公开(公告)号：US11818150B2

公开(公告)日：2023-11-14

申请号：US17975548

申请日：2022-10-27

Applicant: QOMPLX, Inc.

Inventor： Randy Clayton ,  Jason Crabtree ,  Luka Jurukovski ,  Richard Kelley ,  Angadbir Singh Salaria ,  Andrew Sellers ,  Farooq Israr Ahmed Shaikh

IPC: H04L9/40 ,  H04L9/06

CPC classification number: H04L63/1416 ,  H04L63/0876 ,  H04L63/1425 ,  H04L63/1466

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

公开(公告)号：US20230118726A1

公开(公告)日：2023-04-20

申请号：US17975548

申请日：2022-10-27

Applicant: QOMPLX, Inc.

Inventor： Randy Clayton ,  Jason Crabtree ,  Luka Jurukovski ,  Richard Kelley ,  Angadbir Singh Salaria ,  Andrew Sellers ,  Farooq Israr Ahmed Shaikh

IPC: H04L9/40

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

公开(公告)号：US20230156022A1

公开(公告)日：2023-05-18

申请号：US18152142

申请日：2023-01-09

Applicant: QOMPLX, Inc.

Inventor： Randy Clayton ,  Jason Crabtree ,  Luka Jurukovski ,  Richard Kelley ,  Angadbir Singh Salaria ,  Andrew Sellers ,  Farooq Israr Ahmed Shaikh

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/0876 ,  H04L63/1466 ,  H04L63/1425

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

公开(公告)号：US11494665B2

公开(公告)日：2022-11-08

申请号：US16864133

申请日：2020-04-30

Applicant: QOMPLX, Inc.

Inventor： Jason Crabtree ,  Andrew Sellers ,  Randy Clayton ,  Angad Salaria ,  Antony Pegg ,  Bhashit Parikh ,  Luka Jurukovski ,  Stuart Baurmann ,  Paolo Angioletti

IPC: G06N5/02 ,  G06K9/62 ,  G06F16/28 ,  G06F16/22 ,  G06F16/2458

Abstract: A system and method for a high-performance, scalable, multi-tenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multi-tenant co-existence with no possibility of data leakage or cross-over.

公开(公告)号：US20210258329A1

公开(公告)日：2021-08-19

申请号：US17163073

申请日：2021-01-29

Applicant: QOMPLX, Inc.

Inventor： Randy Clayton ,  Jason Crabtree ,  Luka Jurukovski ,  Richard Kelley ,  Angadbir Singh Salaria ,  Andrew Sellers ,  Farooq Israr Ahmed Shaikh

IPC: H04L29/06

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

公开(公告)号：US11552968B2

公开(公告)日：2023-01-10

申请号：US17163073

申请日：2021-01-29

Applicant: QOMPLX, Inc.

Inventor： Randy Clayton ,  Jason Crabtree ,  Luka Jurukovski ,  Richard Kelley ,  Angadbir Singh Salaria ,  Andrew Sellers ,  Farooq Israr Ahmed Shaikh

IPC: H04L29/06 ,  H04L9/40

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

公开(公告)号：US20220368726A1

公开(公告)日：2022-11-17

申请号：US17390888

申请日：2021-07-31

Applicant: QOMPLX, Inc.

Inventor： Gandhi Balasubramaniam ,  Randy Clayton ,  Jason Crabtree ,  Rich Kelley ,  Artem Panasenkov ,  Andrew Sellers

IPC: H04L9/40 ,  G06F16/951 ,  G06F16/2458

Abstract: A system and method for privilege assurance protection of computer networks that remedies the deficiencies of the current directory service structure. The system uses a software agent to collect and store snapshots of all network resources on a computer network by identifying network domains, searching the directory service of each domain for network resources, and periodically querying the network resources for changes. The software agent communicates with a backend server which provides searching, querying, storage, administrative and other functionality to the agent via remote procedure calls.

公开(公告)号：US20220060510A1

公开(公告)日：2022-02-24

申请号：US17389704

申请日：2021-07-30

Applicant: QOMPLX, Inc.

Inventor： Randy Clayton ,  Jason Crabtree ,  Angadbir Salaria ,  Andrew Sellers ,  Marian Trnkus

IPC: H04L29/06 ,  G06F16/951 ,  G06F16/2458

Abstract: A system and method for a flexible, high-speed Managed Detection and Response platform that ingests, parses, normalizes, monitors, and correlates nearly any log source or security tool output. The MDR comprising of a declarative connector service that tags events with appropriate data source labels to facilitating data isolation, proper handling, and provenance across multiple customers and security products but otherwise aggregate alerts into a single data stream for consumption by the MDR SOC operators. A connector service further provides a programmatic (API-based) means to interchange data securely across environments. Event data is aggregated by the Managed Detection and Response platform that then utilizes enhanced log ingest capabilities to process the data allowing SOC operators to be able to write rules against the alerts.

公开(公告)号：US20210136120A1

公开(公告)日：2021-05-06

申请号：US16945698

申请日：2020-07-31

Applicant: QOMPLX, Inc.

Inventor： Jason Crabtree ,  Andrew Sellers ,  Randy Clayton ,  Angad Salaria ,  Roman Tejada

IPC: H04L29/06 ,  G06F16/951 ,  G06F16/2458

Abstract: A system and method for universalization and contextualization of computing assets that utilizes structure, organization, and ontologically-related metadata to unify computing assets into a common data model combined with provenance-related metadata to contextualize the assets for suitability in a given situation. The system and method include an asset registry that contains provenance information and ontological information about available computing assets, a provenance manager which tracks the provenance of each asset for data validation and contextual analysis purposes, an ontology manager that uses ontological relationships among assets to determine other domains in which an asset may be useful, and an interoperability manager which combines the provenance and ontology outputs to suggest computing assets that may be useful in a given context.