Patents by Inventor Taylor Ettema
Taylor Ettema has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230208809Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: February 23, 2023Publication date: June 29, 2023Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 11616761Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: December 23, 2020Date of Patent: March 28, 2023Assignee: Palo Alto Networks, Inc.Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 11128656Abstract: Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.Type: GrantFiled: February 22, 2019Date of Patent: September 21, 2021Assignee: Palo Alto Networks, Inc.Inventors: Huagang Xie, Taylor Ettema
-
Patent number: 10992704Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.Type: GrantFiled: November 27, 2019Date of Patent: April 27, 2021Assignee: Palo Alto Networks, Inc.Inventors: Taylor Ettema, Huagang Xie
-
Publication number: 20210119969Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: December 23, 2020Publication date: April 22, 2021Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 10931637Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: September 15, 2017Date of Patent: February 23, 2021Assignee: Palo Alto Networks, Inc.Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 10855656Abstract: Techniques for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation are disclosed. In some embodiments, a system/process/computer program product for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process identification information identifies a process that is initiating a network session from the EP device on the enterprise network; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: GrantFiled: September 15, 2017Date of Patent: December 1, 2020Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Robert Tesh, Xuanyu Jin, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Publication number: 20200099700Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.Type: ApplicationFiled: November 27, 2019Publication date: March 26, 2020Inventors: Taylor Ettema, Huagang Xie
-
Patent number: 10530810Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.Type: GrantFiled: November 2, 2017Date of Patent: January 7, 2020Assignee: Palo Alto Networks, Inc.Inventors: Taylor Ettema, Huagang Xie
-
Patent number: 10425387Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: GrantFiled: April 4, 2018Date of Patent: September 24, 2019Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Integrating a honey network with a target network to counter IP and peer-checking evasion techniques
Patent number: 10404661Abstract: Techniques for integrating a honey network with a target network environment (e.g., an enterprise network) to counter IP and peer-checking evasion techniques are disclosed. In some embodiments, a system for integrating a honey network with a target network environment includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an external network communication from the virtual clone for the target device in the honey network to an external device through the target network environment.Type: GrantFiled: July 9, 2018Date of Patent: September 3, 2019Assignee: Palo Alto Networks, Inc.Inventors: Taylor Ettema, Huagang Xie -
Publication number: 20190190948Abstract: Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.Type: ApplicationFiled: February 22, 2019Publication date: June 20, 2019Inventors: Huagang Xie, Taylor Ettema
-
Patent number: 10298610Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: GrantFiled: July 9, 2018Date of Patent: May 21, 2019Assignee: Palo Alto Networks, Inc.Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Patent number: 10257221Abstract: Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.Type: GrantFiled: March 18, 2016Date of Patent: April 9, 2019Assignee: Palo Alto Networks, Inc.Inventors: Huagang Xie, Taylor Ettema
-
Publication number: 20190089677Abstract: Techniques for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation are disclosed. In some embodiments, a system/process/computer program product for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process identification information identifies a process that is initiating a network session from the EP device on the enterprise network; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: September 15, 2017Publication date: March 21, 2019Inventors: Robert Earle Ashley, Ho Yu Lam, Robert Tesh, Xuanyu Jin, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Publication number: 20190089678Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.Type: ApplicationFiled: September 15, 2017Publication date: March 21, 2019Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
-
Patent number: 10230689Abstract: Techniques for bridging a honey network to a suspicious device in a network (e.g., an enterprise network) are disclosed. In some embodiments, a system for bridging a honey network to a suspicious device in an enterprise network includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an internal network communication from a suspicious device in the target network environment to the virtual clone for the target device in the honey network.Type: GrantFiled: November 2, 2017Date of Patent: March 12, 2019Assignee: Palo Alto Networks, Inc.Inventors: Taylor Ettema, Huagang Xie
-
INTEGRATING A HONEY NETWORK WITH A TARGET NETWORK TO COUNTER IP AND PEER-CHECKING EVASION TECHNIQUES
Publication number: 20180332005Abstract: Techniques for integrating a honey network with a target network environment (e.g., an enterprise network) to counter IP and peer-checking evasion techniques are disclosed. In some embodiments, a system for integrating a honey network with a target network environment includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an external network communication from the virtual clone for the target device in the honey network to an external device through the target network environment.Type: ApplicationFiled: July 9, 2018Publication date: November 15, 2018Inventors: Taylor Ettema, Huagang Xie -
Publication number: 20180332079Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.Type: ApplicationFiled: July 9, 2018Publication date: November 15, 2018Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
-
Publication number: 20180309721Abstract: Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.Type: ApplicationFiled: April 4, 2018Publication date: October 25, 2018Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh