compromise security, not just the likelihood of those events actually resulting in a security breach.Type: ApplicationFiled: September 6, 2022Publication date: March 9, 2023Inventors: Michael James Bailey, Ricardo Jose Moncada, Craig Sam Wong
-
Publication number: 20230032104Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.Type: ApplicationFiled: April 1, 2022Publication date: February 2, 2023Inventors: Ilian Waclaw Fortuna, Matthew S. Garrett, Michael James Bailey, Saikumar Ramaswami
-
Patent number: 11441360Abstract: Reaming tools for reaming a borehole and related systems and methods are described herein. In an embodiment, the tool includes a body having a central axis, and a plurality of blades. Each of the plurality of blades includes an uphole section that extends in a first helical direction, a downhole section that extends in a second helical direction that is opposite the first helical direction, and an arcuate central section that continuously extends from the uphole section to the downhole section. The plurality of blades are eccentric about the central axis such that the reaming tool is configured to pass axially through a first diameter and is configured to ream a borehole to a second diameter that is greater than the first diameter when the tool is rotated about the central axis in a cutting direction.Type: GrantFiled: December 17, 2020Date of Patent: September 13, 2022Assignee: National Oilwell Varco, L.P.Inventors: Michael James Bailey, John Russell Lockley, Gordon Wayne Jones, Roger Silva
-
Publication number: 20220195808Abstract: Reaming tools for reaming a borehole and related systems and methods are described herein. In an embodiment, the tool includes a body having a central axis, and a plurality of blades. Each of the plurality of blades includes an uphole section that extends in a first helical direction, a downhole section that extends in a second helical direction that is opposite the first helical direction, and an arcuate central section that continuously extends from the uphole section to the downhole section. The plurality of blades are eccentric about the central axis such that the reaming tool is configured to pass axially through a first diameter and is configured to ream a borehole to a second diameter that is greater than the first diameter when the tool is rotated about the central axis in a cutting direction.Type: ApplicationFiled: December 17, 2020Publication date: June 23, 2022Applicant: National Oilwell Varco, L.P.Inventors: Michael James Bailey, John Russell Lockley, Gordon Wayne Jones, Roger Silva
-
Publication number: 20220150282Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.Type: ApplicationFiled: January 26, 2022Publication date: May 12, 2022Inventor: Michael James Bailey
-
Publication number: 20220094703Abstract: An endpoint agent is enhanced with a kernel-level event tracing facility, an event manager having telemetry filters, a persistence manager, and a detection engine. The endpoint agent receives an instruction from a controller system to enable a selection of filters, including a custom-built telemetry filter for the kernel-level event tracing facility which feeds events to the event manager as they are occurring. The event manager determines which enabled telemetry filters are applicable to the events, apply them to identify events of interest, and provide those events to the detection engine which, in turn, applies detection filters to the events of interest to detect possible threats to the endpoint. The telemetry filters are evaluated in memory as the events are occurring. To increase the speed of processing, expression trees representing the telemetry filters can be compiled into machine code just in time of execution. The machine code executes extremely fast natively.Type: ApplicationFiled: September 23, 2021Publication date: March 24, 2022Inventors: Michael James Bailey, Jacob Harris Therrien, James Daniel DeMarchi
-
Patent number: 11245730Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.Type: GrantFiled: November 8, 2019Date of Patent: February 8, 2022Assignee: Open Text Holdings, Inc.Inventor: Michael James Bailey
-
Publication number: 20220038503Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.Type: ApplicationFiled: July 30, 2021Publication date: February 3, 2022Inventors: Ilian Waclaw Fortuna, Matthew S. Garrett, Michael James Bailey, Saikumar Ramaswami