-
公开(公告)号:US20200380160A1
公开(公告)日:2020-12-03
申请号:US16424539
申请日:2019-05-29
发明人: Naama KRAUS , Tamer SALMAN , Salam BASHIR
IPC分类号: G06F21/62
摘要: Cybersecurity and data categorization efficiency are enhanced by providing reliable statistics about the number and location of sensitive data of different categories in a specified environment. These data sensitivity statistics are computed while iteratively sampling a collection of blobs, files, or other stored items that hold data. The items may be divided into groups, e.g., containers or directories. Efficient sampling algorithms are described. Data sensitivity statistic gathering or updating based on the sampling activity ends when a specified threshold has been reached, e.g., a certain number of items have been sampled, a certain amount of data has been sampled, sampling has used a certain amount of computational resources, or the sensitivity statistics have stabilized to a certain extent. The resulting statistics about data sensitivity can be utilized for regulatory compliance, policy formulation or enforcement, data protection, forensic investigation, risk management, evidence production, or another classification-dependent or classification-enhanced activity.
-
2.发明公开公开(公告)号:US20240364754A1
公开(公告)日:2024-10-31
申请号:US18770763
申请日:2024-07-12
发明人: Tamer SALMAN
IPC分类号: H04L9/40
CPC分类号: H04L63/205
摘要: Context-aware security policies and incident identification, via automated cloud graph building with security overlays, are determined and performed by systems and platforms. Graph nodes, of a graph associated with a computing system, that represent resources associated with the computing system and entities associated with the computing system that have respective associations to the resources are generated. Security attributes are determined and assigned to the graph nodes that represent the entities and resources, and static and dynamic connections between the graph nodes are added to the graph. Additionally, possible connections in the graph between the graph nodes are added based on heuristic relational determinations of the graph nodes. From the graph, security incidents and kill chains are identified, context-aware security policies are generated and validated, and scopes and relationships of applications are identified. Accordingly, security actions are taken for the computing system.
-
公开(公告)号:US20200320845A1
公开(公告)日:2020-10-08
申请号:US16378219
申请日:2019-04-08
发明人: Yotam LIVNY , Tamer SALMAN
摘要: Methods, systems and apparatuses are described herein to provide adaptive severity functions for alerts, particularly security alerts. The adaptive severity functions may be aligned with an existing global security situation to upgrade or downgrade the severity of new and existing alerts. By taking into consideration the time factor along with other parameters, the alerts may be prioritized or reprioritized appropriately. The modification of the severity level for the alerts may be made based on rules and/or one or more triggering events or by using severity functions with or without the aid of artificial intelligence based on best-practice preferences.
-
公开(公告)号:US20240095352A1
公开(公告)日:2024-03-21
申请号:US18066987
申请日:2022-12-15
发明人: Tamer SALMAN , Andrey KARPOVSKY
IPC分类号: G06F21/55
CPC分类号: G06F21/554 , G06F2221/034
摘要: Files uploaded to a cloud storage medium are considered. The files may include a mixture of files known to be malicious and known to be benign. The files are clustered using similarity of file features, e.g., based on distance in a feature space. File clusters may then be used to determine a threat status of an unknown file (a file whose threat status is unknown initially). A feature of the unknown file in the feature space is determined, and a distance in the feature space between the file and a file cluster is calculated. The distance between the unknown file and the file cluster is used to determine whether or not to perform a deep scan on the unknown file. If such a need is identified, and the deep scan indicates the unknown file is malicious, a cybersecurity action is triggered.
-
公开(公告)号:US20230161716A1
公开(公告)日:2023-05-25
申请号:US18094845
申请日:2023-01-09
发明人: Naama KRAUS , Moshe ISRAEL , Tamer SALMAN , Moshe SHALALA , Rotem LURIE , Avihai DVIR
CPC分类号: G06F12/1491 , G06F9/45533 , G06F9/468 , G06F21/6218 , G06F2221/2141
摘要: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.
-
公开(公告)号:US20220131900A1
公开(公告)日:2022-04-28
申请号:US17080204
申请日:2020-10-26
发明人: Omer KARIN , Amit MAGEN , Moshe ISRAEL , Tamer SALMAN
摘要: Methods, systems, apparatuses, and computer-readable storage mediums are described for machine learning-based techniques for identifying a deployment environment in which computing resources (e.g., servers, virtual machines, databases, etc.) reside and for enhancing security for the identified deployment environment. For instance, usage data is collected from the computing resources. The usage data is featurized and provided to a machine learning-based classification model that determines a deployment environment in which the computing resources reside based on the featurized usage data. Once the deployment environment is identified, a security policy that is applicable for the identified deployment environment is determined. The security policy specifies a plurality of recommended security settings that should be applied to the computing resources included in the identified deployment environment. The recommended security settings may be provided to the user (e.g., via a graphical user interface) for application thereby and/or may be automatically activated.
-
公开(公告)号:US20220086180A1
公开(公告)日:2022-03-17
申请号:US17021801
申请日:2020-09-15
发明人: Andrey KARPOVSKY , Roy LEVIN , Tomer ROTSTEIN , Michael MAKHLEVICH , Tamer SALMAN , Ram Haim PLISKIN
摘要: An indication is received of a security alert. The indication is generated based on a detected anomaly in one of a data plane or a control plane of a computing environment. When the detected anomaly is in the data plane, the control plane is monitored for a subsequent anomaly in the control plane, and otherwise the data plane is monitored for a subsequent anomaly in the data plane. A correlation between the detected anomalies is determined. A notification of the security alert is sent when the correlation exceeds a predetermined threshold.
-
公开(公告)号:US20240152798A1
公开(公告)日:2024-05-09
申请号:US17983448
申请日:2022-11-09
发明人: Andrey KARPOVSKY , Eitan SHTEINBERG , Tamer SALMAN
IPC分类号: G06N20/00
CPC分类号: G06N20/00
摘要: Some embodiments select a machine learning model training duration based at least in part on a fractal dimension calculated for a training data dataset. Model training durations are based on one or more characteristics of the data, such as a fractal dimension, a data distribution, or a spike count. Default long training durations are sometimes replaced by shorter durations without any loss of model accuracy. For instance, the time-to-detect for a model-based intrusion detection system is shortened by days in some circumstances. Model training is performed per a profile which specifies particular resources or particular entities, or both. Realistic test data is generated on demand. Test data generation allows the trained model to be exercised for demonstrations, or for scheduled confirmations of effective monitoring by a model-based security tool, without thereby altering the model's training.
-
公开(公告)号:US20230360513A1
公开(公告)日:2023-11-09
申请号:US18355740
申请日:2023-07-20
发明人: Yotam LIVNY , Tamer SALMAN
CPC分类号: G08B21/182 , G06N20/00 , G06F9/542 , G08B5/222
摘要: Methods, systems and apparatuses are described herein to provide adaptive severity functions for alerts, particularly security alerts. The adaptive severity functions may be aligned with an existing global security situation to upgrade or downgrade the severity of new and existing alerts. By taking into consideration the time factor along with other parameters, the alerts may be prioritized or reprioritized appropriately. The modification of the severity level for the alerts may be made based on rules and/or one or more triggering events or by using severity functions with or without the aid of artificial intelligence based on best-practice preferences.
-
公开(公告)号:US20230275913A1
公开(公告)日:2023-08-31
申请号:US17681658
申请日:2022-02-25
IPC分类号: H04L9/40
CPC分类号: H04L63/1425 , H04L63/1416
摘要: Techniques are described herein that are capable of using graph enrichment to detect a potentially malicious access attempt. A graph that includes nodes and configuration-based links is generated. The nodes represent respective resources. Behavior-based links are added to the graph based at least in part on traffic logs associated with at least a subset of the resources. An attempt to create a new behavior-based link is identified. A probability of the new behavior-based link being created in the graph is determined. The probability is based at least in part on the configuration-based links and the behavior-based links. The new behavior-based link is identified as a potentially malicious link based at least in part on the probability being less than or equal to a threshold probability. A security action is performed based at least in part on the new behavior-based link being identified as a potentially malicious link.
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.019 秒)
