公开(公告)号：US08424094B2

公开(公告)日：2013-04-16

申请号：US11824732

申请日：2007-06-30

申请人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

发明人： John Neystadt ,  Efim Hudis ,  Yair Helman ,  Alexandra Faynburd

IPC分类号： G06F21/00

CPC分类号： H04L63/1425 ,  H04L63/308

摘要： An automated collection of forensic evidence associated with a security incident is provided by an arrangement in which different security products called endpoints in an enterprise network are enabled for sharing security-related information over a common communication channel using an abstraction called a security assessment. A security assessment is generally configured to indicate an endpoint's understanding of a detected security incident that pertains to an object in the environment which may include users, computers, IP addresses, and website URIs (Universal Resource Identifiers). The security assessment is published by the endpoint into the channel and received by subscribing endpoints. The security assessment triggers the receiving endpoints to go into a more comprehensive or detailed mode of evidence collection. In addition, any forensic evidence having relevance to the security incident that may have already been collected prior to the detection will be marked for retention so that it is not otherwise deleted.

摘要翻译： 与安全事件相关联的法医证据的自动收集由一种安排提供，其中使企业网络中称为端点的不同安全产品能够使用称为安全性评估的抽象通过公共通信信道共享与安全相关的信息。 通常，安全性评估被配置为指示端点对于可能包括用户，计算机，IP地址和网站URI（通用资源标识符）的环境中的对象的检测到的安全事件的理解。 安全评估由端点发布到信道中，并由订阅端点接收。 安全评估使得接收端点进入更全面或详细的证据收集模式。 此外，与检测前已经收集到的安全事件相关的任何法医证据将被标记为保留，以免另外删除。

公开(公告)号：US08095979B2

公开(公告)日：2012-01-10

申请号：US11627594

申请日：2007-01-26

申请人： Ellen McDermott ,  Efim Hudis

发明人： Ellen McDermott ,  Efim Hudis

IPC分类号： G06F11/00

CPC分类号： G06F21/552 ,  G06Q20/40

摘要： Analysis of audit information that takes into account a wide context allows for a rich picture from which system conditions may be assessed. Event information about various events that have occurred or are occurring, on various sources in the computing arrangement, is maintained. Each entity has an “activity identifier”, which remains the same across various events performed by that entity at the various sources. Event information associated with the various sources is contextually analyzed on the basis of the activity identifier, to assess whether a condition exists that impacts the performance and/or security of the computing arrangement. In case it is determined that such a condition exists, an action is performed to remediate the condition.

摘要翻译： 考虑到广泛背景的审计信息的分析可以从哪个系统条件评估出丰富的图景。 维护在计算安排的各种来源上发生或正在发生的各种事件的事件信息。 每个实体都有一个“活动标识符”，它在不同来源的实体执行的各种事件中保持不变。 根据活动标识符对与各种来源相关联的事件信息进行上下文分析，以评估是否存在影响计算安排的性能和/或安全性的条件。 在确定存在这种情况的情况下，执行动作来修复条件。

公开(公告)号：US07953969B2

公开(公告)日：2011-05-31

申请号：US11893974

申请日：2007-08-17

申请人： John Neystadt ,  Efim Hudis

发明人： John Neystadt ,  Efim Hudis

IPC分类号： G06F15/173 ,  H04L9/32

CPC分类号： H04L63/1416 ,  H04L63/1433 ,  H04L2463/144

摘要： An automated arrangement for reducing the occurrence and/or minimizing the impact of false positives by a reputation service is provided in which overrides for a reputation of an adversary are reported to a reputation service from security devices, such as unified threat management systems, deployed in enterprise or consumer networks. An override is typically performed by an administrator at a customer network to allow the security device to accept traffic from, or send traffic to a given IP address or URL. Such connectivity is allowed—even if such objects have a blacklisted reputation provided by a reputation service—in cases where the administrator recognizes that the blacklisted reputation is a false positive. The reputation service uses the reported overrides to adjust the fidelity (i.e., a confidence level) of that object's reputation, and then provides an updated reputation, which reflects the fidelity adjustment, to all the security devices that use the reputation service.

摘要翻译： 提供了一种用于减少由信誉服务引起的误报的发生和/或最小化误报的影响的自动布置，其中将对手的声誉的覆盖从诸如统一威胁管理系统的安全设备（例如统一威胁管理系统）报告给信誉服务 企业或消费者网络。 覆盖通常由客户网络上的管理员执行，以允许安全设备接受来自给定IP地址或URL的流量或发送流量。 允许这样的连接 - 即使这样的对象具有由信誉服务提供的黑名单声誉 - 在管理员认识到列入黑名单的声誉是假阳性的情况下。 信誉服务使用报告的覆盖来调整该对象的信誉的保真度（即，置信水平），然后向使用信誉服务的所有安全设备提供反映保真度调整的更新信誉。

公开(公告)号：US20090178108A1

公开(公告)日：2009-07-09

申请号：US12192111

申请日：2008-08-14

申请人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

发明人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

IPC分类号： G06F17/00

CPC分类号： G06F21/56 ,  G06F17/30867 ,  G06F21/55 ,  G06F21/629 ,  G06F2221/2115 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2151 ,  G06Q30/0204 ,  G06Q30/0215 ,  H04L63/0281 ,  H04L63/14 ,  H04L63/20

摘要： Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

摘要翻译： 启用安全内容管理作为基于云的服务，通过该服务可以为内部部署的网络用户和非内部部署或漫游用户实施安全保护和策略强制。 全球SCM服务将通常由企业网络SCM设备硬件或服务器提供的安全功能（如防病毒，间谍软件和网络钓鱼保护，防火墙，入侵检测，集中管理等）集成到基于云的 用户通过基于互联网的在线点（“POPs”）达成的服务。 POP被配置有转发代理服务器，并且在一些实现中，缓存和网络加速组件，并且耦合到提供诸如主动目录服务的配置管理和身份管理服务的集线器。

公开(公告)号：US20090177514A1

公开(公告)日：2009-07-09

申请号：US12192113

申请日：2008-08-14

申请人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

发明人： Efim Hudis ,  Yigal Edery ,  Oleg Ananiev ,  John Wohlfert ,  Nir Nice

IPC分类号： G06F9/46 ,  H04L9/32 ,  G06F7/06 ,  G06Q30/00 ,  G06F12/14 ,  G06F17/30

CPC分类号： G06F21/56 ,  G06F17/30867 ,  G06F21/55 ,  G06F21/629 ,  G06F2221/2115 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2151 ,  G06Q30/0204 ,  G06Q30/0215 ,  H04L63/0281 ,  H04L63/14 ,  H04L63/20

摘要： Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

摘要翻译： 启用安全内容管理作为基于云的服务，通过该服务可以为内部部署的网络用户和漫游用户实施安全保护和策略强制。 全球SCM服务将通常由企业网络SCM设备硬件或服务器提供的安全功能（如防病毒，间谍软件和网络钓鱼保护，防火墙，入侵检测，集中管理等）集成到基于云的 用户通过基于互联网的在线点（“POPs”）达成的服务。 POP被配置有转发代理服务器，并且在一些实现中，缓存和网络加速组件，并且耦合到提供诸如主动目录服务的配置管理和身份管理服务的集线器。

公开(公告)号：US20080256619A1

公开(公告)日：2008-10-16

申请号：US11893934

申请日：2007-08-17

申请人： John Neystadt ,  Efim Hudis

发明人： John Neystadt ,  Efim Hudis

IPC分类号： H04L9/32 ,  G06F9/00

CPC分类号： G06F21/552 ,  G06F21/577 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/101 ,  H04L63/1416 ,  H04L2209/76 ,  H04L2463/144

摘要： An automated arrangement for detecting adversaries is provided in which assessments of detected adversaries are reported to a reputation service from security devices, such as unified threat management systems in deployed customer networks. By using actual deployed networks, the number of available sensors can be very large to increase the scope of the adversary detection, while still observing real attacks and threats including those that are targeted to small sets of customers. The reputation service performs a number of correlations and validations on the received assessments to then return a reputation back to the security device in the enterprise network that can be used for blocking adversaries, but only when multiple, distinct sources report the same adversary in their assessments to thus ensure that the reputation is accurate and reliable.

摘要翻译： 提供了用于检测对手的自动化安排，其中检测到的对手的评估被报告给来自安全设备（诸如部署的客户网络中的统一威胁管理系统）的信誉服务。 通过使用实际部署的网络，可用传感器的数量可能非常大，以增加对手检测的范围，同时仍然观察到真正的攻击和威胁，包括针对小型客户的攻击和威胁。 信誉服务对接收到的评估执行一些相关性和验证，然后将声誉返回到可用于阻止对手的企业网络中的安全设备，但只有当多个不同来源在其评估中报告相同的对手时 从而确保声誉准确可靠。

公开(公告)号：US20070150957A1

公开(公告)日：2007-06-28

申请号：US11321754

申请日：2005-12-28

申请人： Gregory Hartrell ,  David Steeves ,  Efim Hudis

发明人： Gregory Hartrell ,  David Steeves ,  Efim Hudis

IPC分类号： G06F12/14

CPC分类号： G06F21/552 ,  G06F21/565 ,  G06F2221/034 ,  H04L63/1416 ,  H04L63/1425

摘要： A malware analysis system for automating cause and effect analysis of malware infections is provided. The malware analysis system monitors and records computer system activities. Upon being informed of a suspected malware infection, the malware analysis system creates a time-bounded snapshot of the monitored activities that were conducted within a time frame prior to the notification of the suspected malware infection. The malware analysis system may also create a time-bounded snapshot of the monitored activities that are conducted within a time frame subsequent to the notification of the suspected malware infection. The malware analysis system provides the created snapshot or snapshots for further analysis.

摘要翻译： 提供了恶意软件感染自动分析的恶意软件分析系统。 恶意软件分析系统监控和记录计算机系统活动。 在被通知疑似恶意软件感染后，恶意软件分析系统会在通知疑似恶意软件感染之前的一段时间内创建受监视活动的有时限的快照。 恶意软件分析系统还可能会在通知疑似恶意软件感染后的时间内为受监视的活动创建时间有限的快照。 恶意软件分析系统提供创建的快照或快照进行进一步分析。

公开(公告)号：US08719236B2

公开(公告)日：2014-05-06

申请号：US13593508

申请日：2012-08-23

申请人： Yaron Zinar ,  Efim Hudis ,  Yifat Orlin ,  Gal Novik ,  Yuri Gurevich ,  Gad Peleg

发明人： Yaron Zinar ,  Efim Hudis ,  Yifat Orlin ,  Gal Novik ,  Yuri Gurevich ,  Gad Peleg

IPC分类号： G06F17/30 ,  G06F3/06

CPC分类号： G06F17/30156 ,  G06F3/0641 ,  G06F17/30138 ,  G06F17/30303

摘要： The present invention extends to methods, systems, and computer program products for selecting candidate records for deduplication from a table. A table can be processed to compute an inverse index for each field of the table. A deduplication algorithm can traverse the inverse indices in accordance with a flexible user-defined policy to identify candidate records for deduplication. Both exact matches and approximate matches can be found.

摘要翻译： 本发明扩展到用于从表中选择重复数据删除的候选记录的方法，系统和计算机程序产品。 可以处理表以计算表的每个字段的反向索引。 重复数据删除算法可以根据灵活的用户定义策略遍历反向索引，以识别重复数据删除的候选记录。 可以找到精确匹配和近似匹配。

公开(公告)号：US20130268552A1

公开(公告)日：2013-10-10

申请号：US13443573

申请日：2012-04-10

申请人： John C. Platt ,  Surajit Chaudhuri ,  Lev Novik ,  Henricus Johannes Maria Meijer ,  Efim Hudis

发明人： John C. Platt ,  Surajit Chaudhuri ,  Lev Novik ,  Henricus Johannes Maria Meijer ,  Efim Hudis

IPC分类号： G06F17/30

CPC分类号： G06F21/6218

摘要： A data broker observes datasets that are opened or created by a user. The data broker looks for related datasets in a data catalog. If a related dataset is found, the data broker asks the user if they want to access the related dataset. If the user is interested, then the data broker asks the data owner if they are willing to share access to the related dataset with the user. The data owner may deny access, allow access, or request the user's identity. If the user does not want to provide his or her identity, then access to the related dataset is denied. If the user does provide his or her identity, then the data owner determines whether or not to share the data with that user. Once the owner approves sharing the related dataset, then the dataset or a link to the dataset is sent to the user.

摘要翻译： 数据中介器观察由用户打开或创建的数据集。 数据中介查找数据目录中的相关数据集。 如果找到相关的数据集，数据中介会询问用户是否要访问相关的数据集。 如果用户感兴趣，则数据经纪人询问数据所有者是否愿意与用户共享对相关数据集的访问。 数据所有者可以拒绝访问，允许访问或请求用户的身份。 如果用户不想提供他或她的身份，则拒绝对相关数据集的访问。 如果用户提供他或她的身份，则数据所有者确定是否与该用户共享数据。 一旦业主批准共享相关的数据集，那么将数据集或数据集的链接发送给用户。

公开(公告)号：US08510276B2

公开(公告)日：2013-08-13

申请号：US12893791

申请日：2010-09-29

申请人： Neta Haiby ,  Elad Ziklik ,  Efim Hudis ,  Gad Peleg

发明人： Neta Haiby ,  Elad Ziklik ,  Efim Hudis ,  Gad Peleg

IPC分类号： G06F7/00 ,  G06F17/00

CPC分类号： G06F17/30303 ,  G06Q10/00 ,  G06Q30/02

摘要： The present invention extends to methods, systems, and computer program products for exploring and selecting data cleansing service providers. Embodiments of the invention permit a user to explore different data cleansing service providers and compare quality results from the different data cleansing service providers. Sample data is mapped to a specified data domain. A list of service providers, for cleansing data for the selected data domain, is provided to a user. The user selects a subset of service providers. The sample data is submitted to the subset of service providers, which return results including allegedly cleansed data. The results are profiled and a comparison of the subset of service providers is presented to the user. The user selects a service provider to use when cleansing further data.