Patents by Inventor Yair Helman
Yair Helman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9536087Abstract: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.Type: GrantFiled: August 1, 2015Date of Patent: January 3, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Shai A. Rubin, Yosef Dinerstein, Efim Hudis, Yair Helman, Uri Barash, Arie Friedman
-
Publication number: 20150350230Abstract: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.Type: ApplicationFiled: August 1, 2015Publication date: December 3, 2015Inventors: Shai A. Rubin, Yosef Dinerstein, Efim Hudis, Yair Helman, Uri Barash, Arie Friedman
-
Patent number: 9098702Abstract: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.Type: GrantFiled: July 15, 2013Date of Patent: August 4, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Shai A. Rubin, Yosef Dinerstein, Efim Hudis, Yair Helman, Uri Barash, Arie Friedman
-
Patent number: 8990947Abstract: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.Type: GrantFiled: June 18, 2008Date of Patent: March 24, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Efim Hudis, Eyal Zangi, Moshe Sapir, Tomer Weisberg, Yair Helman, Shai Aharon Rubin, Yosef Dinerstein, Lior Arzi
-
Patent number: 8959568Abstract: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Its tentative nature is reflected in two of its components: a fidelity field used to express the level of confidence in the assessment, and a time-to-live field for an estimated time period for which the assessment is valid. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to security threats.Type: GrantFiled: March 14, 2007Date of Patent: February 17, 2015Assignee: Microsoft CorporationInventors: Efim Hudis, Yair Helman, Joseph Malka, Uri Barash
-
Patent number: 8955105Abstract: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption.Type: GrantFiled: March 14, 2007Date of Patent: February 10, 2015Assignee: Microsoft CorporationInventors: Efim Hudis, Yair Helman, Joseph Malka, Uri Barash
-
Patent number: 8839419Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.Type: GrantFiled: April 5, 2008Date of Patent: September 16, 2014Assignee: Microsoft CorporationInventors: Efim Hudis, Yair Helman, Tomer Weisberg, Oren Yossef, Ziv Rafalovich
-
Patent number: 8689335Abstract: Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint publishes a security assessment when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”. ESAS is configured with the capabilities to map between objects, including users and machines in the enterprise network, so that security assessments applicable to one object domain can be used to generate security assessments in another object domain.Type: GrantFiled: June 25, 2008Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Yair Helman, Efim Hudis, Lior Arzi
-
Publication number: 20130305374Abstract: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.Type: ApplicationFiled: July 15, 2013Publication date: November 14, 2013Inventors: Shai A. Rubin, Yosef Dinerstein, Efim Hudis, Yair Helman, Uri Barash, Arie Friedman
-
Patent number: 8490187Abstract: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.Type: GrantFiled: March 20, 2009Date of Patent: July 16, 2013Assignee: Microsoft CorporationInventors: Shai A. Rubin, Yosef Dinerstein, Efim Hudis, Yair Helman, Uri Barash, Arie Friedman
-
Patent number: 8424094Abstract: An automated collection of forensic evidence associated with a security incident is provided by an arrangement in which different security products called endpoints in an enterprise network are enabled for sharing security-related information over a common communication channel using an abstraction called a security assessment. A security assessment is generally configured to indicate an endpoint's understanding of a detected security incident that pertains to an object in the environment which may include users, computers, IP addresses, and website URIs (Universal Resource Identifiers). The security assessment is published by the endpoint into the channel and received by subscribing endpoints. The security assessment triggers the receiving endpoints to go into a more comprehensive or detailed mode of evidence collection.Type: GrantFiled: June 30, 2007Date of Patent: April 16, 2013Assignee: Microsoft CorporationInventors: John Neystadt, Efim Hudis, Yair Helman, Alexandra Faynburd
-
Patent number: 8413247Abstract: Endpoints in an enterprise security environment are configured to adaptively switch from their normal data collection mode to a long-term, detailed data collection mode where advanced analyses are applied to the collected detailed data. Such adaptive data collection and analysis is triggered upon the receipt of a security assessment of a particular type, where a security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information (i.e., data in some context) that is collected about an object of interest. A specialized endpoint is coupled to the security assessment channel and performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to detected security incidents in the environment. The specialized endpoint is arranged to perform various analyses and processes on historical security assessments.Type: GrantFiled: March 14, 2007Date of Patent: April 2, 2013Assignee: Microsoft CorporationInventors: Efim Hudis, Yair Helman, Joseph Malka, Uri Barash
-
Patent number: 8402546Abstract: Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.Type: GrantFiled: November 19, 2008Date of Patent: March 19, 2013Assignee: Microsoft CorporationInventors: Adar Greenshpon, Ron Karidi, Yair Helman, Shai Aharon Rubin
-
Patent number: 8136164Abstract: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to received security assessments. Manual operations are supported by the specialized endpoint including manual approval of actions, security assessment cancellation, and manual injection of security assessments into the security assessment channel.Type: GrantFiled: February 27, 2008Date of Patent: March 13, 2012Assignee: Microsoft CorporationInventors: Yair Helman, Efim Hudis
-
Patent number: 7882542Abstract: Compromised host computers in an enterprise network environment comprising a plurality of security products called endpoints are detected in an automated manner by an arrangement in which a reputation service provides updates to identify resources including website URIs (Universal Resource Identifiers) and IP addresses (collectively “resources”) whose reputations have changed and represent potential threats or adversaries to the enterprise network. Responsively to the updates, a malware analyzer, which can be configured as a standalone endpoint, or incorporated into an endpoint having anti-virus/malware detection capability, or incorporated into the reputation service, will analyze logs maintained by another endpoint (typically a firewall, router, proxy server, or gateway) to identify, in a retroactive manner over some predetermined time window, those client computers in the environment that had any past communications with a resource that is newly categorized by the reputation service as malicious.Type: GrantFiled: June 30, 2007Date of Patent: February 1, 2011Assignee: Microsoft CorporationInventors: John Neystadt, Efim Hudis, Yair Helman, Alexandra Faynburd
-
Publication number: 20100241974Abstract: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.Type: ApplicationFiled: March 20, 2009Publication date: September 23, 2010Applicant: MICROSOFT CORPORATIONInventors: Shai A. Rubin, Yosef Dinerstein, Efim Hudis, Yair Helman, Uri Barash, Arie Friedman
-
Publication number: 20100125912Abstract: Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.Type: ApplicationFiled: November 19, 2008Publication date: May 20, 2010Applicant: MICROSOFT CORPORATIONInventors: Adar Greenshpon, Ron Karidi, Yair Helman, Shai Aharon Rubin
-
Publication number: 20100031354Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.Type: ApplicationFiled: April 5, 2008Publication date: February 4, 2010Applicant: MICROSOFT CORPORATIONInventors: Efim Hudis, Yair Helman, Tomer Weisberg, Oren Yossef, Ziv Rafalovich
-
Publication number: 20090328222Abstract: Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint will generate a tentative assignment of contextual meaning called a security assessment that is published when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”.Type: ApplicationFiled: June 25, 2008Publication date: December 31, 2009Applicant: MICROSOFT CORPORATIONInventors: Yair Helman, Efim Hudis, Lior Arzi
-
Publication number: 20090217381Abstract: An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to received security assessments. Manual operations are supported by the specialized endpoint including manual approval of actions, security assessment cancellation, and manual injection of security assessments into the security assessment channel.Type: ApplicationFiled: February 27, 2008Publication date: August 27, 2009Applicant: MICROSOFT CORPORATIONInventors: Yair Helman, Efim Hudis