Patents by Inventor Yonatan Striem Amit

Yonatan Striem Amit has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10417414
    Abstract: A method, computer program product, and apparatus for performing baseline calculations for firewalling in a computer network is disclosed. The method involves defining a reference group for an executed software program, measuring signals in the reference group, measuring signals of the program, computing a distance between the signals of the program and the signals of the reference group, and taking an action if the computed distance deviates from a norm mode. The distance can be computed using a similarity matrix or other method. Measuring the program comprises observing behaviors of the program, collecting and analyzing data, comparing the data to baselines of the reference group, and comparing the behaviors of the program across a previous execution of the program. In cases where a program is known to be malicious, a reference group is not needed and a sandbox can be tailored just by copying the environment of the actual system.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: September 17, 2019
    Assignee: CYBEREASON, INC.
    Inventor: Yonatan Striem-Amit
  • Patent number: 10055579
    Abstract: A method, computer program product, and apparatus for implementing a distributed sandbox is disclosed. The method comprises discovering a machine with sufficient resources to run a virtual machine for a process, starting the process in a virtual machine on the discovered machine, if the virtual machine terminates, discovering another machine with sufficient resources to run a virtual machine for a process, and deciding if the process is benign when the virtual machine is finished. Control of the distributed sandbox is done by utilizing a broadcast network.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: August 21, 2018
    Assignee: Cybereason, Inc.
    Inventor: Yonatan Striem-Amit
  • Patent number: 10043010
    Abstract: Techniques of protecting computers from malware involve migrating processes running applications from a first sandbox to a second sandbox. Along these lines, when a computer being protected from malware receives application code over a network, the computer generates a set of processes that runs the application code on a first machine acting as a sandbox. After the set of processes produce a first output on the first machine, the computer migrates the set of processes to a second machine acting as another sandbox. After the set of processes produces a second output on the second machine, the computer grants or denies access to the application code based the second output. Because migration can occur over the entire lifecycle of an application and migration is difficult to detect, migrating processes running malware makes it more difficult for the malware to evade detection.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: August 7, 2018
    Assignee: CYBEREASON
    Inventor: Yonatan Striem-Amit
  • Patent number: 9832214
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: November 28, 2017
    Assignee: Cybereason Inc.
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Publication number: 20170193222
    Abstract: A method, computer program product, and apparatus for performing baseline calculations for firewalling in a computer network is disclosed. The method involves defining a reference group for an executed software program, measuring signals in the reference group, measuring signals of the program, computing a distance between the signals of the program and the signals of the reference group, and taking an action if the computed distance deviates from a norm mode. The distance can be computed using a similarity matrix or other method. Measuring the program comprises observing behaviors of the program, collecting and analyzing data, comparing the data to baselines of the reference group, and comparing the behaviors of the program across a previous execution of the program. In cases where a program is known to be malicious, a reference group is not needed and a sandbox can be tailored just by copying the environment of the actual system.
    Type: Application
    Filed: December 21, 2016
    Publication date: July 6, 2017
    Inventor: Yonatan Striem-Amit
  • Publication number: 20170193223
    Abstract: A method, computer program product, and apparatus for implementing a distributed sandbox is disclosed. The method comprises discovering a machine with sufficient resources to run a virtual machine for a process, starting the process in a virtual machine on the discovered machine, if the virtual machine terminates, discovering another machine with sufficient resources to run a virtual machine for a process, and deciding if the process is benign when the virtual machine is finished. Control of the distributed sandbox is done by utilizing a broadcast network.
    Type: Application
    Filed: December 30, 2016
    Publication date: July 6, 2017
    Inventor: Yonatan Striem-Amit
  • Publication number: 20170195342
    Abstract: A method, computer program product, system and apparatus for the prevention of RGA and DGA malware over an existing internet service is disclosed. The invention exploits the fact that when malware rapidly attempts to access many contact points, a malware is likely to need several attempts to find a current server. Software is installed on the individual endpoints in a network of internet services. The software monitors the websites or services and collects information about access attempts. The invention detects a series of failed attempts by the malware to access the service/website. These attempts can be accrued by being temporally linked (e.g., many attempts in a short time, many attempts consecutively), conceptually linked (e.g., similar addresses, similar attempts across multiple machines or time scales), higher than normal prevalence or other methods. The invention provides an indication of a malware attempt if enough failed attempts have accrued.
    Type: Application
    Filed: October 18, 2016
    Publication date: July 6, 2017
    Inventors: Uri Sternfeld, Yonatan Striem-Amit
  • Patent number: 9679131
    Abstract: A method and apparatus for intrusion detection, the method comprising: receiving a description of a computerized system, the description comprising two or more entities, one or more attribute for each entity and one or more statistical rule related to relationship between the entities; receiving data related to activity of the computerized system, the data comprising two or more events; grouping the events into two or more groups associated with the entities; comparing the groups in accordance with the statistical rule, to identify a group not complying with any of the statistical rules.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: June 13, 2017
    Assignee: Cybereason Inc.
    Inventor: Yonatan Striem Amit
  • Patent number: 9635040
    Abstract: A computer-implemented method and apparatus for identifying attacks, comprising: receiving information related to a computerized network, the information comprising description of the network and events occurring within the network; processing the events, comprising determining whether additional data is required; responsive to determining that additional information is required, collecting the additional information and processing the additional information; and providing attack information based on the information and on the additional information, wherein the additional information is more resource consuming to obtain or process than the information.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: April 25, 2017
    Assignee: Cybereason Inc.
    Inventor: Yonatan Striem Amit
  • Publication number: 20160359884
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Application
    Filed: August 8, 2016
    Publication date: December 8, 2016
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Patent number: 9413773
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: August 9, 2016
    Assignee: Cybereason Inc.
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Publication number: 20140283026
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Application
    Filed: March 14, 2013
    Publication date: September 18, 2014
    Applicant: CYBEREASON INC
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Publication number: 20140283050
    Abstract: A computer-implemented method and apparatus for identifying attacks, comprising: receiving information related to a computerized network, the information comprising description of the network and events occurring within the network; processing the events, comprising determining whether additional data is required; responsive to determining that additional information is required, collecting the additional information and processing the additional information; and providing attack information based on the information and on the additional information, wherein the additional information is more resource consuming to obtain or process than the information.
    Type: Application
    Filed: March 14, 2013
    Publication date: September 18, 2014
    Applicant: CYBEREASON INC
    Inventor: Yonatan Striem Amit
  • Publication number: 20140215618
    Abstract: A method and apparatus for intrusion detection, the method comprising: receiving a description of a computerized system, the description comprising two or more entities, one or more attribute for each entity and one or more statistical rule related to relationship between the entities; receiving data related to activity of the computerized system, the data comprising two or more events; grouping the events into two or more groups associated with the entities; comparing the groups in accordance with the statistical rule, to identify a group not complying with any of the statistical rules.
    Type: Application
    Filed: March 14, 2013
    Publication date: July 31, 2014
    Applicant: CYBEREASON INC
    Inventor: Yonatan Striem Amit