Patents by Inventor Ross R. Kinder
Ross R. Kinder has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10713360Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: July 14, 2020Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Patent number: 10678919Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: June 9, 2020Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Patent number: 10659498Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.Type: GrantFiled: May 31, 2018Date of Patent: May 19, 2020Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Patent number: 10645124Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: May 5, 2020Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
-
Patent number: 10594573Abstract: A method of assessing the quality of a network filter rule containing a wildcard includes determine an instantaneous entropy for the network filter rule based on string distances or instantaneous entropy between a plurality of wildcard matches for the network filter rule. The method further includes performing an action if the string distance or instantaneous entropy for the network filter rule crosses a threshold. The action being selected from disabling the network filter rule, flagging the rule as a low quality rule, generating a candidate rule based on a portion of the match having low entropy and a portion of the match having high entropy, or a combination thereof.Type: GrantFiled: January 8, 2016Date of Patent: March 17, 2020Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Patent number: 10484423Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: November 19, 2019Assignee: SecureWorks Corp.Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Patent number: 10333992Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: June 25, 2019Assignee: Dell Products, LPInventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
-
Patent number: 10263788Abstract: A method for operating a secure man-in-the-middle proxy includes intercepting an attempt to establish a connection between an application and a network server associated with a whitelisted hostname, establishing a secure connection to the network server, checking the secure connection against the stored combination of certificate, encryption protocol, and encryption cipher for the whitelisted hostname, and forwarding traffic between the application and the network server at the whitelisted hostname if the secure connection matches the stored combination of certificate, encryption protocol, and encryption cipher for the whitelisted hostname.Type: GrantFiled: January 8, 2016Date of Patent: April 16, 2019Assignee: Dell Products, LPInventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Patent number: 10116625Abstract: A method for provisioning a secure container for running an application includes routing traffic between the application and a secure container service over a virtual private network, and restricting the flow of traffic to or from the application other than traffic to or from the secure container service. The method further includes providing limited name resolution for the secure container with a customized domain name system server, establishing network proxy services to filter and route approved inbound traffic to the application, and establishing outbound network proxy services to filter and route approved outbound traffic from the application.Type: GrantFiled: January 8, 2016Date of Patent: October 30, 2018Assignee: SECUREWORKS, CORP.Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Publication number: 20180288100Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.Type: ApplicationFiled: May 31, 2018Publication date: October 4, 2018Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Patent number: 10009380Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.Type: GrantFiled: January 8, 2016Date of Patent: June 26, 2018Assignee: SECUREWORKS CORP.Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Patent number: 9961107Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: GrantFiled: February 17, 2017Date of Patent: May 1, 2018Assignee: SECUREWORKS CORP.Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Publication number: 20170244734Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: ApplicationFiled: February 17, 2017Publication date: August 24, 2017Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Publication number: 20170244754Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: ApplicationFiled: February 17, 2017Publication date: August 24, 2017Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Publication number: 20170243005Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: ApplicationFiled: February 17, 2017Publication date: August 24, 2017Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Publication number: 20170244750Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: ApplicationFiled: February 17, 2017Publication date: August 24, 2017Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
-
Publication number: 20170243004Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: ApplicationFiled: February 17, 2017Publication date: August 24, 2017Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
-
Publication number: 20170244762Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.Type: ApplicationFiled: February 17, 2017Publication date: August 24, 2017Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas, Oliver J. Palmer, Jon Ramsey, Matt J. McCormack
-
Publication number: 20170201381Abstract: A method for operating a secure man-in-the-middle proxy includes intercepting an attempt to establish a connection between an application and a network server associated with a whitelisted hostname, establishing a secure connection to the network server, checking the secure connection against the stored combination of certificate, encryption protocol, and encryption cipher for the whitelisted hostname, and forwarding traffic between the application and the network server at the whitelisted hostname if the secure connection matches the stored combination of certificate, encryption protocol, and encryption cipher for the whitelisted hostname.Type: ApplicationFiled: January 8, 2016Publication date: July 13, 2017Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
-
Publication number: 20170201548Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.Type: ApplicationFiled: January 8, 2016Publication date: July 13, 2017Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford