Patents by Inventor Shivakumar Buruganahalli
Shivakumar Buruganahalli has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10476891Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Dark space in a network (unused IP addresses, unused ports and absent applications, and invalid usernames and passwords) is consumed by a BotSink such that attempts to access Darkspace resources will be directed to the BotSink, which will engage the source host of such attempts.Type: GrantFiled: July 21, 2015Date of Patent: November 12, 2019Assignee: ATTIVO NETWORKS INC.Inventors: Venu Vissamsetty, Srikant Vissamsetti, Shivakumar Buruganahalli
-
Patent number: 10079838Abstract: Technologies for securing communication may include monitoring a secured network connection between a client and a server. The secured network connection may be secured using a symmetric cryptographic key. The technologies may also include detecting a transmission of secured information between the client and the server, copying the transmission, forwarding the transmission to an intended recipient, decrypting the transmission using the symmetric cryptographic key, and determining whether the transmission is indicative of malware.Type: GrantFiled: March 14, 2013Date of Patent: September 18, 2018Assignee: McAfee, LLCInventor: Shivakumar Buruganahalli
-
Patent number: 10003616Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.Type: GrantFiled: April 26, 2017Date of Patent: June 19, 2018Assignee: Palo Alto Networks, Inc.Inventors: Shivakumar Buruganahalli, Song Wang
-
Patent number: 9838434Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.Type: GrantFiled: December 31, 2015Date of Patent: December 5, 2017Assignee: McAfee, LLCInventors: Shivakumar Buruganahalli, Manuel Nedbal
-
Publication number: 20170302703Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.Type: ApplicationFiled: April 26, 2017Publication date: October 19, 2017Inventors: Shivakumar Buruganahalli, Song Wang
-
Patent number: 9769204Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. The Sinkhole module may implement a proxy mode in which traffic received by the Sinkhole module is transmitted to a destination specified in the traffic but modified to reference the Sinkhole as the source. Events occurring on the BotMagnet and Sinkhole are correlated and used to characterize the malicious code. The characterization may be transmitted to other computer systems in order to detect instances of the malicious code.Type: GrantFiled: August 12, 2014Date of Patent: September 19, 2017Assignee: Attivo Networks Inc.Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
-
Patent number: 9680869Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.Type: GrantFiled: April 17, 2015Date of Patent: June 13, 2017Assignee: McAfee, Inc.Inventors: Shivakumar Buruganahalli, Venu Vissamsetty
-
Patent number: 9680795Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.Type: GrantFiled: June 30, 2016Date of Patent: June 13, 2017Assignee: Palo Alto Networks, Inc.Inventors: Shivakumar Buruganahalli, Song Wang
-
Patent number: 9609019Abstract: A system of client devices and a server system implementing services makes use of credentials to facilitate authentication of the client devices with the server and generates log entries for different accesses to the server system. A monitoring system places credentials and log entries referencing the monitoring system with the credentials and log entries on the client devices without any authentication or actual access attempts by the client devices to the monitoring system. Unauthorized access to the client devices may result in the credentials and log entries to the monitoring system being accessed and used to access the monitoring system. Attempts to exploit the monitoring system using the credentials and log entries is contained within the monitoring system and data is collected to characterize malicious code attempting to exploit the monitoring system. The data is then used to prevent attacks and detect compromised client devices and server systems.Type: GrantFiled: November 20, 2014Date of Patent: March 28, 2017Assignee: ATTIVO NETWORKS INC.Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
-
Publication number: 20170026387Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Dark space in a network (unused IP addresses, unused ports and absent applications, and invalid usernames and passwords) is consumed by a BotSink such that attempts to access Darkspace resources will be directed to the BotSink, which will engage the source host of such attempts.Type: ApplicationFiled: July 21, 2015Publication date: January 26, 2017Inventors: Venu Vissamsetty, Srikant Vissamsetti, Shivakumar Buruganahalli
-
Publication number: 20160359807Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.Type: ApplicationFiled: June 30, 2016Publication date: December 8, 2016Inventors: Shivakumar Buruganahalli, Song Wang
-
Patent number: 9419942Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.Type: GrantFiled: July 25, 2013Date of Patent: August 16, 2016Assignee: Palo Alto Networks, Inc.Inventors: Shivakumar Buruganahalli, Song Wang
-
Publication number: 20160226916Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.Type: ApplicationFiled: December 31, 2015Publication date: August 4, 2016Inventors: Shivakumar Buruganahalli, Manuel Nedbal
-
Patent number: 9356950Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Requests by a user system for a resource at a URL may be received by a firewall, a honey client module may access the URL and permit installation of malicious code or other malicious activities. In response to detecting malicious activities, the honey client module characterizes the malicious activity to generate a descriptor used to detect malicious code in other systems. The URL may also be blacklisted by the firewall.Type: GrantFiled: August 22, 2014Date of Patent: May 31, 2016Assignee: ATTIVO NETWORKS INC.Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
-
Publication number: 20160014152Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.Type: ApplicationFiled: April 17, 2015Publication date: January 14, 2016Inventors: Shivakumar Buruganahalli, Venu Vissamsetty
-
Patent number: 9231976Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.Type: GrantFiled: March 15, 2013Date of Patent: January 5, 2016Assignee: McAfee, Inc.Inventors: Shivakumar Buruganahalli, Manuel Nedbal
-
Publication number: 20150326587Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. The Sinkhole module may implement a proxy mode in which traffic received by the Sinkhole module is transmitted to a destination specified in the traffic but modified to reference the Sinkhole as the source. Events occurring on the BotMagnet and Sinkhole are correlated and used to characterize the malicious code. The characterization may be transmitted to other computer systems in order to detect instances of the malicious code.Type: ApplicationFiled: August 12, 2014Publication date: November 12, 2015Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
-
Publication number: 20150326599Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Requests by a user system for a resource at a URL may be received by a firewall, a honey client module may access the URL and permit installation of malicious code or other malicious activities. In response to detecting malicious activities, the honey client module characterizes the malicious activity to generate a descriptor used to detect malicious code in other systems. The URL may also be blacklisted by the firewall.Type: ApplicationFiled: August 22, 2014Publication date: November 12, 2015Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
-
Publication number: 20150326588Abstract: A system of client devices and a server system implementing services makes use of credentials to facilitate authentication of the client devices with the server and generates log entries for different accesses to the server system. A monitoring system places credentials and log entries referencing the monitoring system with the credentials and log entries on the client devices without any authentication or actual access attempts by the client devices to the monitoring system. Unauthorized access to the client devices may result in the credentials and log entries to the monitoring system being accessed and used to access the monitoring system. Attempts to exploit the monitoring system using the credentials and log entries is contained within the monitoring system and data is collected to characterize malicious code attempting to exploit the monitoring system. The data is then used to prevent attacks and detect compromised client devices and server systems.Type: ApplicationFiled: November 20, 2014Publication date: November 12, 2015Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
-
Patent number: 9172715Abstract: A particular failed connection attempt initiated by a particular source asset in a network is identified and subsequent failed connection attempts initiated by the particular source asset in the network during a time period are tracked. A low frequency sequence of failed connection attempts involving the particular source asset is detected during the time period and the source asset is designated as a potential security risk based on the detected low frequency sequence of failed connection attempts.Type: GrantFiled: October 22, 2013Date of Patent: October 27, 2015Assignee: McAfee, Inc.Inventors: Vinay Mahadik, Bharath Madhusudan, Shivakumar Buruganahalli, Venu Vissamsetty