Vulnerability Assessment Patents (Class 726/25)
  • Patent number: 11070579
    Abstract: An inventory of Internet-facing assets related to a target domain is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about domains, sub-domains, and components that are owned, managed, and/or controlled by a target entity. A confidence score of ownership is generated based on a recursive rule engine. A visual representation of the inventory of Internet-facing assets is generated in a graphical user interface.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: July 20, 2021
    Assignee: RiskIQ, Inc.
    Inventors: Chris Kiernan, Elias Manousos, Brandon Dixon, Andrew Kant, Jonas Edgeworth, Sunder Srinivasan, Brian Zak, Adam Hunt, Beckie Neumann, Jonathan Matkowsky
  • Patent number: 11068243
    Abstract: An example method includes creating a builder image on a node. The builder image is based on an application, a combination of application dependencies of the application, and a set of node features of the node. The method also includes determining a set of optimized libraries corresponding to the combination of application dependencies and to the node. The method further includes creating, based on the builder image and the set of optimized libraries, an application runtime container. The method also includes running the application and the set of optimized libraries in the application runtime container.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: July 20, 2021
    Assignee: RED HAT, INC.
    Inventors: Subin Modeel, Christoph Goern, Fridolin Pokorny, Daniel Riek
  • Patent number: 11070587
    Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.
    Type: Grant
    Filed: January 23, 2020
    Date of Patent: July 20, 2021
    Assignee: KnowBe4, Inc.
    Inventors: Alin Irimie, Greg Kras, David Austin, Benjamin Dalton
  • Patent number: 11061548
    Abstract: An information technology (IT) and security operations application is described that stores data reflecting customizations that users make to GUIs displaying information about various types of incidents, and further uses such data to generate “popular” interface profiles indicating popular GUI modifications. The analysis of the GUI customizations data is performed using data associated with multiple tenants of the IT and security operations application to develop profiles that may represent a general consensus on a collection and arrangement of interface elements that enable analysts to efficiently respond to certain types of incidents. Users of the IT and security operations application can then optionally apply these popular interface profiles to various GUIs during their use of the application.
    Type: Grant
    Filed: October 18, 2019
    Date of Patent: July 13, 2021
    Assignee: Splunk Inc.
    Inventors: Timur Catakli, Sourabh Satish
  • Patent number: 11057416
    Abstract: Example embodiments disclosed herein relate to analyze code of a web application associated with a framework. The code is loaded. Data objects of the framework that are used by the code are modeled using local parameters with explicit control flow. The code is analyzed to identify at least one vulnerability by analyzing one or more execution paths of the code using the explicit control flow.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: July 6, 2021
    Assignee: Micro Focus LLC
    Inventor: Lu Zhao
  • Patent number: 11057424
    Abstract: Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.
    Type: Grant
    Filed: July 19, 2019
    Date of Patent: July 6, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yosef Dinerstein, Oren Yossef, Tomer Weisberg, Assaf Akrabi, Tomer Rotstein
  • Patent number: 11057418
    Abstract: Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: July 6, 2021
    Assignee: International Business Machines Corporation
    Inventors: Steven Ocepek, Nevenko Zunic, Tamer Aboualy, Johnny A. Shaieb
  • Patent number: 11057402
    Abstract: An n-tiering security threat inference and correlation apparatus (100) for monitoring and anticipating cyber attacks is disclosed. The apparatus comprises a plurality of groups of inference-correlation systems (106(a, b)-114(a, b)), each group arranged with at least one inference system and at least one associated correlation system configured to monitor at least one network; and an input/output (I/O) system (102) configured to receive security events, and broadcast the received security events to the plurality of groups of inference-correlation systems; wherein the respective groups of inference-correlation systems are configured to process only the broadcasted security events relevant to the respective networks to identify the cyber attacks. A method of operating the apparatus is also disclosed.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: July 6, 2021
    Assignee: Certis CISCO Security Pte Ltd
    Inventor: Albert Keng Leng Lim
  • Patent number: 11057417
    Abstract: A system includes a memory to store network-related security policies and procedures associated with an enterprise, a display and at least one device. The device is configured to monitor enterprise activity associated the enterprise's networked and determine, based on the enterprise activity, whether the enterprise is complying with the security policies and procedures. The device is also configured to calculate a risk exposure metric for an asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures, and output, to the display, a graphical user interface (GUI) identifying the risk exposure metric. The device may also be configured to receive, via the GUI, an input to initiate a change with respect to at least one of the enterprise's networked devices or initiate the generation of a plan to make a change to at least one of the networked devices.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: July 6, 2021
    Inventor: Ido Ganor
  • Patent number: 11050748
    Abstract: Systems and methods are provided for providing web-based authentication for non-web based clients. The systems and methods include receiving, from a non-web based client, a request to connect to a target resource and invoking a web navigation application. The web navigation application can execute remotely from the client on a server and a display of the web navigation application can be provided to the non-web based client. The web navigation application can be directed to an identity provider an can receive, from the client, in response to the display of the web navigation application, authentication information. The web navigation application can receive, from the identity provider, a result of an authentication of the client based on the authentication information. Whether to permit the requested connection to the target resource can then be determined based on the result of the authentication of the client.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: June 29, 2021
    Assignee: CyberArk Software Ltd.
    Inventors: Elad Shtivi, Shlomi Benita, Yaron Nisimov
  • Patent number: 11050791
    Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The offline restriction policy comprises one or more rules that are associated with one or more actions. The system can cause the one or more actions to be performed during an offline period of time in an instance in which one of the rules is satisfied. The offline period of time representing time periods when the system does not have a network connection with a management system. The system can cause a first authentication action to be performed in an instance in which a first condition of the system satisfies a first rule. The system can also cause a second authentication action to be performed in an instance in which a second condition of the system satisfies a second rule.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: June 29, 2021
    Assignee: VMware, Inc.
    Inventors: Eugene Liderman, Stephen Turner, Simon Brooks
  • Patent number: 11048803
    Abstract: A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.
    Type: Grant
    Filed: May 8, 2019
    Date of Patent: June 29, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jason A. Nikolai, Steven Ocepek, Johnny Al Shaieb
  • Patent number: 11050777
    Abstract: A technology solution for remediating a cyberattack risk for a web application, including receiving device engagement data for the web application, receiving a security scanning analysis from a static application security testing (SAST) tool that includes a security flaw found in the web application and a severity level for the security flaw, and a plurality of other security flaws found in one or more other web applications and severity levels associated with each of the plurality of other security flaws.
    Type: Grant
    Filed: November 20, 2018
    Date of Patent: June 29, 2021
    Assignee: Saudi Arabian Oil Company
    Inventor: Sultan Saadaldean Alsharif
  • Patent number: 11049116
    Abstract: A system and method for automated anomaly detection in automated disposal decisions of an automated decisioning workflow includes collecting a time-series of automated disposal decision data for a current period from an automated decisioning workflow, wherein the automated decisioning workflow computes one of a plurality of distinct disposal decisions for each distinct input comprising subject online event data and a machine learning-based threat score computed for the subject online event data; selecting an anomaly detection algorithm from a plurality of distinct anomaly detection algorithms based on a type of online abuse or online fraud that the automated decisioning workflow is configured to evaluate; evaluating, using the selected anomaly detection algorithm, the time-series of automated decision data for the current period; computing whether anomalies exist in the time-series of automated disposal decision data for the current period based on the evaluation; and generating an anomaly alert based on the
    Type: Grant
    Filed: February 12, 2021
    Date of Patent: June 29, 2021
    Assignee: Sift Science, Inc.
    Inventors: Kostyantyn Gurnov, Vera Dadok, Duy Tran, Arjun Krishnaiah, Hui Wang, Yuan Zhuang, Wei Liu
  • Patent number: 11044261
    Abstract: Techniques are provided for detecting compromised credentials in a credential stuffing attack. A set model is trained based on a first set of spilled credentials. The set model does not comprise any credential of the first set of spilled credentials. A first request is received from a client computer with a first candidate credential to login to a server computer. The first candidate credential is tested for membership in the first set of spilled credentials using the set model. In response to determining the first set of spilled credentials includes the first candidate credential using the set model, one or more negative actions is performed.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: June 22, 2021
    Assignee: SHAPE SECURITY, INC.
    Inventors: Daniel G Moen, Carl Schroeder
  • Patent number: 11042634
    Abstract: According to an aspect of an embodiment, a method of determining information leakage of a computer-readable program may include obtaining a first component of the computer-readable program. The first component may have a first information leakage that may be unknown. The first component may be comprised of a second component and a third component. The method may also include obtaining a second information leakage of the second component. The method may also include obtaining a third information leakage of the third component. The method may also include determining a relationship between the second component and the third component relative to the first component. The method may also include determining the first information leakage based on the second information leakage, the third information leakage, and the relationship.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: June 22, 2021
    Assignee: FUJITSU LIMITED
    Inventors: Avradip Mandal, Arnab Roy, Hart Montgomery, John C. Mitchell
  • Patent number: 11036865
    Abstract: Systems, methods and computer readable mediums for determining a risk rating for software vulnerabilities of host devices and services on an enterprise network are discussed. Risk-rating systems and methods prioritize cyber defense resources utilizing both network-independent and network-specific approaches.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: June 15, 2021
    Assignee: Massachusetts Institute of Technology
    Inventors: Pierre C. Trepagnier, Dennis Ross, Allan Wollaber
  • Patent number: 11038896
    Abstract: Systems and related methods for providing greater security and control over access to protected or classified resources, files and documents and other forms of sensitive information based upon an initial adaptive selection of multiple modalities for authentication in different operating environments, with subsequent multi-user permission strategy centering on organizational structure. The system calculates trustworthiness values of different authentication factors under various environmental settings, and combines a trust-based adaptive, robust and scalable software-hardware framework for the selection of authentication factors for continuous and triggered authentication with optimal algorithms to determine the security parameters of each of the authentication factors. A subset of authentication factors thus are determined for application at triggering events on-the-fly, thereby leaving no exploitable a priori pattern or clue for hackers to exploit.
    Type: Grant
    Filed: April 18, 2019
    Date of Patent: June 15, 2021
    Inventors: Dipankar Dasgupta, Arunava Roy, Debasis Ghosh, Abhijit Kumar Nag
  • Patent number: 11038919
    Abstract: Disclosed herein are methods, systems, and processes for provisioning and deploying deception computing systems with dynamic and flexible personalities. A network connection is received from a source Internet Protocol (IP) address at a honeypot. In response to receiving the network connection, a personality state table is accessed and a determination is made as to whether a personality that corresponds to the source IP address exists in the personality state table. If the personality exists, the personality is designated to the source IP address. If the personality does not exist, an attack characteristic of the network connection is determined and an alternate personality that is substantially similar to the attack characteristic is designated to the source IP address.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: June 15, 2021
    Assignee: Rapid7, Inc.
    Inventor: Thomas Eugene Sellers
  • Patent number: 11038743
    Abstract: Systems, methods, and computer-readable media for clustering events occurring in a network environment for providing network assurance. In one embodiment, a system can identify event states of network events defined by values of parameters of a network environment. The system can determine a confidence score that at least one of the values of parameters is associated with a specific event state using the network events and the identified event states of the network events. The confidence score can be presented to a user for purposes of providing network assurance for the network environment.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: June 15, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Shadab Nazar, Azeem Suleman, Ayas Pani
  • Patent number: 11036889
    Abstract: A computer program product is provided for auditing data in object storage. The computer program product comprises a computer readable storage medium having program instructions embodied therewith. The program instructions executable by a processor to cause the processor to: send, by the processor, an object to an object storage system. A directive to audit the object is also sent to the object storage system by the processor. Furthermore, one or more additional directives are sent to the object storage system by the processor. Each of the one or more additional directives are independently selected from the group consisting of: a feedback directive to obtain feedback regarding a progress and/or a status of the audit; and a control directive to start, pause, or stop the audit.
    Type: Grant
    Filed: May 21, 2019
    Date of Patent: June 15, 2021
    Assignee: International Business Machines Corporation
    Inventors: Robert B. Basham, Joseph W. Dain, Edward H. W. Lin
  • Patent number: 11031135
    Abstract: A method and apparatus can include a system controller and a system processor. The system controller can retrieve a cybersecurity dataset from at least one database, the retrieved dataset including information associated with at least one element associated with at least one of network traffic and process monitoring of at least one process being implemented in at least one network element. The system processor can utilize multidimensional nonlinear manifold clustering on the at least one element of the retrieved cybersecurity dataset, assign a threat entity formulated from the at least one element of the retrieved dataset into a cybersecurity threat hyper-volume based on the multidimensional nonlinear manifold clustering, and formulate a recommended action to be taken based on the assignment of the threat entity into the cybersecurity threat hyper-volume.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: June 8, 2021
    Assignee: Edge2020 LLC
    Inventors: Tell Gates, Ronald Hirsch
  • Patent number: 11030321
    Abstract: Techniques for analyzing data based on the vulnerability of the corresponding device are provided. A plurality of devices are classified into a plurality of groups based on respective measures of vulnerability associated with each device, and a respective weighting factor is determined for each respective group of the plurality of groups based at least in part on a number of devices included in the respective group. An evidentiary value of data received from a first device of the plurality of devices is modified, based on the respective weighting factor associated with the first device. Further, a probable state of a physical environment is determined, based in part on the data received from the first device.
    Type: Grant
    Filed: October 2, 2018
    Date of Patent: June 8, 2021
    Assignee: International Business Machines Corporation
    Inventors: Sanehiro Furuichi, Akira Saito, Takuya Mishina, Hiroaki Uetsuki
  • Patent number: 11030345
    Abstract: Methods and systems of storing and managing regulated content items on a non-regulated storage platform are provided. A representation of a regulated content item representing content of the regulated content item is created. The content of the regulated content item is subject to one or more regulations and the regulated content item is stored on the non-regulated storage platform. The representation of the regulated content item is provided to the non-regulated storage platform for storage. The representation of the regulated content item is configured to be accessible on the non-regulated storage platform. A request to access the regulated content item using the representation of the regulated content item is received. The regulated content item is retrieved from the non-regulated storage platform in response to the received request.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: June 8, 2021
    Assignee: Medidata Solutions, Inc.
    Inventors: Kevin Anthony Barrett, Patrick Michael Pollard, Patrick Roberts, Martin Frid-Nielsen
  • Patent number: 11025660
    Abstract: Various implementations disclosed herein provide a method for detecting impact of the vulnerability by using a normalizer and correlator. In various implementations, the method includes: accessing a first set of data from a first data sources, calculating a risk level value for each of the first set of data based on a first set of rules, sorting the first set of data based on their risk level, accessing the sorted first set of data by a correlator, accessing, by the correlator, a second set of data from second data sources, correlating each of the sorted first set of data to at least a data of the second set of data based a second set of rules, and calculating a confidence score for each data of the sorted first set of data based on a third set of rules.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: June 1, 2021
    Assignee: ThreatWatch Inc.
    Inventors: Ketan Sateesh Nilangekar, Amol Narayan Godbole, Adrian Asher
  • Patent number: 11023612
    Abstract: Provided are techniques for operator isolation based on data security requirements. At a cloud node, a graph is received that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to a tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to a tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: June 1, 2021
    Assignee: International Business Machines Corporation
    Inventors: David M. Koster, Jason A. Nikolai, John M. Santosuosso, Michael J. Branson
  • Patent number: 11023592
    Abstract: Systems and methods for managing a multi-region data incident are provided herein. Example methods include receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that including information corresponding to the data incident, wherein the data incident has a plurality of facets with each facet having any of unique and overlapping set of privacy data and media type and associated risk factors requiring facet specific incident risk assessment, automatically generating, via the risk assessment server, a risk assessment and decision-support guidance whether the facet is reportable, from a comparison of the facet to privacy rules, the privacy rules define requirements associated with data incident notification obligations, and providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server.
    Type: Grant
    Filed: September 3, 2019
    Date of Patent: June 1, 2021
    Assignee: RADAR, LLC
    Inventors: Mahmood Sher-Jan, Andrew Migliore, Nicholas J. Church, Reno Brown, David Van Der Merwe
  • Patent number: 11023586
    Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device the package determination component 430 determines one or more packages distributed in firmware of a BMC. The device determines a respective update of each of the one or more packages. The device determines a first set of security vulnerabilities of the each package that is addressed by the respective update. The device further determines a second set of security vulnerabilities of the each package after the respective update is applied. The device generates a first file indicating the first set of security vulnerabilities and the second set of security vulnerabilities.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: June 1, 2021
    Assignee: AMERICAN MEGATRENDS INTERNATIONAL, LLC
    Inventors: Anurag Bhatia, Samvinesh Christopher, Winston Thangapandian
  • Patent number: 11023610
    Abstract: A breach detection engine detects and mitigates the effects of breaches across one or more data sources. An index is generated based on one or more data sources and the index is queried using keywords indicative of potential breaches. A database of potential breaches is populated based on the query of the index. The potential breach database is queried using keywords associated with a system identity (e.g., a third party). A likelihood of a candidate breach is identified based on a set of breach criteria weights. A network node associated with a candidate breach determined to be an actual breach is identified for isolation or for the performance of one or more additional security actions.
    Type: Grant
    Filed: January 23, 2019
    Date of Patent: June 1, 2021
    Assignee: UPGUARD, INC.
    Inventors: Alan James Sharp-Paul, Christopher Robert Vickery, Jonathan David Hendren, Gregory Ford Pollock, Daniel Bradbury, Christian Alan Kiely, Gavin Richard Turner, Michael Franz Baukes
  • Patent number: 11017093
    Abstract: A system for analyzing a computing system for potential breach points, the system comprising a memory device having executable instructions stored therein, and a processing device, in response to the executable instructions, configured to parse a breach scenario file, the breach scenario file comprising a graph including action component nodes connected by edges, determine a root node from the action component nodes, execute the root node with breach point data, generate a root node return value based on the execution of the root node, the root node return value including a modified copy of the breach point data, determine children nodes from the action component nodes connected to the root node, execute the children nodes wherein each execution of the children nodes produces children node return values for a subsequent one of the children nodes, and return a final return value from the execution of the children nodes.
    Type: Grant
    Filed: December 28, 2017
    Date of Patent: May 25, 2021
    Assignee: SAFEBREACH LTD.
    Inventors: Itzhak Kotler, Idan Livni, Dan Bar-Shalom, Guy Bejerano
  • Patent number: 11019089
    Abstract: A security assessment service for implementing security assessments based on security credentials utilized to access network-based services. The system implements security assessments associated with various actions attributed to different types of techniques that can be utilized for compromised security information. The processing result of the security assessment can be utilized to determine the result of the techniques associated with the security assessment, the performance of security monitoring services, and an anticipated result on a virtual network.
    Type: Grant
    Filed: February 27, 2018
    Date of Patent: May 25, 2021
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 11019497
    Abstract: Disclosed is an apparatus for managing a risk of a malware behavior in a mobile operating system, which includes: a deducing unit configured to deduce characteristics of a malware from results of a static analysis on mobile malware data and a dynamic analysis thereon under a virtual environment by using a blacklist including an indicator of compromise (IOC) utilized in an existing mobile malware.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: May 25, 2021
    Assignee: KOREA UNIVERSITY RESEARCH AND BUSINESS FOUNDATION
    Inventors: Kyung Ho Lee, Dahee Choi, Won Park, Junhyoung Oh, Ju Hyeon Lee, Chang Yeon Kim, Youngin You
  • Patent number: 11017100
    Abstract: A risk assessment platform receives an indication of a first user authentication event associated with a user's attempt to access a first protected resource, and collects first user and device attributes associated with a first authentication process applied to the user and the user's device. The risk assessment platform receives an indication of a second user authentication event associated with the user's attempt to access a second protected resource, and collects second user and device attributes associated with a second authentication process applied to the user and the user's device. The risk assessment platform determines a level of risk of identity fraud associated with the user based on the first and second user and device attributes, and grants or denies the user access to the second protected resource based on the determined level of risk of identity fraud associated with the user.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: May 25, 2021
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Manian Krishnamoorthy, Venkat Korvi, Mannar Naga Sai Karyampudi, Ying Chen, Praveen Atreya
  • Patent number: 11012448
    Abstract: Systems for analyzing and controlling cyber events are provided. In some examples, indicator or compromise (IOC) data may be received. The system may parse the data to identify one or more IOC parameters within the IOC data. In some examples, the IOC parameters may be compared to known IOC parameters to determine whether the IOC parameters are known. If not, the newly identified IOC parameters may be stored in a database. The identified IOC parameters may be evaluated to identify one or more linkages associated with the IOC parameters. For instance, each IOC parameters may be evaluated to identify one or more other parameters associated with each parameter. Those linkages may indicate a threat or potential threat. Based on the evaluation, the system may generate, update and/or execute one or more blocks. For instance, access to one or more domain name, email address, or the like, may be locked based on the identified IOC parameters, linkages, and the like.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: May 18, 2021
    Assignee: Bank of America Corporation
    Inventors: Michael Robert Young, Alexander Hutton
  • Patent number: 11012462
    Abstract: Implementations of the present disclosure relate to methods, systems, and computer program products for security management. In one implementation, a computer-implemented method is disclosed. In the method, a message sequence associated with a user may be obtained from a list of historical messages that are logged in a data system. A candidate operation may be determined based on the obtained message sequence and an association model, where the association model indicates associations between message sequences and operations that are supported in the data system. A security level of the candidate operation may be evaluated based on at least one historical operation that has been performed by the user in the data system. In other implementations, a computer-implemented system and a computer program product for security management are disclosed.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: May 18, 2021
    Assignee: International Business Machines Corporation
    Inventors: He Yuan Huang, Wen Sun, Jun Wang, Guan Qun Zhang
  • Patent number: 11005864
    Abstract: Techniques for user behavior anomaly detection. At least one low-variance characteristic is compared to an expected result for the corresponding low-variance characteristics to determine if the low-variance characteristic(s) is/are within a pre-selected range of the expected results. A security response action is taken in response to the low-variance characteristic not being within the first pre-selected range of the expected results. At least one high-variance characteristic is compared to an expected result for the corresponding high-variance characteristics to determine if the high-variance characteristic(s) is/are within a pre-selected range of the expected results. A security response action is taken in response to the high-variance characteristic not being within the first pre-selected range of the expected results. Access is provided if the low-variance and the high-variance characteristics are within the respective expected ranges.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: May 11, 2021
    Assignee: salesforce.com, inc.
    Inventors: Matthew Saunders, Ping Yan, John Slater, Wei Deng
  • Patent number: 11005877
    Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.
    Type: Grant
    Filed: March 14, 2019
    Date of Patent: May 11, 2021
    Assignee: HCL Technologies Limited
    Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
  • Patent number: 11005869
    Abstract: A method and apparatus for analyzing cyber threat intelligence data. The method includes: acquiring first and second CTI graphs including first and second CTI data, respectively, classified based on a first classification item; classifying the first CTI data and the second CTI data based on a second classification item determined depending on the first classification item; outputting a graph similarity of the first and second CTI graphs determined based on a first CTI similarity between the first and second CTI data when the first and second CTI data belong to the same classification as a result of the classification; setting the first CTI graph and the second CTI graph to be included in one group when the graph similarity is equal to or greater than a threshold value; and outputting CTI information including the first and second CTI data for each group.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: May 11, 2021
    Assignee: KOREA INTERNET & SECURITY AGENCY
    Inventors: Seul Gi Lee, Nak Hyun Kim, Hyei Sun Cho, Byung Ik Kim, Jun Hyung Park
  • Patent number: 11003717
    Abstract: Techniques for detecting anomalies in streaming graph data are described. For example, an embedding technique of generating a multi-dimensional vector of summations of each weighted edge found in both a random source bounding proper subset and a random destination bounding proper subset associated with a dimension of the epoch graph is detailed. Anomaly detection is performed on the generated multi-dimensional vectors.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: May 11, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Dhivya Eswaran, Sudipto Guha, Nina Mishra
  • Patent number: 10999315
    Abstract: A mitigation system comprises a plurality of types of mitigation devices which execute a defense function against an attack, and a control device which selects, if it is detected that an attack has been performed on a network to be monitored, one of the plurality of types of mitigation devices, which executes a defense function in accordance with the type of the attack.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: May 4, 2021
    Assignee: NTT Communications Corporation
    Inventors: Kento Ikeda, Yasuhiro Hataya, Takanori Mizuguchi, Kaname Nishizuka
  • Patent number: 10997319
    Abstract: Systems and methods for anonymized behavior analysis are described. A requesting computer having access to personally identifiable information (PII) for a group of users may provide the PII to an intermediary computer having access to associated real identifiers. The intermediary computer may provide the associated real identifiers to a behavior analysis computer, which may calculate a behavior metric for each of the real identifiers, and calculate an aggregated behavior metric for the entire subset of real identifiers. The behavior analysis computer may send the aggregated behavior metric back to the requesting computer; thus, no individual behavior metrics are disclosed to the requesting computer. This process can be done without sharing the PII with the behavior analysis computer, or the real identifiers with the requesting computer, thereby protecting the privacy of the users.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: May 4, 2021
    Assignee: Visa International Service Association
    Inventors: Daniel E. Fineman, Carlo Cubeddu, Lace Cheung
  • Patent number: 10999308
    Abstract: Methods and systems for penetration testing of a networked system by a penetration testing system (e.g. that is controlled by a user interface of a computing device) are disclosed herein. In one example, a penetration testing campaign is executed according to a manual and explicit selecting of one or more goals of an attacker of the penetration testing campaign. Alternatively or additionally, a penetration testing campaign is executed according to an automatic selecting of of one or more goals of the attacker (e.g. according to a type of attacker of the penetration testing campaign).
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: May 4, 2021
    Assignee: XM Cyber Ltd.
    Inventors: Boaz Gorodissky, Adi Ashkenazy, Ronen Segal
  • Patent number: 10999314
    Abstract: The present disclosure provides a method, system, and device for securely updating a software release across a network. To illustrate, a server may compile a transaction log that includes information corresponding to one or more nodes in the network to which the software release has been transmitted. The server may analyze one or more files based on vulnerability information to identify at least one file of the one or more files that poses a risk. The server may also identify at least one node of the network at which the at least one file is deployed. Based on identifying the at least one node, the server may transmit a corrective action with respect to the at least one node.
    Type: Grant
    Filed: July 17, 2020
    Date of Patent: May 4, 2021
    Assignee: JFrog Ltd.
    Inventor: Yoav Landman
  • Patent number: 10999310
    Abstract: To combat data theft and/or sabotage, a network-level security client may monitor and selectively apply security protocols to manage risk in data transfers within, incoming to, and outgoing from an organization's data network. This top-down approach may become increasingly difficult to maintain within a data network with numerous connected terminals, storage devices, and other devices, many of which may be attempting data transfers simultaneously. In the presently disclosed technology, connected data storage devices each include an endpoint security client embedded in data storage device firmware. The endpoint security clients each establish a security client connection with a network security client upon connection to a data storage network, monitor data transfers within the data storage network, and selectively apply security protocols to manage risk in data transfers, thereby decentralizing some aspects of data security within the organization's data network.
    Type: Grant
    Filed: November 27, 2018
    Date of Patent: May 4, 2021
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventor: Michael Francis Chalmandrier-Perna
  • Patent number: 10990685
    Abstract: A method to use static software analysis tools to determine breachable common weakness enumerations within software source code by avoidance of non-breachable situations which allows for the classification of breachable common weakness enumeration situations into 5 categories, each with a unique means of detection.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: April 27, 2021
    Assignee: Spectare Systems, Inc.
    Inventor: Christopher D. Near
  • Patent number: 10992606
    Abstract: Systems and methods for managing a set of electronic assets from a single location are disclosed. The method includes providing a portal with a network security access control. The method includes determining that login credentials input to the access control are associated with a set of electronic assets corresponding to a plurality of third-party computing systems with application programming interface (API) gateways configured to accept an API call directed to changes in functionality of the electronic assets. The method includes presenting, via the portal, a virtual icon to identify a coordinated action with respect to the set of electronic assets and, in response to a selection of the virtual icon, executing a set of API calls that include an asset-specific API call to each third-party computing system in the plurality of third-party computing systems to implement the coordinated action on all electronic assets in the set of electronic assets.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: April 27, 2021
    Assignee: WELLS FARGO BANK, N.A.
    Inventor: Joshua R. Mitchell
  • Patent number: 10986103
    Abstract: Example embodiments disclosed herein relate to generate signal tokens indicative of malware. A code analysis is performed on known malware application code and known clean application code to generate tokens. Signal tokens indicative of malware are generated based on groupings of the tokens.
    Type: Grant
    Filed: July 31, 2013
    Date of Patent: April 20, 2021
    Assignee: Micro Focus LLC
    Inventors: Frank Chijeen Hsueh, Sejal Pranlal Kamani
  • Patent number: 10986106
    Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: April 20, 2021
    Assignee: SPLUNK INC.
    Inventors: Sudhakar Muddu, Christos Tryfonas
  • Patent number: 10984112
    Abstract: Automated threat modeling methods include providing one or more servers and one or more data stores communicatively coupled with the server(s). The data store(s) may include a plurality of threat model components stored therein (stored components) and a plurality of threats stored therein (stored threats), each stored threat associated through the data store(s) with at least one of the stored components. Using one or more input fields displayed on one or more computing devices communicatively coupled with at least one of the server(s), one or more inputs are received, the input(s) including access credentials associated with an existing computing environment and one or more inputs configured to initiate, using the server(s) and the access credentials, automatic generation of a relational diagram (diagram) of the existing computing environment and automatic generation of a threat report. Automated modeling systems include systems configured to carry out automated modeling of an existing computing environment.
    Type: Grant
    Filed: August 17, 2020
    Date of Patent: April 20, 2021
    Assignee: ThreatModeler Software Inc.
    Inventor: Anurag Agarwal
  • Patent number: 10983901
    Abstract: Techniques are described for “fuzz testing” serverless software applications (for example, software applications implemented by a serverless compute service provided by a service provider network). Fuzz testing is an automated testing technique involving a fuzzer client application (or simply “fuzzer”) providing invalid, unexpected, or random data as inputs to a software application that is the target of the testing to discover software bugs and other runtime issues during execution of the software. To fuzz test a serverless application, a fuzzer continuously sends inputs to the serverless application and, when a runtime error is detected (for example, by monitoring log data generated by the serverless application), a copy of the serverless application can be invoked with the suspected error-inducing input to verify that the input indeed causes the error without interrupting the fuzzer's testing of the original serverless application.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: April 20, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Craig Wilfred Pearce, Bryan Williams, Khai Tran