Patents by Inventor Michael L. Lefebvre
Michael L. Lefebvre has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10447733Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing deception networks. One of the systems includes a threat information server configured to monitor and control security threats, a management process orchestration server configured to receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat, a network switching controller in communication with one or more network switching devices, a target computing device connected to one of the network switching devices, and an indicator analytics processor configured to generate threat intelligence based on activity observed on the target device and provide the observed threat intelligence to the threat information server. The threat information server can receive threat intelligence information, identify key indicators, and generate identified security threats.Type: GrantFiled: August 29, 2014Date of Patent: October 15, 2019Assignee: Accenture Global Services LimitedInventors: Louis William DiValentin, Matthew Carver, Michael L. Lefebvre, David William Rozmiarek, Eric Ellett
-
Publication number: 20190132358Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing deception networks. One of the systems includes a threat information server configured to monitor and control security threats, a management process orchestration server configured to receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat, a network switching controller in communication with one or more network switching devices, a target computing device connected to one of the network switching devices, and an indicator analytics processor configured to generate threat intelligence based on activity observed on the target device and provide the observed threat intelligence to the threat information server. The threat information server can receive threat intelligence information, identify key indicators, and generate identified security threats.Type: ApplicationFiled: August 29, 2014Publication date: May 2, 2019Applicant: ACCENTURE GLOBAL SERVICES LIMITEDInventors: Louis William DiValentin, Matthew Carver, Michael L. Lefebvre, David William Rozmiarek, Eric Ellett
-
Patent number: 10051010Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: GrantFiled: October 25, 2017Date of Patent: August 14, 2018Assignee: Accenture Global Services LimitedInventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Patent number: 10021127Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server.Type: GrantFiled: October 12, 2017Date of Patent: July 10, 2018Assignee: Accenture Global Services LimitedInventors: Louis William DiValentin, Matthew Carver, Michael L. Lefebvre
-
Patent number: 10009366Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.Type: GrantFiled: July 12, 2017Date of Patent: June 26, 2018Assignee: Accenture Global Services LimitedInventors: Michael L. Lefebvre, Matthew Carver, Eric Ellett, Walid Negm, Louis William DiValentin, James J. Solderitsch
-
Publication number: 20180097847Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: ApplicationFiled: October 25, 2017Publication date: April 5, 2018Inventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Publication number: 20180041538Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server.Type: ApplicationFiled: October 12, 2017Publication date: February 8, 2018Inventors: Louis William DiValentin, Matthew Carver, Michael L. Lefebvre
-
Patent number: 9807120Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: GrantFiled: June 29, 2016Date of Patent: October 31, 2017Assignee: Accenture Global Services LimitedInventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Publication number: 20170310697Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.Type: ApplicationFiled: July 12, 2017Publication date: October 26, 2017Inventors: Michael L. Lefebvre, Matthew Carver, Eric Ellett, Walid Negm, Louis William DiValentin, James J. Solderitsch
-
Patent number: 9794279Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server.Type: GrantFiled: August 29, 2014Date of Patent: October 17, 2017Assignee: Accenture Global Services LimitedInventors: Louis William DiValentin, Matthew Carver, Michael L. Lefebvre
-
Patent number: 9729568Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.Type: GrantFiled: August 12, 2016Date of Patent: August 8, 2017Assignee: Accenture Global Services LimitedInventors: Michael L. Lefebvre, Matthew Carver, Eric Ellett, Walid Negm, Louis William DiValentin, James J. Solderitsch
-
Publication number: 20160352768Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.Type: ApplicationFiled: August 12, 2016Publication date: December 1, 2016Inventors: Michael L. Lefebvre, Matthew Carver, Eric Ellett, Walid Negm, Louis William DiValentin, James J. Solderitsch
-
Publication number: 20160308910Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: ApplicationFiled: June 29, 2016Publication date: October 20, 2016Inventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Publication number: 20160269434Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server.Type: ApplicationFiled: August 29, 2014Publication date: September 15, 2016Applicant: Accenture Global Services LimitedInventors: Louis William DiValentin, Matthew Carver, Michael L. Lefebvre
-
Patent number: 9386041Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: GrantFiled: August 29, 2014Date of Patent: July 5, 2016Assignee: Accenture Global Services LimitedInventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Publication number: 20150365438Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.Type: ApplicationFiled: August 29, 2014Publication date: December 17, 2015Applicant: ACCENTURE GLOBAL SERVICES LIMITEDInventors: Matthew Carver, Louis William DiValentin, Michael L. Lefebvre, Elvis Hovor, David William Rozmiarek
-
Publication number: 20150341379Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining network related anomaly scores. One of the methods includes generating a network map including at least a plurality of network nodes and a plurality of edges that indicate communications paths between the plurality of network nodes, obtaining first data indicating network activity over the edges and between the plurality of network nodes for a first time period, generating a model of expected network activity over the edges and between the plurality of network nodes for a future time period using the network map and the first data, obtaining second data indicating network activity over the edges and between the plurality of network nodes for a second time period, and determining an anomaly score using a comparison between the second data and the model of expected network activity.Type: ApplicationFiled: May 22, 2014Publication date: November 26, 2015Applicant: Accenture Global Services LimitedInventors: Michael L. Lefebvre, Matthew Carver, Eric Ellett, Walid Negm, Louis William DiValentin, James J. Solderitsch