Patents by Inventor Ophir KRETZER-KATZIR

Ophir KRETZER-KATZIR has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8578507
    Abstract: A system for operating an enterprise computer network including multiple network objects, said system comprising monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects, and entitlement review by owner functionality operative to present to at least one owner of at least one network object a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by said at least one owner of said at least one network object.
    Type: Grant
    Filed: June 14, 2010
    Date of Patent: November 5, 2013
    Assignee: Varonis Systems, Inc.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Publication number: 20130268562
    Abstract: An enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
    Type: Application
    Filed: April 4, 2012
    Publication date: October 10, 2013
    Inventors: Yakov FAITELSON, Ohad KORKUS, David BASS, Yzhar KAYSAR, Ophir KRETZER-KATZIR
  • Publication number: 20130263221
    Abstract: A method for a secure search in a computerized system having a storage, comprising searching for objects in the storage of the computerized system according to search criteria provided by a user wherein the criteria comprise at least one attribute of the objects, identifying objects that meet the criteria and displaying representations respective of identified objects that are accessible to the user, and an apparatus for performing the same.
    Type: Application
    Filed: March 27, 2012
    Publication date: October 3, 2013
    Applicant: VARONIS SYSTEMS, INC.
    Inventors: Yakov FAITELSON, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Patent number: 8533787
    Abstract: A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates.
    Type: Grant
    Filed: May 12, 2011
    Date of Patent: September 10, 2013
    Assignee: Varonis Systems, Inc.
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Publication number: 20130138683
    Abstract: There is thus provided in accordance with a preferred embodiment of the present invention a system for automatically generating and executing database queries, the system including a user interface operative to allow a user to select at least one selected predefined database report from a list of predefined database reports and automatic database query generation functionality operative to automatically generate a database query corresponding to the at least one selected predefined database report, the database query including at least one predefined combinable page.
    Type: Application
    Filed: November 24, 2011
    Publication date: May 30, 2013
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Publication number: 20130074100
    Abstract: A method for event handling in a multi-platform system, comprising acquiring an event of a file access from the multi-platform system, processing the event taking account of an auxiliary data to decide an action and activating the action, and an apparatus for performing the same.
    Type: Application
    Filed: September 19, 2011
    Publication date: March 21, 2013
    Applicant: VARONIS SYSTEMS, INC.
    Inventors: Yakov FAITELSON, Ohad Korkus, Ophir Kretzer-Katzir
  • Publication number: 20120291100
    Abstract: A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates.
    Type: Application
    Filed: May 12, 2011
    Publication date: November 15, 2012
    Inventors: Yakov FAITELSON, Ohad KORKUS, Ophir KRETZER-KATZIR
  • Publication number: 20120271855
    Abstract: In a hierarchical access permissions environment, a method for enabling efficient management of project-wise permissions including maintaining project-wise lists of network objects, access permissions to which cannot be managed together via a hierarchical folder structure and employing the project-wise lists of network objects to make project-wise changes in access permissions to the network objects without the need to individually modify access permissions to individual ones of the network objects.
    Type: Application
    Filed: November 23, 2011
    Publication date: October 25, 2012
    Applicant: VARONIS SYSTEMS, INC.
    Inventors: Yakov FAITELSON, Ohad KORKUS, Ophir KRETZER-KATZIR
  • Publication number: 20120271853
    Abstract: An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permiss
    Type: Application
    Filed: June 14, 2011
    Publication date: October 25, 2012
    Inventors: Yakov FAITELSON, Ohad KORKUS, Ophir KRETZER-KATZIR, Yzhar Keysar
  • Publication number: 20120272294
    Abstract: A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.
    Type: Application
    Filed: November 24, 2011
    Publication date: October 25, 2012
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir
  • Publication number: 20120221550
    Abstract: A system for identifying data of interest from among a multiplicity of data elements residing on multiple platforms in an enterprise, the system including background data characterization functionality characterizing the data of interest at least by at least one content characteristic thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and near real time data matching functionality selecting the data of interest by considering only data elements which have the at least one content characteristic thereof and the at least one access metric thereof from among the multiplicity of data elements.
    Type: Application
    Filed: January 27, 2010
    Publication date: August 30, 2012
    Inventors: Ohad Korkus, Yakov Faitelson, Ophir Kretzer-Katzir, David Bass
  • Publication number: 20120215780
    Abstract: A system for identifying data of interest from among a multiplicity of data elements residing on multiple platforms in an enterprise, the system including background data characterization functionality characterizing the data of interest at least by at least one content characteristic thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and near real time data matching functionality selecting the data of interest by considering only data elements which have the at least one content characteristic thereof and the at least one access metric thereof from among the multiplicity of data elements.
    Type: Application
    Filed: March 7, 2012
    Publication date: August 23, 2012
    Inventors: Yakov FAITELSON, Ohad KORKUS, David BASS, Ophir KRETZER-KATZIR
  • Publication number: 20120191646
    Abstract: A method for characterizing data elements in an enterprise including ascertaining at least one of an access metric and a data identifier for each of a plurality of data elements and employing the at least one of an access metric and a data identifier to automatically apply a metatag to ones of the plurality of data elements.
    Type: Application
    Filed: May 26, 2011
    Publication date: July 26, 2012
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Publication number: 20120179681
    Abstract: A method for managing data in an enterprise by identifying data of interest from among a multiplicity of data elements in an enterprise, the method including characterizing data of interest at least by at least one non-content based data identifier thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and selecting data of interest by considering only data elements from among the multiplicity of data elements which have the at least one non-content based data identifier thereof and the at least one access metric thereof.
    Type: Application
    Filed: May 26, 2011
    Publication date: July 12, 2012
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Publication number: 20120173583
    Abstract: An information technology management system for use in enterprise data management including a metadata supply subsystem which receives metadata from a network, an access permissions management subsystem for managing access permissions to data elements in the network and an access permissions management operation implementation subsystem which automatically governs the operation of the access permissions management subsystem, the access permissions management operation implementation subsystem having at least one of first, second, third and fourth modes of operation.
    Type: Application
    Filed: May 26, 2011
    Publication date: July 5, 2012
    Inventors: Yakov Faiteson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass
  • Publication number: 20120054283
    Abstract: An enterprise email governance system including an enterprise-wide email communication item events monitoring subsystem providing at least near real time indications of email communication item events and an enterprise-wide email communication item events storage subsystem receiving inputs from the monitoring subsystem and providing at least near real time user accessibility to the email communication item events.
    Type: Application
    Filed: August 24, 2010
    Publication date: March 1, 2012
    Inventors: Ohad KORKUS, Yakov FAITELSON, Ophir KRETZER-KATZIR, David BASS
  • Publication number: 20110296490
    Abstract: A system for automatically replacing a user security group-based computer security policy by a computer security policy based at least partially on actual access, including a learned access permissions subsystem operative to learn current access permissions of users to network objects in an enterprise computer environment and to provide an indication of which users are members of which user security groups having access permissions to which network objects, a learned actual access subsystem operative to learn actual access history of users in the enterprise to the network objects and to provide indications of which users have had actual access to which network objects, and a computer security policy administration subsystem, receiving indications from the learned access permission subsystem and the learned actual access subsystem and being operative to automatically replace pre-selected user-security group-based access permissions with at least partially actual access-based access permissions without disrupti
    Type: Application
    Filed: August 23, 2010
    Publication date: December 1, 2011
    Inventors: Yakov FAITELSON, Ohad KORKUS, Ophir KRETZER-KATZIR, David BASS
  • Publication number: 20110184989
    Abstract: An automatic resource ownership assignment system, the system including resource ownership indicators definition functionality operative to allow an operator of the system to define resource ownership indicators, automatic resource ownership recommendation functionality operative to provide, to at least one user of the system, a recommendation to assign ownership of at least one resource to a potential owner, based on the resource ownership indicators, and automatic resource ownership assignment functionality which, responsive to predetermined at least partial approval of the at least one recommendation by the at least one user and approval of said at least one recommendation by the potential owner, is operative to automatically assign ownership of the at least one resource to the potential owner.
    Type: Application
    Filed: January 27, 2011
    Publication date: July 28, 2011
    Inventors: Yakov FAITELSON, Ohad KORKUS, Ophir KRETZER-KATZIR
  • Publication number: 20110061093
    Abstract: A network object access permission management system useful with a computer network including at least one server and a multiplicity of clients, the system including an access permissions subsystem which governs access permissions of users to network objects in the computer network in real time and a future condition based permissions instruction subsystem providing instructions to the access permission subsystem to grant or revoke access permissions of the users to network objects in real time in response to future fulfillment of conditions which are established by an operator in advance.
    Type: Application
    Filed: August 24, 2010
    Publication date: March 10, 2011
    Inventors: Ohad KORKUS, Yakov FAITELSON, Ophir KRETZER-KATZIR, David BASS
  • Publication number: 20110061111
    Abstract: A system for operating an enterprise computer network including multiple network objects, said system comprising monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects, and entitlement review by owner functionality operative to present to at least one owner of at least one network object a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by said at least one owner of said at least one network object.
    Type: Application
    Filed: June 14, 2010
    Publication date: March 10, 2011
    Inventors: Yakov Faitelson, Ohad Korkus, Ophir Kretzer-Katzir, David Bass