Patents by Inventor Yigal Edery

Yigal Edery has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9043869
    Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.
    Type: Grant
    Filed: August 14, 2013
    Date of Patent: May 26, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anil Francis Thomas, Michael Kramer, Mihai Costea, Efim Hudis, Pradeep Bahl, Rajesh K. Dadhia, Yigal Edery
  • Patent number: 8910268
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Grant
    Filed: August 14, 2008
    Date of Patent: December 9, 2014
    Assignee: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Patent number: 8881223
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Grant
    Filed: August 14, 2008
    Date of Patent: November 4, 2014
    Assignee: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Patent number: 8732797
    Abstract: Architecture that addresses security concerns while still providing transparent user experience with ability to perform tasks. When a user machine is considered incompliant or compromised due to, for example, a suspected infection, the user machine can be blocked from further access to a network or other computing hosts until the incompliance is resolved. A notification is presented that indicates the nature of the problem, and a way to access an automatically configured isolated environment via which to continue working. The user can be automatically routed to use the alternative isolated environment for temporary access to network resources. Once the user finishes activities in the isolated environment, the system hosting the isolated environment is reverted back to a known good state.
    Type: Grant
    Filed: August 31, 2010
    Date of Patent: May 20, 2014
    Assignee: Microsoft Corporation
    Inventors: Vladimir Holostov, Yigal Edery, Yair Geva
  • Patent number: 8726334
    Abstract: Architecture that provides model-based systems management in virtualized and non-virtualized environments. A security component provides security models which define security requirements for services. A management component applies one or more of the security models during the lifecycle of virtual machines and services. The lifecycle can include initial deployment, expansion, moving servers, monitoring, and reporting. The architecture creates a formal description model of how a virtual machine or a service (composition of multiple virtual machines) is secured. The security requirements information can also be fed back to the general management system which uses this information in its own activities such as to guide the placement of workloads on servers can be security related.
    Type: Grant
    Filed: December 9, 2009
    Date of Patent: May 13, 2014
    Assignee: Microsoft Corporation
    Inventors: John Neystadt, Yigal Edery, Yan Belinky, Anders B Vinberg, Dennis Scott Batchelder, Shimon Yannay
  • Patent number: 8707439
    Abstract: Methods, systems, and computer-readable media are disclosed for selecting a set of security offerings. A particular method includes receiving a security need profile associated with a computing environment and receiving security offering information related to a plurality of security offerings. The security offerings of the plurality of security offerings are evaluated with respect to the security need profile. A set of security offerings from the plurality of security offerings are automatically selected.
    Type: Grant
    Filed: December 19, 2008
    Date of Patent: April 22, 2014
    Assignee: Microsoft Corporation
    Inventors: Vladimir Holostov, Yigal Edery, David B. Cross
  • Publication number: 20130332988
    Abstract: Techniques for aggregating a knowledge base of a plurality of security services or other event collection systems to protect a computer from malware are provided. In embodiments, a computer is protected from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware. A determination is made as to whether a combination of the suspicious events is indicative of malware. If the combination of suspicious events is indicative of malware, a restrictive security policy designed to prevent the spread of malware is implemented.
    Type: Application
    Filed: August 14, 2013
    Publication date: December 12, 2013
    Inventors: Anil Francis Thomas, Michael Kramer, Mihai Costea, Efim Hudis, Pradeep Bahl, Rajesh K. Dadhia, Yigal Edery
  • Patent number: 8516583
    Abstract: In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: August 20, 2013
    Assignee: Microsoft Corporation
    Inventors: Anil Francis Thomas, Michael Kramer, Mihai Costea, Efim Hudis, Pradeep Bahl, Rajesh K Dadhia, Yigal Edery
  • Patent number: 8296178
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Grant
    Filed: August 14, 2008
    Date of Patent: October 23, 2012
    Assignee: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Patent number: 8255999
    Abstract: A client device transmits requests via a gateway to a server in a network environment. The requests indicate specific portions of a file on a server to be transmitted as part of the download process. The gateway receives into its memory the requested portions of the file and assembles the received portions into an assembly file. The gateway continuously scans the largest contiguous sequence of the portions in the assembly file for viruses while the requested portions of the file are being received and become available before feeding the received portions to the client computer. By scanning the largest consecutive sequence while new portions become available, the time to complete the scan is reduced thereby increasing the throughput of the gateway.
    Type: Grant
    Filed: May 24, 2007
    Date of Patent: August 28, 2012
    Assignee: Microsoft Corporation
    Inventors: Vladimir Holostov, Yigal Edery
  • Publication number: 20120054829
    Abstract: Architecture that addresses security concerns while still providing transparent user experience with ability to perform tasks. When a user machine is considered incompliant or compromised due to, for example, a suspected infection, the user machine can be blocked from further access to a network or other computing hosts until the incompliance is resolved. A notification is presented that indicates the nature of the problem, and a way to access an automatically configured isolated environment via which to continue working. The user can be automatically routed to use the alternative isolated environment for temporary access to network resources. Once the user finishes activities in the isolated environment, the system hosting the isolated environment is reverted back to a known good state.
    Type: Application
    Filed: August 31, 2010
    Publication date: March 1, 2012
    Applicant: Microsoft Corporation
    Inventors: Vladimir Holostov, Yigal Edery, Yair Geva
  • Publication number: 20110276621
    Abstract: A system for executing a virtual application may use a virtualized operating system to execute an application. The application may be delivered to a host device through streaming, either to a streaming client in the virtual operating system or as a package that may include the virtualized operating system. The virtualized operating system may have a user interface connection to a host operating system to make the virtual application appear as a native application in the host operating system.
    Type: Application
    Filed: May 5, 2010
    Publication date: November 10, 2011
    Applicant: Microsoft Corporation
    Inventors: Yigal Edery, Lidiane Souza
  • Publication number: 20110138441
    Abstract: Architecture that provides model-based systems management in virtualized and non-virtualized environments. A security component provides security models which define security requirements for services. A management component applies one or more of the security models during the lifecycle of virtual machines and services. The lifecycle can include initial deployment, expansion, moving servers, monitoring, and reporting. The architecture creates a formal description model of how a virtual machine or a service (composition of multiple virtual machines) is secured. The security requirements information can also be fed back to the general management system which uses this information in its own activities such as to guide the placement of workloads on servers can be security related.
    Type: Application
    Filed: December 9, 2009
    Publication date: June 9, 2011
    Applicant: Microsoft Corporation
    Inventors: John Neystadt, Yigal Edery, Yan Belinky, Anders B. Vinberg, Dennis Scott Batchelder, Shimon Yannay
  • Patent number: 7844700
    Abstract: In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: November 30, 2010
    Assignee: Microsoft Corporation
    Inventors: Adrian M Marinescu, Marc E Seinfeld, Michael Kramer, Yigal Edery
  • Publication number: 20100162346
    Abstract: Methods, systems, and computer-readable media are disclosed for selecting a set of security offerings. A particular method includes receiving a security need profile associated with a computing environment and receiving security offering information related to a plurality of security offerings. The security offerings of the plurality of security offerings are evaluated with respect to the security need profile. A set of security offerings from the plurality of security offerings are automatically selected.
    Type: Application
    Filed: December 19, 2008
    Publication date: June 24, 2010
    Applicant: Microsoft Corporation
    Inventors: Vladimir Holostov, Yigal Edery, David B. Cross
  • Publication number: 20100011432
    Abstract: A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs.
    Type: Application
    Filed: November 24, 2008
    Publication date: January 14, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: Yigal Edery, Nir Nice, David B. Cross
  • Publication number: 20090177514
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Application
    Filed: August 14, 2008
    Publication date: July 9, 2009
    Applicant: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Publication number: 20090178108
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Application
    Filed: August 14, 2008
    Publication date: July 9, 2009
    Applicant: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Publication number: 20090178132
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Application
    Filed: August 14, 2008
    Publication date: July 9, 2009
    Applicant: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Publication number: 20090178131
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Application
    Filed: June 29, 2008
    Publication date: July 9, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, Nir Nice, John F. Wohlfert