Patents by Inventor Omer Schory
Omer Schory has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11956279Abstract: A method and a computer program product and an apparatus for securing communication in heterogeneous networks that include devices with different protection levels. The method comprises monitoring, by a security agent installed on a device, communication between the device and external devices. The method comprises determining a level of in-device protection for each device based on available protection thereof. The method further comprises employing, by the security agent, an associated security policy for communications originating from the device, based on the level of in-device protection; such as resources utilized for employing security policies for communications originating from devices are correlated with the protection levels thereof. The method may further comprise enabling sharing security workload between device having trusted security agents to improve performance efficiency thereof.Type: GrantFiled: June 11, 2020Date of Patent: April 9, 2024Assignee: JFROG LTDInventors: Omer Schory, Or Peles, Shmuel Ur
-
Publication number: 20230362206Abstract: A method and a computer program product and an apparatus for securing communication in heterogeneous networks that include devices with different protection levels. The method comprises monitoring, by a security agent installed on a device, communication between the device and external devices. The method comprises determining a level of in-device protection for each device based on available protection thereof. The method further comprises employing, by the security agent, an associated security policy for communications originating from the device, based on the level of in-device protection; such as resources utilized for employing security policies for communications originating from devices are correlated with the protection levels thereof. The method may further comprise enabling sharing security workload between device having trusted security agents to improve performance efficiency thereof.Type: ApplicationFiled: July 17, 2023Publication date: November 9, 2023Inventors: Omer Schory, Or Peles, Shmuel Ur
-
Publication number: 20230362205Abstract: A method and a computer program product and an apparatus for securing communication in heterogeneous networks that include devices with different protection levels. The method comprises monitoring, by a security agent installed on a device, communication between the device and external devices. The method comprises determining a level of in-device protection for each device based on available protection thereof. The method further comprises employing, by the security agent, an associated security policy for communications originating from the device, based on the level of in-device protection; such as resources utilized for employing security policies for communications originating from devices are correlated with the protection levels thereof. The method may further comprise enabling sharing security workload between device having trusted security agents to improve performance efficiency thereof.Type: ApplicationFiled: July 17, 2023Publication date: November 9, 2023Inventors: Omer Schory, Or Peles, Shmuel Ur
-
Publication number: 20220108007Abstract: A method, apparatus and product including: obtaining metadata about a firmware, wherein the metadata comprises one or more constraints on execution of a system call by the firmware; during execution of the firmware, identifying a system call event, wherein the system call event comprises an invocation of the system call; determining that the system call event violates the one or more constraints on the execution of the system call; and in response to said determining that the system call event violates the one or more constraints, performing a responsive action.Type: ApplicationFiled: October 4, 2021Publication date: April 7, 2022Inventors: Daniel Zatutschne-Marom, Omer Schory
-
Patent number: 10878106Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.Type: GrantFiled: November 25, 2019Date of Patent: December 29, 2020Assignee: VDOO CONNECTED TRUST LTD.Inventors: Netanel Davidi, Uri Alter, Asaf Karas, Omer Schory
-
Publication number: 20200396259Abstract: A method and a computer program product and an apparatus for securing communication in heterogeneous networks that include devices with different protection levels. The method comprises monitoring, by a security agent installed on a device, communication between the device and external devices. The method comprises determining a level of in-device protection for each device based on available protection thereof. The method further comprises employing, by the security agent, an associated security policy for communications originating from the device, based on the level of in-device protection; such as resources utilized for employing security policies for communications originating from devices are correlated with the protection levels thereof. The method may further comprise enabling sharing security workload between device having trusted security agents to improve performance efficiency thereof.Type: ApplicationFiled: June 11, 2020Publication date: December 17, 2020Inventors: Omer Schory, Or Peles, Shmuel Ur
-
Publication number: 20200089893Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.Type: ApplicationFiled: November 25, 2019Publication date: March 19, 2020Inventors: Netanel Davidi, Uri Alter, Asaf Karas, Omer Schory
-
Publication number: 20200042715Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.Type: ApplicationFiled: July 30, 2019Publication date: February 6, 2020Inventors: Netanel Davidi, Uri Alter, Asaf Karas, Omer Schory
-
Patent number: 10534918Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.Type: GrantFiled: July 30, 2019Date of Patent: January 14, 2020Assignee: VDOO CONNECTED TRUST LTD.Inventors: Netanel Davidi, Uri Alter, Asaf Karas, Omer Schory
-
Patent number: 10310870Abstract: It is often desired to add or change the functionality of an existing executable, also known as binary. Simply splicing in new machine code into the binary will not work due to host system-specific and platform-specific limitations. The present invention will enable adding any new code to an existing program while overcoming the aforementioned consistency limitations and maintaining the original functionality.Type: GrantFiled: August 8, 2016Date of Patent: June 4, 2019Assignee: APPDOME LTD.Inventors: Avner Yehuda, Omer Schory, Meir Tsvi, Daniel Zatuchne
-
Publication number: 20170228540Abstract: Software traps per application that attract malicious software are created by mimicking the behavior of the application. In an embodiment, the software traps are comprised of mimicked entities which will be created and monitored to detect malicious code activity using an additional layer to the application.Type: ApplicationFiled: February 9, 2016Publication date: August 10, 2017Applicant: APPDOME LTD.Inventors: Avner Yehuda, Omer Schory
-
Publication number: 20170201526Abstract: Today's methods for protecting the contents of a file enable a user to encrypt the whole file and protect its content from others. This means that for a company with employees at different categories which need to get access to certain sections in the document, multiple categories, multiple version of the document need to be generated with different encryption schemes this which will complicate the document generation, distribution and update at the corporate server The present invention will allow inclusion of encrypted sections in the file and by using the metadata layer the standard application may be instructed to ignore these sections. Hence a single document may exist with reading capabilities set per employee category and the sections always encrypted thus simplifying the document generation and distribution at the corporate server.Type: ApplicationFiled: November 15, 2015Publication date: July 13, 2017Applicant: APPDOME LTD.Inventors: Avner Yehuda, Omer Schory
-
Publication number: 20170060565Abstract: It is often desired to add or change the functionality of an existing executable, also known as binary. Simply splicing in new machine code into the binary will not work due to host system-specific and platform-specific limitations. The present invention will enable adding any new code to an existing program while overcoming the aforementioned consistency limitations and maintaining the original functionality.Type: ApplicationFiled: August 8, 2016Publication date: March 2, 2017Applicant: APPDOME LTD.Inventors: Avner Yehuda, Omer Schory, Meir Tsvi, Daniel Zatuchne
-
Patent number: 9137204Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation.Type: GrantFiled: February 2, 2006Date of Patent: September 15, 2015Assignee: CHECK POINT SOFTWARE TECHNOLOGIES LTD.Inventors: Omer Schory, Ofer Raz, Oded Gonda
-
Patent number: 8726008Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT.Type: GrantFiled: March 28, 2012Date of Patent: May 13, 2014Assignee: Check Point Software Technologies Ltd.Inventors: Omer Schory, Ofer Raz, Oded Gonda
-
Publication number: 20120297491Abstract: A system and method for protecting data communications in a system including a toad-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT.Type: ApplicationFiled: March 28, 2012Publication date: November 22, 2012Applicant: CHECK POINT SOFTWARE TECHNOLOGIES LTD.Inventors: Omer Schory, Ofer Raz, Oded Gonda
-
Patent number: 7797566Abstract: A method for load sharing and high availability in a cluster of computers. The cluster includes a first computer and a second computer which perform a task An active application runs in the first computer and a standby application is installed in the second computer. The active application and the standby application are included in an application group. A first plurality of applications is installed in the first computer; the first plurality includes the running active application. The active application performs the task and stores in memory of the first computer state parameters and a policy. A synchronized copy of the state parameters and the policy pertaining to the task is maintained by storing in memory of the second computer. Preferably, the cluster is in a security gateway between data networks and performs a task related to security of one or more of the networks.Type: GrantFiled: July 11, 2006Date of Patent: September 14, 2010Assignee: Check Point Software Technologies Ltd.Inventors: Amit Dror, Omer Schory
-
Publication number: 20080016386Abstract: A method for load sharing and high availability in a cluster of computers. The cluster includes a first computer and a second computer which perform a task An active application runs in the first computer and a standby application is installed in the second computer. The active application and the standby application are included in an application group. A first plurality of applications is installed in the first computer; the first plurality includes the running active application. The active application performs the task and stores in memory of the first computer state parameters and a policy A synchronized copy of the state parameters and the policy pertaining to the task is maintained by storing in memory of the second computer. Preferably, the cluster is in a security gateway between data networks and performs a task related to security of one or more of the networks.Type: ApplicationFiled: July 11, 2006Publication date: January 17, 2008Applicant: CHECK POINT SOFTWARE TECHNOLOGIES LTD.Inventors: Amit Dror, Omer Schory
-
Publication number: 20070180226Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation.Type: ApplicationFiled: February 2, 2006Publication date: August 2, 2007Inventors: Omer Schory, Ofer Raz, Oded Gonda