公开(公告)号：US20160308868A1

公开(公告)日：2016-10-20

申请号：US15192623

申请日：2016-06-24

Applicant: Cyber-Ark Software Ltd.

Inventor： Andrey Dulkin ,  Yair SADE

IPC: H04L29/06

CPC classification number: H04L63/0884 ,  G06F21/31 ,  H04L63/0281 ,  H04L63/08 ,  H04L63/10

Abstract: A system and method for secure authentication facilitates improving the security of authentication between a client and a target by using an innovative authentication module on a proxy. The client can connect to the proxy using a native protocol and provides client credentials to the proxy. The proxy uses an authentication module to authenticate the client and then to provide target access credentials for proxy-target authentication, thereby giving the client access to the target through the proxy. The invention facilitates connection between the client and the target without requiring the client to be in possession of the target access credentials. The proxy can optionally be connected to a privileged access management system which can provide and/or store target access credentials. Proxy-provided target access credentials facilitate preventing a client security breech from exposing target access credentials.

Abstract translation: 用于安全认证的系统和方法有助于通过在代理上使用创新的认证模块来提高客户端与目标之间的认证安全性。 客户端可以使用本地协议连接到代理，并为代理提供客户端凭据。 代理使用身份验证模块对客户端进行身份验证，然后为代理目标身份验证提供目标访问凭据，从而通过代理向客户端访问目标。 本发明有助于客户机与目标之间的连接，而不需要客户端拥有目标访问凭证。 代理可以可选地连接到可以提供和/或存储目标访问凭证的特权访问管理系统。 代理提供的目标访问凭证有助于防止客户端安全劫持暴露目标访问凭据。

公开(公告)号：US20160308849A1

公开(公告)日：2016-10-20

申请号：US15192682

申请日：2016-06-24

Applicant: Cyber-Ark Software Ltd.

Inventor： Yair Sade ,  Andrey Dulkin

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/42 ,  G06F21/44 ,  G06F21/52 ,  H04L63/10 ,  H04L67/42

Abstract: Application-to-Application authentication features using a second communication channel for out-of-band authentication separate from a communication channel of a request from a client to a server. Authentication information is associated with a component of the system such as the request or the client application, while being collected independent of interaction with the client application initiating the request. Implementations provide improved security over existing solutions using in-band or other means of collecting authentication information.

Abstract translation: 应用程序到应用程序认证功能使用第二通信信道进行带外认证，从客户端到服务器的请求的通信信道分离。 认证信息与系统的组件（如请求或客户端应用程序）相关联，同时独立于与启动请求的客户端应用程序的交互进行收集。 实施方案使用带内或其他收集认证信息的方式，提供了对现有解决方案的改进的安全性。

公开(公告)号：US20150304349A1

公开(公告)日：2015-10-22

申请号：US14253945

申请日：2014-04-16

Applicant: Cyber-Ark Software Ltd.

Inventor： Ruth Bernstein ,  Andrey Dulkin ,  Assaf Weiss ,  Aviram Shmueli

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L63/0227

Abstract: A method for identifying anomalies in a group of network addresses includes building a model of the group of network addresses and identifying a network address as anomalous based on the deviation of the network address from the model. The model is built from a group of network addresses. The network addresses are input and parsed into one or more address trees. A ripeness score is maintained for each of the nodes in the address trees, based, at least in part, on the number of occurrences of the network address portion represented by the node. Nodes having respective ripeness scores within a specified range are classified as ripe nodes, and may be indicative of normal behavior, and nodes having respective ripeness scores outside the specified range of ripeness scores are classified as unripe, and may be indicative of anomalous behavior.

Abstract translation: 一种用于识别一组网络地址中的异常的方法包括基于网络地址与模型的偏差建立网络地址组的模型并将网络地址识别为异常。 该模型是从一组网络地址构建的。 网络地址被输入并解析成一个或多个地址树。 至少部分地基于由节点表示的网络地址部分的出现次数，为地址树中的每个节点保持成熟度分数。 具有规定范围内的成熟度分数的节点被分类为成熟节点，并且可以指示正常行为，并且具有超出特定成熟度分数的成熟度分数的节点被分类为未成熟，并且可以指示异常行为。

公开(公告)号：US09876804B2

公开(公告)日：2018-01-23

申请号：US14058254

申请日：2013-10-20

Applicant: Cyber-Ark Software Ltd.

Inventor： Andrey Dulkin ,  Yair Sade ,  Roy Adar

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/102 ,  H04L63/1466

Abstract: Methods and systems are disclosed for detecting unauthorized actions associated with network resources, the actions including access to the resource and activity associated with the resource. The unauthorized actions are detected by analyzing action data of a client action associated with the network resource against credential retrieval data including records of authorized actions and/or procedures for performing an action associated with the network resource.

公开(公告)号：US20170257376A1

公开(公告)日：2017-09-07

申请号：US15603297

申请日：2017-05-23

Applicant: Cyber-Ark Software Ltd.

Inventor： Andrey Dulkin ,  Yair Sade ,  Omer Benedict ,  Jessica Stanford ,  Lavi Lazarovitz

IPC: H04L29/06

CPC classification number: H04L63/102 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: Described herein are systems and methods for performing operations responsive to potentially malicious activity. Embodiments may include receiving an indication of the potentially malicious activity in a computer network; identifying, based on data included in the indication, at least one network account associated with the potentially malicious activity; determining, based on the identifying and further based on the data included in the indication and according to a defined policy, at least one responsive operation with respect to the at least one identified network account; and invoking, based on the determining, the at least one responsive operation, the at least one responsive operation being implemented to mitigate the potentially malicious activity in the computer network.

公开(公告)号：US20160330220A1

公开(公告)日：2016-11-10

申请号：US15147428

申请日：2016-05-05

Applicant: Cyber-Ark Software Ltd.

Inventor： Andrey Dulkin ,  Lavi Lazarovitz

IPC: H04L29/06

CPC classification number: H04L63/102 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20

Abstract: Described herein are systems and methods for performing potentially malicious activity detection operations. Embodiments may include receiving data associated with a plurality of authentication messages; analyzing the received data associated with the plurality of authentication messages; determining, based on the analyzing, a plurality of characteristics of the data associated with the authentication messages; receiving data associated with a new authentication message communicated over the network; determining a plurality of characteristics of the data associated with the new authentication message; comparing at least one determined characteristic of the new authentication message data with at least one of: a determined characteristic of the plurality of authentication messages data, known valid data, and known invalid data; and generating, based on the comparison, an assessment of whether the new authentication message is indicative of the potentially malicious activity in the network.

Abstract translation: 这里描述了用于执行潜在恶意活动检测操作的系统和方法。 实施例可以包括接收与多个认证消息相关联的数据; 分析与多个认证消息相关联的接收数据; 基于所述分析确定与所述认证消息相关联的数据的多个特性; 接收与通过网络传送的新认证消息相关联的数据; 确定与所述新认证消息相关联的数据的多个特性; 将新认证消息数据的至少一个确定的特征与以下各项中的至少一个进行比较：所确定的多个认证消息数据的特征，已知有效数据和已知无效数据; 以及基于所述比较，生成所述新认证消息是否表示所述网络中的潜在恶意活动的评估。

公开(公告)号：US20150271162A1

公开(公告)日：2015-09-24

申请号：US14217649

申请日：2014-03-18

Applicant: Cyber-Ark Software Ltd.

Inventor： Andrey Dulkin ,  Erez Breiman ,  Yair Sade

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/105 ,  H04L63/1408 ,  H04L67/08 ,  H04L67/40

Abstract: A method and system is provided for controlling a remote target application, including sensitive and privileged applications, via a remote application connection. The target application is executed with a set of credentials, different than those credentials submitted by the user to access the target application. The user, via a local client terminal, accesses the target application over the remote application connection, such that the user experience of interaction with the target application is similar to that of the target application running locally, while the target application is actually being run remotely. The execution is protected by the second set of credentials unknown to the user, thus preventing credential hijacking and various other threats to the sensitive application.

Abstract translation: 提供了一种方法和系统，用于通过远程应用程序连接来控制包括敏感和特权的应用程序的远程目标应用程序。 目标应用程序使用一组凭据执行，不同于用户提交的用于访问目标应用程序的凭据。 用户通过本地客户终端通过远程应用程序连接访问目标应用程序，使得与目标应用程序交互的用户体验类似于本地运行的目标应用程序的体验，而目标应用程序实际上正在远程运行 。 执行由用户未知的第二组凭证保护，从而防止对敏感应用程序的凭据劫持和各种其他威胁。

公开(公告)号：US09712548B2

公开(公告)日：2017-07-18

申请号：US14524145

申请日：2014-10-27

Applicant: Cyber-Ark Software Ltd.

Inventor： Aviram Shmueli ,  Andrey Dulkin ,  Yair Sade ,  Assaf Weiss

IPC: H04L29/06

CPC classification number: H04L63/1425

Abstract: A computer-implemented method for determining whether a computer network is compromised by unauthorized activity on the computer network. The computer-implemented method comprises identifying a behavioral anomaly of an entity on the computer network, classifying the anomaly as a system event based on an assigned score for the anomaly being at least at a predetermined score threshold, updating an incident based on at least one common parameter between the system event and other system events which comprise the incident, each system event of the incident including an assigned score from when the event was an anomaly, updating a system status based on at least the incident, and assigning a system status score to the system status, and, determining whether the system status score is at least at a predetermined threshold system status score indicating that the computer network may be compromised.

公开(公告)号：US09699261B2

公开(公告)日：2017-07-04

申请号：US14154200

申请日：2014-01-14

Applicant: Cyber-Ark Software Ltd.

Inventor： Yair Sade ,  Erez Breiman ,  Ran Stotsky ,  Andrey Dulkin

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  H04L12/26

CPC classification number: H04L67/28 ,  H04L43/08 ,  H04L43/12 ,  H04L43/14 ,  H04L63/1408 ,  H04L63/20 ,  H04L67/14 ,  H04L67/141 ,  H04L67/22

Abstract: A method of monitoring a session on a target system includes receiving from a user client a user request to open a session with the target system. A session-specific transient agent for monitoring the session is installed onto the target system. The session is established between the user and the target system over a communication network. The transient agent monitors the session, collects data of events occurring on the target system during the session. The transient agent is terminated when the session ends.

公开(公告)号：US09560067B2

公开(公告)日：2017-01-31

申请号：US15177367

申请日：2016-06-09

Applicant: Cyber-Ark Software Ltd.

Inventor： Andrey Dulkin ,  Denis Kamanovsky ,  Yoel Eilat ,  Yair Sade

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/577 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/20

Abstract: Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network.

Abstract translation: 公开了用于识别安全风险的方法和系统，该安全风险是由网络中存在于能够访问网络上的其他机器的机器上存在的凭证产生的。 帐户凭据指示从网络中的机器检索，这表明帐户的凭据存储在这些机器上。 收集帐户的访问权限，描述这些帐户在网络中的机器上的访问和操作权限。 然后执行相关性以识别可以通过使用从网络中的其他机器检索的帐户的凭证来访问的机器。