Vulnerability Assessment Patents (Class 726/25)
  • Patent number: 11916954
    Abstract: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.
    Type: Grant
    Filed: November 16, 2021
    Date of Patent: February 27, 2024
    Assignee: PAYPAL, INC.
    Inventors: Yuri Shafet, Bradley Wardman, Ilya Chernyakov
  • Patent number: 11916953
    Abstract: A method of generating a baseline of expected behavior on a single machine or endpoint to accurately fingerprint the native behavior of the NTLM protocol on that particular endpoint in a network. By limiting the scope of a baseline to a single endpoint, the scope of the baseline can consist of expected behavior (including supported hash functions, version strings and various feature flags). Deviations from these behaviors are considered evidence of a redundant implementation of NTLM utilized by an attacker and thus as evidence of an attempted PTH attack. Using this method it is possible to accurately detect PTH attacks originating from all publicly known non-standard implementations of NTLM existing in tools such as Impacket, Metasploit, and Invoke-TheHash.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: February 27, 2024
    Assignee: Cybereason, Inc.
    Inventor: Phillip Tsukerman
  • Patent number: 11916895
    Abstract: A network-connected device service receives a request to authenticate a network-connected device. The network-connected device service determines, from a digital certificate identified in the request, a set of parameters of the digital certificate. The network-connected device service utilizes the set of parameters to identify, from a set of digital certificate clusters, a digital certificate cluster associated with the set of parameters. Through an audit of the digital certificate clusters, the network-connected device service determines whether the digital certificate cluster is indicative of the digital certificate being anomalous.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: February 27, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 11899788
    Abstract: A system dividing unit (110) divides a target system into a plurality of sub-systems. A root system selection unit (122) selects a sub-system in which a threat on security occurs, as a root system from among the plurality of sub-systems. A root tree generation unit (131) generates an attack tree of the root system, as a root tree. A descendant system selection unit (132) selects one sub-system or more located on an intrusion course to the root system, as one descendent system or more from among the plurality of sub-systems. A descendant tree generation unit (133) generates one attack tree or more corresponding to the one descendent system or more, as one descendent tree or more. A sub-attack tree integration unit (140) integrates the root tree and the one descendent tree or more, to thereby generate an attack tree of the target system.
    Type: Grant
    Filed: April 29, 2021
    Date of Patent: February 13, 2024
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Ryosuke Shimabe, Takeshi Asai, Kiyoto Kawauchi
  • Patent number: 11902314
    Abstract: A device may receive security data identifying assets of an entity, security issues associated with the assets, and objectives associated with the assets and may utilize a data model to generate, based on the security data, asset related data identifying mapped sets of security data. The device may process a first portion of the asset related data, with a first model, to calculate an asset risk likelihood score for an asset of the assets and may process a second portion of the asset related data, with a second model, to calculate an asset criticality score for the asset. The device may process a third portion of the asset related data, with a third model, to calculate an asset control effectiveness score for the asset and may combine the scores to generate a security risk score for the asset. The device may provide the security risk score for display.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: February 13, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Md. Faisal Zaman, Andrew Poole, Gaurav Shivhare, Sneha Shinde, Grant Kevin Harris, Jeffrey Mark Recor
  • Patent number: 11902312
    Abstract: A method, apparatus and product for assessing security threats from lateral movements and mitigation thereof. The method comprising statically analyzing the network to determine for each asset of a list of assets in a network, potential network lateral movements therefrom to other assets; dynamically analyzing the network to validate each potential network lateral movement identified by the static analysis; generating a graph of network lateral movements, wherein the graph comprises nodes and directed edges, wherein a node of the graph represents an asset of the list of assets, wherein a direct edge of the graph connecting a source node to a target node represents a validated network lateral movement from a source asset, represented by the source node, to a target asset, represented by the target node; and utilizing the graph of network lateral movements to assess security risk to the network.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: February 13, 2024
    Assignee: CYMULATE LTD.
    Inventors: Avihai Ben-Yosef, Shmuel Ur
  • Patent number: 11902294
    Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; associating a human factor with the entity; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source; analyzing the event of analytic utility, the analyzing the event of analytic utility taking into account the human factor associated with the entity enacting the event of analytic utility; generating a risk score in response to the analyzing, the risk score taking into account the human factor associated with the entity; and, performing the security operation when the risk score meets a security risk parameter.
    Type: Grant
    Filed: December 31, 2020
    Date of Patent: February 13, 2024
    Assignee: Forcepoint LLC
    Inventors: Raffael Marty, Nicolas Christian Fischbach
  • Patent number: 11899812
    Abstract: A system, method and program product for implementing a compound security platform for providing secure access to private data in an encrypted storage area. A disclosed system includes an application configured to receive queries from application users requiring access to encrypted private data; a middle security layer callable from the application to facilitate predefined access to the encrypted private data; a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middleware layer; a hashing system that generates a content hash of the middle security layer and root security layer to ensure integrity of the middle security layer and root security layer; and an auditing detection system that detects malicious auditing of parameters.
    Type: Grant
    Filed: June 10, 2021
    Date of Patent: February 13, 2024
    Assignee: JJD SOFTWARE LLC
    Inventor: Justin Donohoe
  • Patent number: 11902269
    Abstract: In some embodiments, reducing network traffic related to network operations may be facilitated. In some embodiments, information for an operation comprising a message to authenticate the operation may be received from a client device. A machine learning model trained on information regarding a plurality of historical operation and corresponding execution result may be obtained, where the plurality of historical operations were executed on a client device of a same type as the client device. Using the machine learning model, the information for the operation may be processed to predict an execution result for authenticating the operation. The execution result may be transmitted to the client device to prevent execution of the operation in response to the execution result indicating that authenticating the operation will be unsuccessful.
    Type: Grant
    Filed: November 4, 2022
    Date of Patent: February 13, 2024
    Assignee: Capital One Services, LLC
    Inventors: Sunil Pradhan Sharma, Ravikanth Kompella, Rajendra Prasad Mokshagundam
  • Patent number: 11895178
    Abstract: An operating method of a server to provide an advertisement, which includes: receiving HTTP request from a client; acquiring HTTP response to the HTTP request, which includes first advertisement information; amending the HTTP response—including obfuscating at least a partial field of the HTTP response including the first advertisement information; and transferring the amended HTTP response to the client.
    Type: Grant
    Filed: March 23, 2022
    Date of Patent: February 6, 2024
    Assignee: Adshield, Inc.
    Inventor: Sang Hyeon Jeon
  • Patent number: 11895144
    Abstract: Disclosed are implementations, including a method that includes monitoring dataflow streams in a network comprising multiple computing nodes, and determining network security characteristics for a dataflow stream, from the monitored dataflow streams, relating to security, authentication, and access events for accessing, via the dataflow stream, one or more of the multiple nodes. The method further includes determining potential violations by the dataflow stream of security policies defined for operation of the network, access functionality for the network, or identity attributes used by the network, based, at least in part, on the determined network security characteristics for the dataflow stream, and based on network-operation data comprising one or more of network security data, network identity data, and network access data. The network-operation data is stored in one or more data storage units in the network, and is configured to manage network access and operation for the multiple computing nodes.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: February 6, 2024
    Assignee: AUTHMIND INC.
    Inventors: Shlomo Yanay, Ankur Panchbudhe
  • Patent number: 11895143
    Abstract: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.
    Type: Grant
    Filed: May 20, 2021
    Date of Patent: February 6, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 11893110
    Abstract: An attack estimation device includes a storage unit configured to hold an attack tree, an abstract attack tree, and log check management information, and a prediction unit configured to predict, when a detection alert is received, a range of compromise from the attack by referring to the information in the storage unit. The prediction unit is configured to: determine that an attack of an unknown pattern has occurred as the attack when indicators of compromise that correspond to the attack are not successfully identified; identify an abstract attack name by referring to the abstract attack tree; and predict a range of compromise from the attack of an unknown pattern by identifying a device in which indicators of the attack of an unknown pattern are likely to be left, and by identifying a specific place in the log of the identified device, by referring to the log check management information.
    Type: Grant
    Filed: July 27, 2021
    Date of Patent: February 6, 2024
    Assignee: Mitsubishi Electric Corporation
    Inventors: Hisashi Naito, Kiyoto Kawauchi
  • Patent number: 11895141
    Abstract: An apparatus and method for analyzing organizational digital security are described. The apparatus includes at least a processor and a memory communicatively coupled to the at least a processor. The memory includes instructions configuring the at least a processor to receive organizational data associated with a plurality of organizational resources for an organization, analyze the organizational data, determine an integrity indicator based on the surveying of the organizational data, and generate a continuity indicator as a function of the integrity indicator.
    Type: Grant
    Filed: December 1, 2022
    Date of Patent: February 6, 2024
    Inventors: Reuben Vandeventer, David Imrem
  • Patent number: 11895107
    Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are intercepting web browser communications. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTPS request to a known service via the web browser. The secure browser extension receives an HTTPS response to the HTTPS request via the web browser. The secure browser extension determines whether the certificate included in the HTTPS response is trusted by the secure browser extension. Based on determining the certificate is not trusted, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.
    Type: Grant
    Filed: December 20, 2022
    Date of Patent: February 6, 2024
    Assignee: Bank of America Corporation
    Inventors: Andrew Paul Montgomery, Sanjay Bhanu, Stuart David Ford, Ricardo Varanda
  • Patent number: 11886584
    Abstract: Disclosed herein are systems and methods for detecting potentially malicious changes in an application. In one aspect, an exemplary method comprises, selecting a first file to be analyzed and at least one second file similar to the first file, for each of the at least one second file, calculating at least one set of features, identifying a set of distinguishing features of the first file by finding, for each of the at least one second file, a difference between a set of features of the first file and the calculated at least one set of features of the second file, and detecting a presence of potentially malicious changes in the identified set of distinguishing features of the first file.
    Type: Grant
    Filed: November 17, 2021
    Date of Patent: January 30, 2024
    Assignee: AO KASPERSKY LAB
    Inventors: Anton A Kivva, Lev V Pikman, Igor A Golovin
  • Patent number: 11888858
    Abstract: Various aspects of methods, systems, and use cases for verification and attestation of operations in an edge computing environment are described, based on use of a trust calculus and established definitions of trustworthiness properties. In an example, an edge computing verification node is configured to: obtain a trust representation, corresponding to an edge computing feature, that is defined with a trust calculus and provided in a data definition language; receive, from an edge computing node, compute results and attestation evidence from the edge computing feature; attempt validation of the attestation evidence based on attestation properties defined by the trust representation; and communicate an indication of trustworthiness for the compute results, based on the validation of the attestation evidence. In further examples, the trust representation and validation is used in a named function network (NFN), for dynamic composition and execution of a function.
    Type: Grant
    Filed: October 6, 2020
    Date of Patent: January 30, 2024
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Sunil Cheruvu, Francesc Guim Bernat, Kshitij Arun Doshi, Eve M. Schooler, Dario Sabella
  • Patent number: 11887704
    Abstract: A computer-implemented method provides a requested medical data record to a receiving entity. The method includes receiving a set of medical data records and receiving or initiating a joint data index and, for each medical data record of the set, applying a plurality of hash functions to a patient identifier corresponding to the medical data record to determine a hash vector, the patient identifier corresponding to the medical data record identifying the patient being subject of the medical data record, and updating the joint data index based on the hash vector. Furthermore, it includes providing the joint data index to the receiving entity and receiving a request for a record, corresponding to a request patient identifier and being based on the joint data index, from the receiving entity. The method includes providing the requested medical data record to the receiving entity via a secure communication channel.
    Type: Grant
    Filed: September 14, 2020
    Date of Patent: January 30, 2024
    Assignee: SIEMENS HEALTHCARE GMBH
    Inventors: Ricardo Daniel Carneiro Gomes, Shiva Ashish Thumparthy, Ilya Sher, Zeev Glozman, Christoph Pedain
  • Patent number: 11888887
    Abstract: Systems and methods for computing times to remediate for asset vulnerabilities are described herein. In an embodiment, a server computer receives first vulnerability data for a plurality of entities identifying asset vulnerabilities and timing data corresponding to the vulnerability data indicating an amount of time between identification of an asset vulnerability and a result of the asset vulnerability. The server computer identifies a strict subset of the first vulnerability data that belongs to a particular category of a first plurality of categories. The server computer receives second vulnerability data for a particular entity identifying asset vulnerabilities. The server computer identifies a strict subset of the second vulnerability data the belongs to the particular category. Based, at least in part, on the strict subset of the first vulnerability data, the server computer computes a time to remediate the asset vulnerabilities in the strict subset of the second vulnerability data.
    Type: Grant
    Filed: April 27, 2021
    Date of Patent: January 30, 2024
    Inventors: Michael Roytman, Edward T. Bellis, Jason Rolleston
  • Patent number: 11886586
    Abstract: Behavior report generation monitors the behavior of unknown sample files executing in a sandbox. Behaviors are encoded and feature vectors created based upon a q-gram for each sample. Prototypes extraction includes extracting prototypes from the training set of feature vectors using a clustering algorithm. Once prototypes are identified in this training process, the prototypes with unknown labels are reviewed by domain experts who add a label to each prototype. A K-Nearest Neighbor Graph is used to merge prototypes into fewer prototypes without using a fixed distance threshold and then assigning a malware family name to each remaining prototype. An input unknown sample can be classified using the remaining prototypes and using a fixed distance. For the case that no such prototype is close enough, the behavior report of a sample is rejected and tagged as an unknown sample or that of an emerging malware family.
    Type: Grant
    Filed: March 6, 2020
    Date of Patent: January 30, 2024
    Assignee: Trend Micro, Inc.
    Inventors: Yin-Ming Chang, Hsing-Yun Chen, Hsin-Wen Kung, Li-Chun Sung, Si-Wei Wang
  • Patent number: 11888875
    Abstract: One embodiment of the described invention is directed to a key management module and a consumption quota monitoring module deployed within a cybersecurity system. The key management module is configured to assign a first key to a subscriber and generate one or more virtual keys, based at least in part on the first key, for distribution to the subscriber. A virtual key is included as part of a submission received from the subscriber to authenticate the subscriber and verify that the subscriber is authorized to perform a task associated with the submission. The consumption quota monitoring module is configured to monitor a number of submissions received from the subscriber.
    Type: Grant
    Filed: December 5, 2022
    Date of Patent: January 30, 2024
    Assignee: Musarubra US LLC
    Inventors: Sai Vashisht, Sumer Deshpande
  • Patent number: 11889416
    Abstract: According to an embodiment, an information processing apparatus comprises a device interface, a network interface, a power supply part, a battery and a control part. A power supply part is configured to supply electric power from an external power supply. A control part is configured to: perform a conversion process on data from a terminal device, and transmit the data to a network; and when the power supply from the power supply part is stopped, transmit, to another information processing apparatus through the network interface, a first message indicating that a pass-through mode in which data is relayed between the terminal device and the network without being subjected to the conversion process is set, and set the pass-through mode.
    Type: Grant
    Filed: March 12, 2021
    Date of Patent: January 30, 2024
    Assignees: KABUSHIKI KAISHA TOSHIBA, Toshiba Infrastructure Systems & Solutions Corporation
    Inventors: Keita Taniguchi, Issei Hatanaka
  • Patent number: 11886389
    Abstract: A device may receive, from a user device, a transaction request associated with a first entity and identify a distributed ledger associated with the first entity, the distributed ledger including a set of blocks recording work data associated with the first entity. The set of blocks may include: a first subset of blocks including data specifying work performed by the first entity, and a second subset of blocks including data verifying a portion of the work performed by the first entity and specified by the data included in the first subset of blocks. The device may determine that a transaction, associated with the transaction request, is associated with the first subset of blocks and the second subset of blocks. Based on predetermined instructions that correspond to the transaction and the distributed ledger, the device may perform the transaction.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: January 30, 2024
    Assignee: Capital One Services, LLC
    Inventors: Walter Miller, Robert Martin, Bradley Smith
  • Patent number: 11886572
    Abstract: Upgrade to a Trusted Application in a Trusted Execution Environment compliant to a Trusted Execution Environment standard to an as-a-server functioning by running, inside the Trusted Execution Environment, each instance of a Multi Instance/Single Session Trusted-Server Trusted Application compliant to the TEE standard in an infinite state-full loop polling a session of a Single Instance/Multi Session Trusted-Pipe Trusted Application, the single session of each of the instance of the Trusted-Server Trusted Application being adapted to perform a task as a server, said Trusted-Pipe Trusted Application being further polled by the Customer Application and opening session depending on command coming from the Customer Application.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: January 30, 2024
    Assignee: THALES DIS FRANCE SAS
    Inventor: Geoffroy Cogniaux
  • Patent number: 11886965
    Abstract: A substantial learning curve is required to construct integration processes in an integration platform. This can make it difficult for novice users to construct effective integration processes, and for expert users to construct integration processes quickly and efficiently. Accordingly, embodiments for building and operating a model to predict next steps, during construction of an integration process via a graphical user interface, are disclosed. The model may comprise a Markov chain, prediction tree, or an artificial neural network (e.g., graph neural network, recurrent neural network, etc.) or other machine-learning model that predicts a next step based on a current sequence of steps. In addition, the graphical user interface may display the suggested next steps according to a priority (e.g., defined by confidence values associated with each step).
    Type: Grant
    Filed: October 27, 2022
    Date of Patent: January 30, 2024
    Assignee: BOOMI, LP
    Inventors: Daniel Schwartz, Shailendra Burman, Anil Enum, Swagata Ashwani
  • Patent number: 11880470
    Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining user code; obtaining an indication of at least one vulnerability, the vulnerability associated with one or more sets comprising at least a first instruction type and a second instruction type; scanning the code using dependency analysis, to obtain for one set: one or more first instructions of the first instruction type, one or more second instructions of the second instruction type, and further instructions associated with entities relevant to the first instruction and the second instruction; eliminating instructions other than the first instruction, the second instruction and one of the further instructions, thereby obtaining a collection of instructions that behaves differently from the user code; and providing the collection of instructions for vulnerability detection.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: January 23, 2024
    Assignee: WHITESOURCE LTD.
    Inventors: Aharon Abadi, Bar Makovitzki, Ron Shemer
  • Patent number: 11882135
    Abstract: Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to the first incident or the first type a recommended sequence of actions is generated based on the machine-learning model for use by an analyst in connection with responding to the second incident. In response to rejection of the recommended sequence by the analyst, revising the recommended sequence based on input provided by the analyst and storing the revised recommendation sequence in a form of a revised playbook for response to subsequent incidents that are similar to the second incident.
    Type: Grant
    Filed: January 5, 2023
    Date of Patent: January 23, 2024
    Assignee: Fortinet, Inc.
    Inventors: Abhishek Narula, Christopher Carsey, Amit Jain, Pooja Singh
  • Patent number: 11882144
    Abstract: In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.
    Type: Grant
    Filed: January 24, 2022
    Date of Patent: January 23, 2024
    Assignee: TENABLE, INC.
    Inventors: Barry Sheridan, Vincent Gilcreest, Anthony Bettini, Matthew Ray Everson, Wei Tai, Renaud Deraison
  • Patent number: 11874934
    Abstract: Systems and methods for providing user-induced variable identification of end-to-end computing system security impact information via a user interface are disclosed. The system receives at a graphical user interface (GUI), a user calibration of a graphical security vulnerability element. The system then determines a set of computing system components that interact with data associated with the network operation based on a transmission of the network operation associated with a computing system. The system then determines a set of security vulnerabilities associated with each computing system component of the set of computing system components using a third-party resource. The system then applies a decision engine on the set of security vulnerabilities to determine a set of impacted computing-aspects associated with the set of computing system components.
    Type: Grant
    Filed: May 31, 2023
    Date of Patent: January 16, 2024
    Inventors: Prithvi Narayana Rao, Pramod Goyal
  • Patent number: 11868481
    Abstract: This invention discloses a method for discovering vulnerabilities of operating system access control based on model checking. In this method, security attribute and security specifications of operating system access control module are analyzed to construct the access control model. To discover vulnerabilities in the model, security analysis is performed for access control functionality with theorem proving techniques, and consistency of abstract machine specification and correctness and completeness of the components are verified with model checking tools. This method provides theoretical and technical support for studies in the field of operating system security.
    Type: Grant
    Filed: July 27, 2021
    Date of Patent: January 9, 2024
    Assignee: ZHEJIANG UNIVERSITY
    Inventors: Rui Chang, Zhuoruo Zhang, Shaoping Pan, Kui Ren
  • Patent number: 11870798
    Abstract: A method for minimizing scan disruptions includes receiving a scan request requesting to scan a set of network-connected assets. Each network-connected asset is associated with corresponding network characteristics. The method includes partitioning the set of network-connected assets into a plurality of groups based on the corresponding network characteristics. For each respective group, simultaneously, the method includes determining an ordered list for scanning each network-connected asset in the respective group, scanning a first network-connected asset of the respective group based on the ordered list, and, after scanning the first network-connected asset, determining a post-scan health status of the first network-connected asset. The method includes determining, using the post-scan health status, that a health of the first network-connected asset is degraded.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: January 9, 2024
    Assignee: Google LLC
    Inventors: Claudio Criscione, David Aslanian, Sebastian Lekies, Joseph Nelson
  • Patent number: 11868484
    Abstract: Systems and methods for determining and displaying platform-specific end-to-end security vulnerabilities via a graphical user interface (GUI) are disclosed. To provide users with visual indications of vulnerable computing aspects associated with a computing platform, the system identifies computing aspects associated with a platform. The system then obtains from a security entity, security-vulnerability descriptions that are associated with the platform. Using the security-vulnerability descriptions, the system then determines threat levels for each security-vulnerability description and then, using the determined threat levels, determines a computing aspect impact level for each computing aspect associated with the platform. The system then generates for display on a GUI, a graphical layout comprising each computing aspect impact level for each computing aspect associated with the platform.
    Type: Grant
    Filed: July 27, 2023
    Date of Patent: January 9, 2024
    Assignee: CITIBANK, N.A.
    Inventors: Prithvi Narayana Rao, Pramod Goyal
  • Patent number: 11868748
    Abstract: A deployment platform, computer-readable medium, and computer-implemented method for intelligent execution of a solution on a computer network, including receiving an instruction to execute a solution in a local runtime environment on the deployment platform, the solution including solution code written in a solution language, determining, by a helper program on the deployment platform, whether the solution is executable on the deployment platform based on the solution language and either launching, by the helper program, the solution on the deployment platform when the solution is executable on the deployment platform or launching, by the helper program, the solution on a remote platform on the computer network that is configured to execute the solution when the solution is not executable on the deployment platform, the helper program being configured to communicate with the launched solution to enable the launched solution to interface with the local runtime environment on the deployment platform.
    Type: Grant
    Filed: November 8, 2021
    Date of Patent: January 9, 2024
    Assignee: Informatica LLC
    Inventor: Hemshankar Sahu
  • Patent number: 11870802
    Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: January 9, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 11870794
    Abstract: An identifying device (10) includes a preprocessing (11) that extracts a communication connection pattern including a set of a communication source identifier and a communication destination identifier from traffic data, a comparing unit (131) that adds an ID to a communication connection pattern group including a new communication connection pattern not included in a whitelist when the new communication connection pattern is present in the communication connection pattern group, a graph feature amount generating unit (14) that generates a graph feature amount of the communication connection pattern group to which the ID has been added and adds this ID to the graph feature amount, an abnormality determining unit (16) that determines whether the generated graph feature amount is normal using a model (161) having learned the graph feature amount, and an identifying unit (132) that retrieves a new communication.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: January 9, 2024
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Hiroki Nagayama, Bo Hu, Kazunori Kamiya, Yukio Nagafuchi
  • Patent number: 11870811
    Abstract: Embodiments are directed to systems that attempt to establish trust in relation to operations on a customer endpoint of a computer network. The systems monitor, in real-time, operations to file systems, registries, application processes and threads, and OS kernels at the customer endpoint. The systems maintain compute components affected by the operation in a quarantine state. The systems then attempt to establish trust in the affected compute components (e.g., by applying rule-based policies). The systems remove the affected compute components from the quarantine state, if trust of the one or more affected compute components is established. The systems execute callback routines to mitigate results of the operation, if trust of the affected compute components is not established.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: January 9, 2024
    Assignee: Virsec Systems, Inc.
    Inventors: Satya V. Gupta, Piyush Gupta
  • Patent number: 11870793
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a process running on the electronic device, assign a reputation to the process if the process has a known reputation, determine if the process includes executable code, determine a reputation for the executable code, and combine the reputation for the executable code with the reputation assigned to the process to create a new reputation for the process.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: January 9, 2024
    Assignee: McAfee, LLC
    Inventor: Joel R. Spurlock
  • Patent number: 11861016
    Abstract: Generation of a first prediction model is caused based on first training data, where the first prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack. For each training instance in the first training data, the first prediction model is used to generate a score. Each training instance is added to second training data if the score is greater than a threshold value. The second training data is a subset of the first training data. Generation of a second prediction model is caused based on the second training data, where the second prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack.
    Type: Grant
    Filed: April 6, 2021
    Date of Patent: January 2, 2024
    Inventors: Michael Roytman, Jay Jacobs
  • Patent number: 11863563
    Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: January 2, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Neha Rungta, Tyler Stuart Bray, Kasper Søe Luckow, Alexander Watson, Jeff Puchalski, John Cook, Michael Gough
  • Patent number: 11861013
    Abstract: Systems and methods are provided for the classification of identified security vulnerabilities in software applications, and their triage based on automated decision-tree triage and/or machine learning. The disclosed system may generate a report listing detected potential vulnerability issues, and automatically determine whether the potential vulnerability issues are exploitable using automated triage policies containing decision trees or by extracting vulnerability features from the report and processing the extracted vulnerability features using machine learning models.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: January 2, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Finbarr Tarrant, Gopal Kavanadala Sridhar, Jee Hyub Kim, Navdeep Sharma, Eanna Mulrooney, Anton Plotnikov, Karel Kohout, Mário Lauande Lacroix, Richard Levine, Johnny Obando
  • Patent number: 11861007
    Abstract: Techniques for detecting container threats are described. A method of detecting container threats includes receiving, by a scanning agent on a scanner container on a host in a provider network, event data from a plurality of collection agents corresponding to a plurality of customer containers on the host, determining, by the scanning agent, the event data matches at least one known threat, and generating, by the scanning agent, event findings associated with the event data.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: January 2, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Mircea Ciubotariu, Shlomo Yehezkel, Peter Ferrie
  • Patent number: 11861015
    Abstract: Apparatus, methods, and articles of manufacture or disclosed for implementing risk scoring systems used for vulnerability mitigation in a distributed computing environment. In one disclosed example, a computer-implemented method of mitigating vulnerabilities within a computing environment includes producing a risk score indicating at least one of: a vulnerability component, a security configuration component, or a file integrity component for an object within the computing environment, producing a signal score indicating a factor that contributes to risk for the object, and combining the risk score and the signal score to produce a combined risk score indicating a risk level associated with at least one vulnerability of the computing system object. In some examples, the method further includes mitigating the at least one vulnerability by changing a state of a computing object using the combined risk score.
    Type: Grant
    Filed: March 22, 2021
    Date of Patent: January 2, 2024
    Assignee: TRIPWIRE, INC.
    Inventors: Tyler Reguly, Lamar Bailey, Lane Thames, Craig Young
  • Patent number: 11861008
    Abstract: The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.
    Type: Grant
    Filed: July 21, 2022
    Date of Patent: January 2, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Tongbo Luo, Xin Ouyang, Zhaoyan Xu, Xing Jin
  • Patent number: 11863584
    Abstract: An occurrence of an infection-spreading attack and an attack source thereof are detected with high accuracy. A first feature value is calculated based on traffic information regarding a packet forwarded by a forwarding device, and M partial address spaces to be monitored are specified based on the first feature value. A second feature value is calculated for each address of a terminal in a network, based on traffic information regarding the M partial address spaces, the second feature value is learned to classify terminal addresses into a plurality of clusters, and whether or not each of the clusters is an infection-spreading attack is determined to generate cluster information. Whether or not an infection-spreading attack has occurred and an address of a terminal that is an attack source are specified based on the second feature value and the cluster information.
    Type: Grant
    Filed: August 1, 2019
    Date of Patent: January 2, 2024
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Yukihiro Togari, Hiroaki Maeda, Hisashi Kojima, Takeshi Kuwahara
  • Patent number: 11861412
    Abstract: Techniques are described herein are related to managing deployment of a converged infrastructure (CI). Such techniques may include receiving a request to initiate a CI deployment; obtaining a CI information set; creating a CI deployment file using the CI information set; rendering a deployment user interface (UI) screen that allows a user to select to configure network devices or a CI cluster; receiving a first selection to configure a network device; rendering network device configuration screens to obtain network device configuration information; adding the network device configuration information to the CI deployment file; receiving a second selection to configure the CI cluster; rendering CI cluster configuration screens to obtain CI cluster configuration information; adding the CI cluster configuration information to the CI deployment file; and deploying the CI using the CI deployment file.
    Type: Grant
    Filed: December 9, 2020
    Date of Patent: January 2, 2024
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Deborah C. Russell, Donald E. Mace, Mark Alan Herring, Peder Brooks Piggot
  • Patent number: 11861018
    Abstract: A method and system of applying a security vulnerability assessment of a software program. The method comprises directing, from a security assessing server, to a software program under execution, a plurality of attack vectors, diagnosing a set of results associated with the software program under execution as comprising a security vulnerability, the set of results produced based at least in part on the plurality of attack vectors, and assessing a monetary premium of a risk insurance policy merited by an enterprise based at least in part on a level of control ceded to an attacker in accordance with the set of results.
    Type: Grant
    Filed: August 30, 2022
    Date of Patent: January 2, 2024
    Assignee: Ventech Solutions, Inc.
    Inventors: Matthew Canada, Jerry Allen Craig, II, Kathrine Dass, Raja Krishnamurthy, Dipanjan Nag, Eugene Noble, David Anthony Rigsby, Richard Nathan Toney, Stephen J. Veneruso
  • Patent number: 11863573
    Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for improved cybersecurity intelligence using custom trigger events. One system may include a non-transitory memory configured to store at least threat model data; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: receiving, over a communications network, the at least one custom trigger event for a threat model which identifies a cybersecurity threat; determining whether the cybersecurity threat triggers the performance of the orchestrated response based on the custom trigger event; and launching, when the cybersecurity threat triggers the performance of the orchestrated response, a first application and a second application of the plurality of applications of the orchestrated response.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: January 2, 2024
    Assignee: ThreatConnect, Inc.
    Inventor: Danny Tineo
  • Patent number: 11860764
    Abstract: A method, an apparatus, and a system are for evaluating code design quality. The method for evaluating code design quality includes: determining, based upon a result from static scanning of code, a probability of the presence of an error-prone pattern in the code; inputting the probability into an artificial neural network, and determining, based upon the artificial neural network, a prediction result for whether the code violates a preset design rule and for a quantized degree to which the design rule is violated; and based upon the prediction result, evaluating the design quality of the code. The present method is able to improve the accuracy of code design quality evaluation. By detecting a presence of an error-prone pattern in the code, whether or not a key design rule has been violated in a design process and a quantized degree to which the key design rule is violated are predicted.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: January 2, 2024
    Assignee: SIEMENS AKTIENGESELLSHAFT
    Inventors: Fei Peng, Ke Han
  • Patent number: 11853432
    Abstract: Methods and systems for assessing a vulnerability of a network device. The systems and methods described herein combine data regarding locally discovered vulnerabilities and exposed services with data regarding what executables are provided by software installed on the network device.
    Type: Grant
    Filed: August 2, 2021
    Date of Patent: December 26, 2023
    Assignee: Rapid7, Inc.
    Inventors: Roy Hodgman, Jonathan Hart
  • Patent number: 11856017
    Abstract: Approaches provide for securing an electronic environment. A threat analysis service can obtain data for devices, users, and threats from disparate sources and can correlate users to devices and threats to build an understanding of an electronic environment's operational, organizational, and security concerns in order to provide customized security strategies and remediations. Additionally, the threat analysis service can develop a model of an electronic environment's behavior by monitoring and analyzing various the data from the data sources. The model can be updated such that the threat analysis service can tailor its orchestration to complement existing operational processes.
    Type: Grant
    Filed: February 17, 2022
    Date of Patent: December 26, 2023
    Assignee: Rapid7, Inc.
    Inventors: Roy Hodgman, Kwan Lin, Vasudha Shivamoggi