Patents by Inventor Rory F. Bray
Rory F. Bray has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11075804Abstract: Methods and apparatus, including computer program products, implementing and using techniques for network modeling and device configuration. A security information and event manager is configured to receive log data from third party devices connected to a network. A notification is received each time a specific third party device generates a predetermined event in response to traffic at the specific third party device. The notification includes event information inferring network topology information, which network topology information includes third party device location information, firewall event information, source and destination networks. In response to receiving this information, a state of each third party device is generated, using inferred information over a predetermined period. An access control list is generated for each third party device, by using the inferred information over the predetermined period.Type: GrantFiled: October 22, 2018Date of Patent: July 27, 2021Assignee: International Business Machines CorporationInventors: Michael S. Hume, Rory F. Bray, Jason D. Keirstead, Christopher I. Collins, Steven W. R. Jones
-
Patent number: 10897476Abstract: A mechanism is provided for reparsing unsuccessfully parsed event data. Responsive to determining that one or more unsuccessfully parsed event data items exist for a log source, each unsuccessfully parsed event data item of the one or more unsuccessfully parsed event data items is reparsing using an updated device support module associated with the log source. Responsive to the device support module successfully reparsing the unsuccessfully parsed event data item thereby forming a successfully parsed event data item, the successfully parsed event data item is added to a historical record of events associated with the log source. Responsive to the device support module failing to successfully reparse the unsuccessfully parsed event data item, the unsuccessfully parsed event data item is retained in an unsuccessfully parsed event data item data structure.Type: GrantFiled: August 9, 2018Date of Patent: January 19, 2021Assignee: International Business Machines CorporationInventors: Rory F. Bray, Michael S. Hume, Christopher A. LeMesurier, Jamie A. R. Wheaton
-
Patent number: 10678933Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.Type: GrantFiled: October 18, 2018Date of Patent: June 9, 2020Assignee: International Business Machines CorporationInventors: Rory F. Bray, Jason D. Keirstead, Declan J. Wilson
-
Publication number: 20200127893Abstract: Methods and apparatus, including computer program products, implementing and using techniques for network modeling and device configuration. A security information and event manager is configured to receive log data from third party devices connected to a network. A notification is received each time a specific third party device generates a predetermined event in response to traffic at the specific third party device. The notification includes event information inferring network topology information, which network topology information includes third party device location information, firewall event information, source and destination networks. In response to receiving this information, a state of each third party device is generated, using inferred information over a predetermined period. An access control list is generated for each third party device, by using the inferred information over the predetermined period.Type: ApplicationFiled: October 22, 2018Publication date: April 23, 2020Inventors: Michael S. Hume, Rory F. Bray, Jason D. Keirstead, Christopher I. Collins, Steven W. R. Jones
-
Publication number: 20190050585Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.Type: ApplicationFiled: October 18, 2018Publication date: February 14, 2019Inventors: Rory F. Bray, Jason D. Keirstead, Declan J. Wilson
-
Patent number: 10169593Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.Type: GrantFiled: December 16, 2015Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: Rory F. Bray, Jason D. Keirstead, Declan J. Wilson
-
Patent number: 10169592Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.Type: GrantFiled: October 13, 2015Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: Rory F. Bray, Jason D. Keirstead, Declan J. Wilson
-
Publication number: 20180351982Abstract: A mechanism is provided for reparsing unsuccessfully parsed event data. Responsive to determining that one or more unsuccessfully parsed event data items exist for a log source, each unsuccessfully parsed event data item of the one or more unsuccessfully parsed event data items is reparsing using an updated device support module associated with the log source. Responsive to the device support module successfully reparsing the unsuccessfully parsed event data item thereby forming a successfully parsed event data item, the successfully parsed event data item is added to a historical record of events associated with the log source. Responsive to the device support module failing to successfully reparse the unsuccessfully parsed event data item, the unsuccessfully parsed event data item is retained in an unsuccessfully parsed event data item data structure.Type: ApplicationFiled: August 9, 2018Publication date: December 6, 2018Inventors: Rory F. Bray, Michael S. Hume, Christopher A. LeMesurier, Jamie A. R. Wheaton
-
Patent number: 10069853Abstract: A mechanism is provided for reparsing unsuccessfully parsed event data. Responsive to determining that one or more unsuccessfully parsed event data items exist for a log source, each unsuccessfully parsed event data item of the one or more unsuccessfully parsed event data items is reparsing using an updated device support module associated with the log source. Responsive to the device support module successfully reparsing the unsuccessfully parsed event data item thereby forming a successfully parsed event data item, the successfully parsed event data item is added to a historical record of events associated with the log source. Responsive to the device support module failing to successfully reparse the unsuccessfully parsed event data item, the unsuccessfully parsed event data item is retained in an unsuccessfully parsed event data item data structure.Type: GrantFiled: August 12, 2016Date of Patent: September 4, 2018Assignee: International Business Machines CorporationInventors: Rory F. Bray, Michael S. Hume, Christopher A. LeMesurier, Jamie A. R. Wheaton
-
Publication number: 20180048664Abstract: A mechanism is provided for reparsing unsuccessfully parsed event data. Responsive to determining that one or more unsuccessfully parsed event data items exist for a log source, each unsuccessfully parsed event data item of the one or more unsuccessfully parsed event data items is reparsing using an updated device support module associated with the log source. Responsive to the device support module successfully reparsing the unsuccessfully parsed event data item thereby forming a successfully parsed event data item, the successfully parsed event data item is added to a historical record of events associated with the log source. Responsive to the device support module failing to successfully reparse the unsuccessfully parsed event data item, the unsuccessfully parsed event data item is retained in an unsuccessfully parsed event data item data structure.Type: ApplicationFiled: August 12, 2016Publication date: February 15, 2018Inventors: Rory F. Bray, Michael S. Hume, Christopher A. LeMesurier, Jamie A.R. Wheaton
-
Publication number: 20180034780Abstract: In an approach, a processor receives information from a computing device, wherein the information comprises normalized device configuration files, topology records, and telemetry data. A processor evaluates the information for asset data, routing information, traffic processing rules, and firewall rules. A processor generates a plain text asset data file, wherein the asset data file comprises an asset record for each possible asset. A processor creates, based on the generated plain asset data file, a testing event. A processor runs the testing event.Type: ApplicationFiled: July 27, 2016Publication date: February 1, 2018Inventors: Rory F. Bray, Christopher I. Collins, Michael S. Hume, Jasna Jackson, Steven W. R. Jones, Christopher A. Lemesurier
-
Publication number: 20170103199Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.Type: ApplicationFiled: December 16, 2015Publication date: April 13, 2017Inventors: Rory F. Bray, Jason D. Keirstead, Declan J. Wilson
-
Publication number: 20170103218Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.Type: ApplicationFiled: October 13, 2015Publication date: April 13, 2017Inventors: Rory F. Bray, Jason D. Keirstead, Declan J. Wilson
-
Patent number: 9607144Abstract: A method, system and computer-usable medium are disclosed for identifying risk within an information technology (IT) environment, comprising: analyzing characteristics of a user accessing a system within an IT environment; associating a risk profile with the user based upon the characteristics of the user; determining when the user accesses a system within the IT environment; maintaining a user risk profile record of all systems within the IT environment accessed by the user, the user risk profile record continuing to be associated with the system after access by the user ceases; and, identifying a risk level for all systems within the IT environment based upon the user risk profile record.Type: GrantFiled: November 30, 2015Date of Patent: March 28, 2017Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jason D. Keirstead, Dwight E. Spencer, Ben A. Wuest
-
Patent number: 9600659Abstract: A method, system and computer-usable medium are disclosed for identifying risk within an information technology (IT) environment, comprising: analyzing characteristics of a user accessing a system within an IT environment; associating a risk profile with the user based upon the characteristics of the user; determining when the user accesses a system within the IT environment; maintaining a user risk profile record of all systems within the IT environment accessed by the user, the user risk profile record continuing to be associated with the system after access by the user ceases; and, identifying a risk level for all systems within the IT environment based upon the user risk profile record.Type: GrantFiled: December 16, 2015Date of Patent: March 21, 2017Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jason D. Keirstead, Dwight E. Spencer, Ben A. Wuest
-
Patent number: 9497217Abstract: According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert.Type: GrantFiled: June 3, 2015Date of Patent: November 15, 2016Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jody D. Brownell, Ben A. Wuest
-
Patent number: 9473531Abstract: According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert.Type: GrantFiled: November 17, 2014Date of Patent: October 18, 2016Assignee: International Business Machines CorporationInventors: William A. Bird, Rory F. Bray, Jody D. Brownell, Ben A. Wuest
-
Publication number: 20160142423Abstract: According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert.Type: ApplicationFiled: June 3, 2015Publication date: May 19, 2016Inventors: William A. Bird, Rory F. Bray, Jody D. Brownell, Ben A. Wuest
-
Publication number: 20160142426Abstract: According to one exemplary embodiment, a method for detecting malware in a network stream to at least one host computer is provided. The method may include initializing a browser profile corresponding with a first website having a first website source and a first plurality of content features. The method may include recording the first plurality of content features and a trusted source based on the first website source. The method may include scanning the network stream for a second content feature within a second plurality of content features associated with a second website. The method may include determining if the second content feature matches a first content feature. The method may include determining if the second plurality of content features is consistent with the first plurality of content features. The method may include determining if a second website source matches the trusted source. The method may include generating an alert.Type: ApplicationFiled: November 17, 2014Publication date: May 19, 2016Inventors: William A. Bird, Rory F. Bray, Jody D. Brownell, Ben A. Wuest
-
Patent number: 9043461Abstract: An illustrative embodiment of a method for firewall rule use counting receives log messages comprising one or more log data sets from each firewall rule in a particular network whose counts are to be tracked in a log collector, generates a network trie for each reference database in a set of databases and a device source trie and a device destination trie for each firewall device in a plurality of devices of the particular network, a source port and protocol list and a destination port and protocol list for each respective device, a unique object for each log data set received; a mapping database comprising an entry for each log data set received associated with the unique object; and feeds each entry in the mapping database through a topology model to also generate a reference to a unique firewall rule on a respective device in the plurality of devices.Type: GrantFiled: March 21, 2014Date of Patent: May 26, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rory F. Bray, Cezar P. Grzelak, Jason D. Keirstead