Patents by Inventor Shivakumar Buruganahalli

Shivakumar Buruganahalli has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10476891
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Dark space in a network (unused IP addresses, unused ports and absent applications, and invalid usernames and passwords) is consumed by a BotSink such that attempts to access Darkspace resources will be directed to the BotSink, which will engage the source host of such attempts.
    Type: Grant
    Filed: July 21, 2015
    Date of Patent: November 12, 2019
    Assignee: ATTIVO NETWORKS INC.
    Inventors: Venu Vissamsetty, Srikant Vissamsetti, Shivakumar Buruganahalli
  • Patent number: 10079838
    Abstract: Technologies for securing communication may include monitoring a secured network connection between a client and a server. The secured network connection may be secured using a symmetric cryptographic key. The technologies may also include detecting a transmission of secured information between the client and the server, copying the transmission, forwarding the transmission to an intended recipient, decrypting the transmission using the symmetric cryptographic key, and determining whether the transmission is indicative of malware.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: September 18, 2018
    Assignee: McAfee, LLC
    Inventor: Shivakumar Buruganahalli
  • Patent number: 10003616
    Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: June 19, 2018
    Assignee: Palo Alto Networks, Inc.
    Inventors: Shivakumar Buruganahalli, Song Wang
  • Patent number: 9838434
    Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: December 5, 2017
    Assignee: McAfee, LLC
    Inventors: Shivakumar Buruganahalli, Manuel Nedbal
  • Publication number: 20170302703
    Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.
    Type: Application
    Filed: April 26, 2017
    Publication date: October 19, 2017
    Inventors: Shivakumar Buruganahalli, Song Wang
  • Patent number: 9769204
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. The Sinkhole module may implement a proxy mode in which traffic received by the Sinkhole module is transmitted to a destination specified in the traffic but modified to reference the Sinkhole as the source. Events occurring on the BotMagnet and Sinkhole are correlated and used to characterize the malicious code. The characterization may be transmitted to other computer systems in order to detect instances of the malicious code.
    Type: Grant
    Filed: August 12, 2014
    Date of Patent: September 19, 2017
    Assignee: Attivo Networks Inc.
    Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
  • Patent number: 9680869
    Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: June 13, 2017
    Assignee: McAfee, Inc.
    Inventors: Shivakumar Buruganahalli, Venu Vissamsetty
  • Patent number: 9680795
    Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: June 13, 2017
    Assignee: Palo Alto Networks, Inc.
    Inventors: Shivakumar Buruganahalli, Song Wang
  • Patent number: 9609019
    Abstract: A system of client devices and a server system implementing services makes use of credentials to facilitate authentication of the client devices with the server and generates log entries for different accesses to the server system. A monitoring system places credentials and log entries referencing the monitoring system with the credentials and log entries on the client devices without any authentication or actual access attempts by the client devices to the monitoring system. Unauthorized access to the client devices may result in the credentials and log entries to the monitoring system being accessed and used to access the monitoring system. Attempts to exploit the monitoring system using the credentials and log entries is contained within the monitoring system and data is collected to characterize malicious code attempting to exploit the monitoring system. The data is then used to prevent attacks and detect compromised client devices and server systems.
    Type: Grant
    Filed: November 20, 2014
    Date of Patent: March 28, 2017
    Assignee: ATTIVO NETWORKS INC.
    Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
  • Publication number: 20170026387
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Dark space in a network (unused IP addresses, unused ports and absent applications, and invalid usernames and passwords) is consumed by a BotSink such that attempts to access Darkspace resources will be directed to the BotSink, which will engage the source host of such attempts.
    Type: Application
    Filed: July 21, 2015
    Publication date: January 26, 2017
    Inventors: Venu Vissamsetty, Srikant Vissamsetti, Shivakumar Buruganahalli
  • Publication number: 20160359807
    Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.
    Type: Application
    Filed: June 30, 2016
    Publication date: December 8, 2016
    Inventors: Shivakumar Buruganahalli, Song Wang
  • Patent number: 9419942
    Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.
    Type: Grant
    Filed: July 25, 2013
    Date of Patent: August 16, 2016
    Assignee: Palo Alto Networks, Inc.
    Inventors: Shivakumar Buruganahalli, Song Wang
  • Publication number: 20160226916
    Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.
    Type: Application
    Filed: December 31, 2015
    Publication date: August 4, 2016
    Inventors: Shivakumar Buruganahalli, Manuel Nedbal
  • Patent number: 9356950
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Requests by a user system for a resource at a URL may be received by a firewall, a honey client module may access the URL and permit installation of malicious code or other malicious activities. In response to detecting malicious activities, the honey client module characterizes the malicious activity to generate a descriptor used to detect malicious code in other systems. The URL may also be blacklisted by the firewall.
    Type: Grant
    Filed: August 22, 2014
    Date of Patent: May 31, 2016
    Assignee: ATTIVO NETWORKS INC.
    Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
  • Publication number: 20160014152
    Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.
    Type: Application
    Filed: April 17, 2015
    Publication date: January 14, 2016
    Inventors: Shivakumar Buruganahalli, Venu Vissamsetty
  • Patent number: 9231976
    Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: January 5, 2016
    Assignee: McAfee, Inc.
    Inventors: Shivakumar Buruganahalli, Manuel Nedbal
  • Publication number: 20150326587
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. The Sinkhole module may implement a proxy mode in which traffic received by the Sinkhole module is transmitted to a destination specified in the traffic but modified to reference the Sinkhole as the source. Events occurring on the BotMagnet and Sinkhole are correlated and used to characterize the malicious code. The characterization may be transmitted to other computer systems in order to detect instances of the malicious code.
    Type: Application
    Filed: August 12, 2014
    Publication date: November 12, 2015
    Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
  • Publication number: 20150326599
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Requests by a user system for a resource at a URL may be received by a firewall, a honey client module may access the URL and permit installation of malicious code or other malicious activities. In response to detecting malicious activities, the honey client module characterizes the malicious activity to generate a descriptor used to detect malicious code in other systems. The URL may also be blacklisted by the firewall.
    Type: Application
    Filed: August 22, 2014
    Publication date: November 12, 2015
    Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
  • Publication number: 20150326588
    Abstract: A system of client devices and a server system implementing services makes use of credentials to facilitate authentication of the client devices with the server and generates log entries for different accesses to the server system. A monitoring system places credentials and log entries referencing the monitoring system with the credentials and log entries on the client devices without any authentication or actual access attempts by the client devices to the monitoring system. Unauthorized access to the client devices may result in the credentials and log entries to the monitoring system being accessed and used to access the monitoring system. Attempts to exploit the monitoring system using the credentials and log entries is contained within the monitoring system and data is collected to characterize malicious code attempting to exploit the monitoring system. The data is then used to prevent attacks and detect compromised client devices and server systems.
    Type: Application
    Filed: November 20, 2014
    Publication date: November 12, 2015
    Inventors: Venu Vissamsetty, Shivakumar Buruganahalli
  • Patent number: 9172715
    Abstract: A particular failed connection attempt initiated by a particular source asset in a network is identified and subsequent failed connection attempts initiated by the particular source asset in the network during a time period are tracked. A low frequency sequence of failed connection attempts involving the particular source asset is detected during the time period and the source asset is designated as a potential security risk based on the detected low frequency sequence of failed connection attempts.
    Type: Grant
    Filed: October 22, 2013
    Date of Patent: October 27, 2015
    Assignee: McAfee, Inc.
    Inventors: Vinay Mahadik, Bharath Madhusudan, Shivakumar Buruganahalli, Venu Vissamsetty