Venu Gopal Vissamsetty

US Patent:

20130247184, Sep 19, 2013

Filed:

Apr 27, 2011

Appl. No.:

13/095525

Inventors:

Vinay Mahadik - Milpitas CA, US
Bharath Madhusudan - Sunnyvale CA, US
Shivakumar Buruganahalli - San Jose CA, US
Venu Vissamsetty - San Jose CA, US

Assignee:

MCAFEE, INC. - Santa Clara CA

International Classification:

G06F 21/00

US Classification:

726 22

Abstract:

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for stealth attack monitoring. In one aspect, a method includes monitoring a network for failed connection attempts in the network, wherein each failed internal connection attempt is initiated by a source asset and is an attempt to connect to a destination asset; and only in response to detecting a failed connection attempt initiated by a source asset, instantiating a source asset tracking instance in a computer memory, and for each source asset tracking instance in the computer memory: monitoring the corresponding source asset for a threshold number of failed connection attempts to destination assets during a time period; and in response to detecting the threshold number of failed connection attempts from the source asset during the time period for the source asset tracking instance, designating the source asset as a security risk.

US Patent:

20140047547, Feb 13, 2014

Filed:

Oct 22, 2013

Appl. No.:

14/060062

Inventors:

Bharath Madhusudan - Sunnyvale CA, US
Shivakumar Buruganahalli - San Jose CA, US
Venu Vissamsetty - San Jose CA, US

Assignee:

McAfee, Inc. - Santa Clara CA

International Classification:

H04L 29/06

US Classification:

726 25

Abstract:

A particular failed connection attempt initiated by a particular source asset in a network is identified and subsequent failed connection attempts initiated by the particular source asset in the network during a time period are tracked. A low frequency sequence of failed connection attempts involving the particular source asset is detected during the time period and the source asset is designated as a potential security risk based on the detected low frequency sequence of failed connection attempts.

US Patent:

20130198509, Aug 1, 2013

Filed:

Jan 26, 2012

Appl. No.:

13/358836

Inventors:

Shivakumar Buruganahalli - San Jose CA, US
Venu Vissamsetty - San Jose CA, US

International Classification:

H04L 29/06

US Classification:

713151

Abstract:

An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.

US Patent:

20190073475, Mar 7, 2019

Filed:

Sep 5, 2017

Appl. No.:

15/695952

Inventors:

- Fremont CA, US
Harinath Vishwanath Ramchetty - Bangalore, IN
Venu Vissamsetty - San Jose CA, US

International Classification:

G06F 21/56
G06F 21/55
G06F 17/30

Abstract:

Endpoints in a network environment include remote file systems mounted thereto that reference a file system generator that responds to file system commands with deception data. Requests to list the contents of a directory are intercepted, such as while a response is passed up through an IO stack. The response is modified to include references to deception files and directories that do not actually exist on the system hosting the file system generator. The number of the deception files and directories may be randomly selected. Requests to read deception files are answered by generating a file having a file type corresponding to the deception file. Deception files may be written back to the system by an attacker and then deleted.

US Patent:

20160014152, Jan 14, 2016

Filed:

Apr 17, 2015

Appl. No.:

14/689479

Inventors:

- Santa Clara CA, US
Venu Vissamsetty - San Jose CA, US

International Classification:

H04L 29/06

Abstract:

An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.