Patents by Inventor Michael Mumcuoglu
Michael Mumcuoglu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10645110Abstract: A method for computer system forensics includes receiving an identification of at least one host computer that has exhibited an anomalous behavior, in a computer network comprising multiple host computers. Respective images of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: GrantFiled: April 18, 2018Date of Patent: May 5, 2020Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Patent number: 10356106Abstract: A method for network monitoring includes intercepting, in an anomaly detection module, a first data packet transmitted over a network in accordance with a predefined protocol to or from an entity on the network. Both a network address that is assigned to the entity and a strong identity, which is incorporated in the first data packet in accordance with the predefined protocol, of the entity are extracted from the intercepted first data packet. An association is recorded between the network address and the strong identity. Second data packets transmitted over the network are intercepted, containing the network address. Responsively to the recorded association and the network address, the second data packets are associated with the strong identity. The associated second data packets are analyzed in order to detect anomalous behavior and to attribute the anomalous behavior to the entity.Type: GrantFiled: March 21, 2016Date of Patent: July 16, 2019Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Giora Engel, Michael Mumcuoglu
-
Publication number: 20180367556Abstract: A method for computer system forensics includes receiving an identification of at least one host computer that has exhibited an anomalous behavior, in a computer network comprising multiple host computers. Respective images of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: ApplicationFiled: April 18, 2018Publication date: December 20, 2018Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Patent number: 10075461Abstract: A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.Type: GrantFiled: May 31, 2015Date of Patent: September 11, 2018Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Michael Mumcuoglu, Giora Engel, Yaron Neuman, Eyal Firstenberg
-
Patent number: 9979742Abstract: A method for computer system forensics includes receiving an identification of an anomalous message transmitted by a host computer in a computer network comprising multiple host computers. Messages transmitted by the host computers are monitored so as to detect, for each monitored message, a respective process that initiated the message. Responsively to the identification, a forensic indicator is extracted of the respective process that initiated the anomalous message.Type: GrantFiled: October 6, 2016Date of Patent: May 22, 2018Assignee: Palo Alto Networks (Israel Analytics) Ltd.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Patent number: 9979739Abstract: A method for computer system forensics includes receiving an identification of at least one host computer (26) that has exhibited an anomalous behavior, in a computer network (24) comprising multiple host computers. Respective images (68) of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: GrantFiled: January 15, 2014Date of Patent: May 22, 2018Assignee: Palo Alto Networks (Israel Analytics) Ltd.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20170054744Abstract: A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.Type: ApplicationFiled: May 31, 2015Publication date: February 23, 2017Inventors: Michael Mumcuoglu, Giora Engel, Yaron Neuman, Eyal Firstenberg
-
Publication number: 20170026395Abstract: A method for computer system forensics includes receiving an identification of a time of occurrence of an anomalous event in a computer network including multiple host computers. Logs of activity of entities in the computer network are collected. A comparison is made between first entries in at least one of the logs collected within a predefined time interval of the time of the occurrence of the anomalous event, and second entries in the at least one of the logs collected outside the predefined time interval. Based on the comparison, a forensic indicator associated with the anomalous event is extracted from the logs.Type: ApplicationFiled: October 6, 2016Publication date: January 26, 2017Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20170026398Abstract: A method for computer system forensics includes receiving an identification of an anomalous message transmitted by a host computer in a computer network comprising multiple host computers. Messages transmitted by the host computers are monitored so as to detect, for each monitored message, a respective process that initiated the message. Responsively to the identification, a forensic indicator is extracted of the respective process that initiated the anomalous message.Type: ApplicationFiled: October 6, 2016Publication date: January 26, 2017Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20160234167Abstract: A method for network monitoring includes intercepting, in an anomaly detection module, a first data packet transmitted over a network in accordance with a predefined protocol to or from an entity on the network. Both a network address that is assigned to the entity and a strong identity, which is incorporated in the first data packet in accordance with the predefined protocol, of the entity are extracted from the intercepted first data packet. An association is recorded between the network address and the strong identity. Second data packets transmitted over the network are intercepted, containing the network address. Responsively to the recorded association and the network address, the second data packets are associated with the strong identity. The associated second data packets are analyzed in order to detect anomalous behavior and to attribute the anomalous behavior to the entity.Type: ApplicationFiled: March 21, 2016Publication date: August 11, 2016Inventors: Giora Engel, Michael Mumcuoglu
-
Publication number: 20150358344Abstract: A method for computer system forensics includes receiving an identification of at least one host computer (26) that has exhibited an anomalous behavior, in a computer network (24) comprising multiple host computers. Respective images (68) of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: ApplicationFiled: January 15, 2014Publication date: December 10, 2015Applicant: LIGHT CYBER LTD.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20120315839Abstract: A method for monitoring an audience, includes receiving transmissions over the air, in accordance with a standard communication protocol, from one or more wireless communication devices (24) belonging to members (26) of the audience at a location. The transmissions are analyzed in order to derive a characteristic of the audience.Type: ApplicationFiled: December 29, 2010Publication date: December 13, 2012Applicant: METERLIVE LTD.Inventors: Michael Mumcuoglu, Giora Engel