公开(公告)号：US08689335B2

公开(公告)日：2014-04-01

申请号：US12146440

申请日：2008-06-25

申请人： Yair Helman ,  Efim Hudis ,  Lior Arzi

发明人： Yair Helman ,  Efim Hudis ,  Lior Arzi

IPC分类号： H04L29/06

CPC分类号： H04L63/1425 ,  G06F21/554

摘要： Mapping between object types in an enterprise security assessment sharing (“ESAS”) system enables attacks on an enterprise network and security incidents to be better detected and capabilities to respond to be improved. The ESAS system is distributed among endpoints incorporating different security products in the enterprise network that share a commonly-utilized communications channel. An endpoint publishes a security assessment when a potential security incident is detected. The security assessment identifies the object of interest, the type of security incident and its severity. A level of confidence in the detection is also provided which is expressed by an attribute called the “fidelity”. ESAS is configured with the capabilities to map between objects, including users and machines in the enterprise network, so that security assessments applicable to one object domain can be used to generate security assessments in another object domain.

摘要翻译： 在企业安全评估共享（“ESAS”）系统中的对象类型映射可以对企业网络进行攻击，并更好地检测安全事件，并提高响应能力。 ESAS系统分布在共享通用通信通道的企业网络中包含不同安全产品的端点之间。 当检测到潜在的安全事件时，端点会发布安全性评估。 安全评估确定感兴趣的对象，安全事件的类型及其严重性。 还提供了一种由被称为“保真度”的属性表示的对检测的置信度。 配置ESAS配置能够在企业网络中的对象（包括用户和计算机）之间进行映射，以便可以使用适用于一个对象域的安全评估来生成另一对象域中的安全性评估。

公开(公告)号：US20130268552A1

公开(公告)日：2013-10-10

申请号：US13443573

申请日：2012-04-10

申请人： John C. Platt ,  Surajit Chaudhuri ,  Lev Novik ,  Henricus Johannes Maria Meijer ,  Efim Hudis

发明人： John C. Platt ,  Surajit Chaudhuri ,  Lev Novik ,  Henricus Johannes Maria Meijer ,  Efim Hudis

IPC分类号： G06F17/30

CPC分类号： G06F21/6218

摘要： A data broker observes datasets that are opened or created by a user. The data broker looks for related datasets in a data catalog. If a related dataset is found, the data broker asks the user if they want to access the related dataset. If the user is interested, then the data broker asks the data owner if they are willing to share access to the related dataset with the user. The data owner may deny access, allow access, or request the user's identity. If the user does not want to provide his or her identity, then access to the related dataset is denied. If the user does provide his or her identity, then the data owner determines whether or not to share the data with that user. Once the owner approves sharing the related dataset, then the dataset or a link to the dataset is sent to the user.

摘要翻译： 数据中介器观察由用户打开或创建的数据集。 数据中介查找数据目录中的相关数据集。 如果找到相关的数据集，数据中介会询问用户是否要访问相关的数据集。 如果用户感兴趣，则数据经纪人询问数据所有者是否愿意与用户共享对相关数据集的访问。 数据所有者可以拒绝访问，允许访问或请求用户的身份。 如果用户不想提供他或她的身份，则拒绝对相关数据集的访问。 如果用户提供他或她的身份，则数据所有者确定是否与该用户共享数据。 一旦业主批准共享相关的数据集，那么将数据集或数据集的链接发送给用户。

公开(公告)号：US08510276B2

公开(公告)日：2013-08-13

申请号：US12893791

申请日：2010-09-29

申请人： Neta Haiby ,  Elad Ziklik ,  Efim Hudis ,  Gad Peleg

发明人： Neta Haiby ,  Elad Ziklik ,  Efim Hudis ,  Gad Peleg

IPC分类号： G06F7/00 ,  G06F17/00

CPC分类号： G06F17/30303 ,  G06Q10/00 ,  G06Q30/02

摘要： The present invention extends to methods, systems, and computer program products for exploring and selecting data cleansing service providers. Embodiments of the invention permit a user to explore different data cleansing service providers and compare quality results from the different data cleansing service providers. Sample data is mapped to a specified data domain. A list of service providers, for cleansing data for the selected data domain, is provided to a user. The user selects a subset of service providers. The sample data is submitted to the subset of service providers, which return results including allegedly cleansed data. The results are profiled and a comparison of the subset of service providers is presented to the user. The user selects a service provider to use when cleansing further data.

公开(公告)号：US20130117219A1

公开(公告)日：2013-05-09

申请号：US13288954

申请日：2011-11-03

申请人： Joseph Malka ,  Elad Ziklik ,  Efim Hudis ,  Meir Raviv ,  Gadi Peleg ,  Ronen Yaari

发明人： Joseph Malka ,  Elad Ziklik ,  Efim Hudis ,  Meir Raviv ,  Gadi Peleg ,  Ronen Yaari

IPC分类号： G06F17/30

CPC分类号： G06F16/215

摘要： The subject disclosure relates to a knowledge-driven data quality solution that is based on a rich knowledge base. The data quality solution can provide continuous improvement and can be based on continuous (or on-going) knowledge acquisition. The data quality solution can be built once and can be reused for multiple data quality improvements, which can be for the same data or for similar data. The disclosed aspects are easy to use and focus on productivity and user experience. Further, the disclosed aspects are open and extendible and can be applied to cloud-based reference data (e.g., a third party data source) and/or user generated knowledge. According to some aspects, the disclosed aspects can be integrated with data integration services.

摘要翻译： 主题公开涉及基于丰富的知识库的知识驱动的数据质量解决方案。 数据质量解决方案可以提供持续的改进，并且可以基于持续（或持续）的知识获取。 数据质量解决方案可以构建一次，可以重复使用多个数据质量改进，可以用于相同的数据或类似的数据。 所公开的方面易于使用，并专注于生产力和用户体验。 此外，所公开的方面是开放和可扩展的，并且可以应用于基于云的参考数据（例如，第三方数据源）和/或用户生成的知识。 根据一些方面，所公开的方面可以与数据集成服务集成。

公开(公告)号：US08136164B2

公开(公告)日：2012-03-13

申请号：US12038805

申请日：2008-02-27

申请人： Yair Helman ,  Efim Hudis

发明人： Yair Helman ,  Efim Hudis

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F23/00

CPC分类号： G06F21/577 ,  G06F21/552

摘要： An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between different security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints may publish security assessments onto a security assessment channel, as well as subscribe to a subset of security assessments published by other endpoints. A specialized endpoint is coupled to the channel that performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to received security assessments. Manual operations are supported by the specialized endpoint including manual approval of actions, security assessment cancellation, and manual injection of security assessments into the security assessment channel.

摘要翻译： 企业级共享安排使用称为安全评估的语义抽象来共享称为端点的不同安全产品之间的安全相关信息。 安全评估被定义为由更广泛的语境意义的端点对关于感兴趣的对象收集的信息的暂时分配。 端点可以将安全性评估发布到安全评估通道上，并订阅其他端点发布的安全评估子集。 通过订阅所有安全评估，记录安全性评估以及记录端点采取的响应于接收到的安全性评估的本地动作，将特定端点耦合到作为集中审核点执行的通道。 手动操作由专门的终端支持，包括手动批准动作，安全评估取消以及将安全评估手动注入安全评估通道。

公开(公告)号：US08117659B2

公开(公告)日：2012-02-14

申请号：US11321754

申请日：2005-12-28

申请人： Gregory D. Hartrell ,  David J. Steeves ,  Efim Hudis

发明人： Gregory D. Hartrell ,  David J. Steeves ,  Efim Hudis

IPC分类号： G06F21/00

CPC分类号： G06F21/552 ,  G06F21/565 ,  G06F2221/034 ,  H04L63/1416 ,  H04L63/1425

摘要： A malware analysis system for automating cause and effect analysis of malware infections is provided. The malware analysis system monitors and records computer system activities. Upon being informed of a suspected malware infection, the malware analysis system creates a time-bounded snapshot of the monitored activities that were conducted within a time frame prior to the notification of the suspected malware infection. The malware analysis system may also create a time-bounded snapshot of the monitored activities that are conducted within a time frame subsequent to the notification of the suspected malware infection. The malware analysis system provides the created snapshot or snapshots for further analysis.

摘要翻译： 提供了恶意软件感染自动分析的恶意软件分析系统。 恶意软件分析系统监控和记录计算机系统活动。 在被通知疑似恶意软件感染后，恶意软件分析系统会在通知疑似恶意软件感染之前的一段时间内创建受监视活动的有时限的快照。 恶意软件分析系统还可能会在通知疑似恶意软件感染后的时间内为受监视的活动创建时间有限的快照。 恶意软件分析系统提供创建的快照或快照进行进一步分析。

公开(公告)号：US20110173699A1

公开(公告)日：2011-07-14

申请号：US12686959

申请日：2010-01-13

申请人： Igal Figlin ,  Arthur Zavalkovsky ,  Lior Arzi ,  Efim Hudis ,  Jennifer R. LeMond ,  Robert Eric Fitzgerald ,  Khaja E. Ahmed ,  Jeffrey S. Williams ,  Edward W. Hardy

发明人： Igal Figlin ,  Arthur Zavalkovsky ,  Lior Arzi ,  Efim Hudis ,  Jennifer R. LeMond ,  Robert Eric Fitzgerald ,  Khaja E. Ahmed ,  Jeffrey S. Williams ,  Edward W. Hardy

IPC分类号： G06F11/00

CPC分类号： H04L63/1441 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/205

摘要： A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.

摘要翻译： 一种采用多级处理的网络安全系统来识别安全威胁。 多台主机可能每个都包含一个代理，该代理可以根据在该主机本地感测到的原始数据来检测安全威胁的可能性。 主机可以共享从本地分析获得的信息，并且每个主机可以使用在一个或多个其他主机上生成的信息以及本地生成的信息来识别安全性关注，更确定地指出存在安全威胁。 基于多个主机产生的安全问题，可能会指出安全威胁，并可采取保护措施。

公开(公告)号：US07882542B2

公开(公告)日：2011-02-01

申请号：US11824649

申请日：2007-06-30

申请人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

发明人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

IPC分类号： G06F15/16

CPC分类号： H04L63/1425 ,  H04L63/308

摘要： Compromised host computers in an enterprise network environment comprising a plurality of security products called endpoints are detected in an automated manner by an arrangement in which a reputation service provides updates to identify resources including website URIs (Universal Resource Identifiers) and IP addresses (collectively “resources”) whose reputations have changed and represent potential threats or adversaries to the enterprise network. Responsively to the updates, a malware analyzer, which can be configured as a standalone endpoint, or incorporated into an endpoint having anti-virus/malware detection capability, or incorporated into the reputation service, will analyze logs maintained by another endpoint (typically a firewall, router, proxy server, or gateway) to identify, in a retroactive manner over some predetermined time window, those client computers in the environment that had any past communications with a resource that is newly categorized by the reputation service as malicious. Every client computer so identified is likely to be compromised.

摘要翻译： 在企业网络环境中包含被称为端点的多个安全产品的被破坏的主计算机以自动方式被检测，其中信誉服务提供更新以识别包括网站URI（通用资源标识符）和IP地址（统称为“资源”）的资源 “），其声誉已经改变，代表企业网络的潜在威胁或对手。 响应于更新，可以配置为独立端点或并入具有防病毒/恶意软件检测功能或并入信誉服务的端点的恶意软件分析器将分析由另一个端点（通常为防火墙）维护的日志 ，路由器，代理服务器或网关）以某种预定时间窗口的追溯方式，将与信誉服务新分类的资源的任何过去通信的环境中的那些客户端计算机识别为恶意的。 如此确定的每台客户端计算机都可能受到威胁。

公开(公告)号：US20100077450A1

公开(公告)日：2010-03-25

申请号：US12236515

申请日：2008-09-24

申请人： Efim Hudis ,  Anatoliy Panasyuk

发明人： Efim Hudis ,  Anatoliy Panasyuk

IPC分类号： G06F21/00

CPC分类号： H04L63/101 ,  G06F21/34 ,  H04L12/14 ,  H04L12/1471 ,  H04L12/1485 ,  H04L63/08

摘要： Aspects of the subject matter described herein relate to providing simplified network access. In aspects, a network access device that controls access to a network is configured to allow communications with a set of specified hosts regardless of whether the requesting user has paid for or authorized payment for the network usage. The user may communicate with such hosts without further configuration, providing payment or other information to the network access device, or the like. If the user attempts to access other hosts, the network access device ensures that the user is authorized (e.g., has paid for, belongs to a partner organization, etc.) before granting the access.

摘要翻译： 本文描述的主题的方面涉及提供简化的网络访问。 在方面中，控制对网络的访问的网络访问设备被配置为允许与一组指定主机的通信，而不管请求用户是否已经为网络使用付款或授权支付。 用户可以与这样的主机通信，而无需进一步的配置，向网络接入设备等提供支付或其他信息。 如果用户尝试访问其他主机，则在授予访问权限之前，网络访问设备确保用户被授权（例如，已经支付，属于合作伙伴组织等）。

公开(公告)号：US20100031354A1

公开(公告)日：2010-02-04

申请号：US12098416

申请日：2008-04-05

申请人： Efim Hudis ,  Yair Helman ,  Tomer Weisberg ,  Oren Yossef ,  Ziv Rafalovich

发明人： Efim Hudis ,  Yair Helman ,  Tomer Weisberg ,  Oren Yossef ,  Ziv Rafalovich

IPC分类号： G06F11/00 ,  G06F15/173 ,  G08B23/00

CPC分类号： G06F21/577 ,  G06F21/55 ,  H04L63/20

摘要： A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.

摘要翻译： 安全调查系统使用中央服务器来分发关于资产的安全信息的请求，接收响应以及在案件对象中的响应中管理信息。 请求可以分发到各种服务器，每个服务器可以具有可以接收请求的代理，搜索各种数据库，日志和其他位置，并产生响应。 在一些实施例中，可以不断地更新案例对象。 可以使用自动或手动工具生成案例对象，查看，分析和其他请求。 病例对象可以在不损害敏感信息的情况下进行消毒以进行分析。