-
公开(公告)号:US11537734B2
公开(公告)日:2022-12-27
申请号:US17017651
申请日:2020-09-10
Applicant: Imperva, Inc.
Inventor: Shiri Margel , Itsik Mantin , Guy Shtar , Yury Geiler
Abstract: A method by a security system implemented by one or more electronic for detecting attacks on one or more databases. The method includes analyzing database logs of one or more databases to determine transaction characteristics of each of the one or more databases, selecting, for each of a plurality of database accesses to the one or more databases, one or more security rules to apply to that database access, wherein different security rules are selected for different ones of the plurality of database accesses depending on the determined transaction characteristics of the database being accessed, and causing, for each of the plurality of database accesses, the one or more security rules selected for that database access to be applied to that database access.
-
公开(公告)号:US11483291B2
公开(公告)日:2022-10-25
申请号:US16730955
申请日:2019-12-30
Applicant: Imperva, Inc.
Inventor: Itsik Mantin , Ori Or-Meir
Abstract: A method by a web application layer proxy for predictively activating security rules to protect one or more web application servers from attacks by one or more web application clients. The method includes applying a set of security rules to web application layer requests received from the one or more web application clients that are intended for the one or more web application servers, determining a set of recently triggered security rules, where the set of recently triggered security rules includes those security rules in the set of security rules that were triggered within a most recent period of time, applying a prediction model to the set of recently triggered security rules to determine one or more security rules that are predicted to be triggered, and activating the one or more security rules.
-
3.发明授权公开(公告)号:US10382400B2
公开(公告)日:2019-08-13
申请号:US15582363
申请日:2017-04-28
Applicant: Imperva, Inc.
Inventor: Shiri Margel , Itsik Mantin , Amichai Shulman
Abstract: Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.
-
4.发明授权公开(公告)号:US09674202B1
公开(公告)日:2017-06-06
申请号:US14983414
申请日:2015-12-29
Applicant: Imperva, Inc.
Inventor: Shiri Margel , Itsik Mantin , Amichai Shulman
IPC: H04L29/06
CPC classification number: H04L63/0281 , G06F21/62 , G06F21/6218 , G06F2221/2107 , H04L63/0428 , H04L63/105 , H04L63/1408 , H04L63/168
Abstract: Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.
-
公开(公告)号:US11792209B2
公开(公告)日:2023-10-17
申请号:US17139644
申请日:2020-12-31
Applicant: Imperva, Inc.
Inventor: Itsik Mantin
CPC classification number: H04L63/1408 , H04L43/04 , H04L63/0236 , H04L63/0254
Abstract: A method includes monitoring web traffic until a threshold of network traffic is collected. The method further includes determining a number of location characteristics corresponding to the network traffic. The method further includes monitoring traffic information corresponding to the number of location characteristics until a threshold of traffic information is collected. The method further includes determining a number of location content flags corresponding to the traffic information. The method further includes generating, by a processing device, a location profile based on the number of location characteristics and the number of content flags. The method further includes blocking impermissible web traffic from reaching a client device based on the location profile.
-
Patent Agency Ranking
公开(公告)号:US20220086125A1
公开(公告)日:2022-03-17
申请号:US17456362
申请日:2021-11-23
Applicant: Imperva, Inc.
Inventor: Gilad Yehudai , Itsik Mantin , Lior Fisch , Shelly Hershkovitz , Amichai Shulman , Moran Rachel Ambar
Abstract: A method by a computing device implementing an attack analyzer for processing malicious events. The method includes determining a first set of features describing a malicious event detected by a firewall, determining a set of distances using a non-Euclidean distance function and the first set of features, wherein the non-Euclidean distance function is used to determine geographic origin similarity between different Internet Protocol addresses included in the first and second set of features, generating a statistical distribution object using the set of distances, wherein the statistical distribution object includes information describing a cluster that includes at least the malicious event and one or more other malicious events that are determined to be similar to the malicious event in terms of geographic origin, and transmitting information describing the cluster to a management console for presentation to an administrator on a graphical user interface.
-
公开(公告)号:US11328076B2
公开(公告)日:2022-05-10
申请号:US16399933
申请日:2019-04-30
Applicant: Imperva, Inc.
Inventor: Doron Tzur , Shiri Margel , Itsik Mantin
Abstract: A method by one or more electronic devices implementing a system for providing community-based data security, where the system is communicatively coupled to a plurality of database security analyzers, where each of the plurality of database security analyzers is configured to analyze data accesses to one or more databases associated with that database security analyzer. The method includes obtaining, for each of the plurality of database security analyzers, learning metadata generated by that database security analyzer, generating security parameters based on the learning metadata generated by the plurality of database security analyzers, and providing the security parameters to one or more of the plurality of database security analyzers to cause the one or more of the plurality of database security analyzers to apply the security parameters when analyzing data accesses to detect security incidents.
-
公开(公告)号:US11265106B1
公开(公告)日:2022-03-01
申请号:US17137340
申请日:2020-12-29
Applicant: Imperva, Inc.
Inventor: Itsik Mantin
Abstract: A method by a network device for detecting data in a data stream. The method includes receiving the data stream, where the data stream includes a sequence of original characters, generating a sequence of type-mapped characters corresponding to the sequence of original characters, converging each of two or more consecutive occurrences of a first character in the sequence of type-mapped characters into a single occurrence of the first character, inserting beginning/ending of segment indicators in the sequence of type-mapped characters, searching for occurrences of one or more predefined sequences of characters in the sequence of type-mapped characters, and responsive to finding an occurrence of any of the one or more predefined sequences of characters, extracting a sequence of characters in the sequence of original characters corresponding to the predefined sequence of characters found in the sequence of type-mapped characters.
-
公开(公告)号:US11601400B2
公开(公告)日:2023-03-07
申请号:US17456362
申请日:2021-11-23
Applicant: Imperva, Inc.
Inventor: Gilad Yehudai , Itsik Mantin , Lior Fisch , Shelly Hershkovitz , Amichai Shulman , Moran Rachel Ambar
Abstract: A method by a computing device implementing an attack analyzer for processing malicious events. The method includes determining a first set of features describing a malicious event detected by a firewall, determining a set of distances using a non-Euclidean distance function and the first set of features, wherein the non-Euclidean distance function is used to determine geographic origin similarity between different Internet Protocol addresses included in the first and second set of features, generating a statistical distribution object using the set of distances, wherein the statistical distribution object includes information describing a cluster that includes at least the malicious event and one or more other malicious events that are determined to be similar to the malicious event in terms of geographic origin, and transmitting information describing the cluster to a management console for presentation to an administrator on a graphical user interface.
-
公开(公告)号:US11593502B2
公开(公告)日:2023-02-28
申请号:US17240955
申请日:2021-04-26
Applicant: Imperva, Inc.
Inventor: Itsik Mantin , Craig Burlingame , Brian Anderson , Kunal Anand , Ran Rosin , Peter Klimek , Joseph Moore
Abstract: A method by one or more computing devices for detecting application user anomalies in audit logs of database operations performed on one or more databases. The method includes obtaining a first audit log of database operations, wherein the first audit log indicates (1) which application users of an application caused which of the database operations to be performed and (2) which functions of the application caused which of the database operations to be performed, generating, for each of the application users indicated in the first audit log, a profile of that application user that indicates which of the functions that application user is expected to touch, and detecting an anomaly in response to a determination that a second audit log indicates that an application user touched a function that is not one of the functions indicated in the profile of the application user.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.019 seconds)
