System and method for operating protection services

US 10,033,758 B2
Filed: 04/10/2017
Issued: 07/24/2018
Est. Priority Date: 03/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method for operating protection services to provide defense against cyber-attacks, comprising:

generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen, wherein the at least one operation regimen defines a security policy for determining the at least one protection resource and a set of actions with which to provision the at least one protection resource;

monitoring at least a plurality of protection resources to detect at least one trigger event;

determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and

changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, and causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for operating protection services to provide defense against cyber-attacks. The comprises generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen; monitoring at least a plurality of protection resources to detect at least one trigger event; determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, thereby causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

2 Citations

21 Claims

1. A method for operating protection services to provide defense against cyber-attacks, comprising:
- generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen, wherein the at least one operation regimen defines a security policy for determining the at least one protection resource and a set of actions with which to provision the at least one protection resource;
  
  monitoring at least a plurality of protection resources to detect at least one trigger event;
  
  determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and
  
  changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, and causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein changing the state of the at least one operation regimen further comprises any one of:
    - activating the at least one operation regimen and deactivating the at least one operation regimen.
  - 3. The method of claim 1, wherein the at least operation regimen further defines a set of attributes with which to provision the at least one protection resource.
  - 4. The method of claim 3, wherein activating the at least one operation regimen further comprises:
    - configuring the at least one protection resource based on the defined sets of actions and attributes.
  - 5. The method of claim 3, wherein each of the actions is any one of:
    - a mitigation action, a traffic diversion action, a traffic injection, a blocking action, an alert generation, and a user-defined action.
  - 6. The method of claim 3, wherein terminating the operation regimen further comprises:
    - provisioning the at least one protection resource to stop performing the actions defined by the at least one operation regimen.
  - 7. The method of claim 2, further comprising:
    - activating the least one operation regimen when the detected trigger event satisfies a start criterion; and
      
      deactivating the least one operation regimen when the detected trigger event satisfies an end criterion.
  - 8. The method of claim 1, wherein the workflow scheme further comprises:
    - a provisioning direction set defining at least a default operation regimen, wherein the at least one protection resource is initially provisioned during a service setup based on the provisioning direction set.
  - 9. The method of claim 1, wherein each of the plurality of protection resources is any one of:
    - a mitigation device, a detection device, and a network element.
  - 10. The method of claim 1, further comprising:
    - selecting the workflow scheme from a plurality of pre-generated workflow schemes.
  - 11. The method of claim 1, further comprising:
    - reusing the generated workflow scheme across different protected entities.
  - 12. The method of claim 1, wherein the cyber-attack includes any one of:
    - a denial of service (DoS) attack and a distributed DoS (DDoS) attack.
  - 13. The method of claim 1, wherein the at least one protected entity is deployed in a multi-tiered communication network including a plurality of defense tiers.
  - 14. The method of claim 13, wherein each defense tier in the multi-tiered communication network includes a subset of the plurality of protection resources having capacity and security capabilities set according to the respective tier.
  - 15. The method of claim 1, wherein the triggering criteria is defined at least using a logical expression, wherein the logical expression defines the at least one triggering criterion through logical operators.
  - 16. The method of claim 15, wherein the at least one triggering criterion includes at least a start triggering criterion for activating an operation regimen and an end triggering criterion for deactivating activating an operation regimen.
  - 17. The method of claim 15, wherein satisfaction of the at least one triggering criterion is based on at least one of:
    - a type of trigger event, a severity of trigger event, a type of attack, a predefined schedule, a bandwidth of the attack, a start of an attack, an end of an attack, a risk of an attack, a particular attack protocol, a timer for timing events, and a user-customized event.
  - 18. The method of claim 15, wherein the logical expression enables customizing the workflow scheme to meet a certain type of cyber-attack.
  - 19. The method of claim 1, wherein the workflow scheme allows for operation of a complete security service to protect the at least one protected entity through a lifecycle of an attack.

20. A non-transitory computer readable medium having stored thereon instructions for causing processing circuity to execute a process for operating protection services to provide defense against cyber-attacks, the process comprising:
- generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen, wherein the at least one operation regimen defines a security policy for determining the at least one protection resource and a set of actions with which to provision the at least one protection resource;
  
  monitoring at least a plurality of protection resources to detect at least one trigger event;
  
  determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and
  
  changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, and causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

21. A system for operating protection services to provide defense against cyber-attacks, comprising:
- a processing circuity; and
  
  a memory, the memory containing instructions that, when executed by the processing circuity, configure the system to;
  
  generate a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen, wherein the at least one operation regimen defines a security policy for determining the at least one protection resource and a set of actions with which to provision the at least one protection resource;
  
  monitor at least a plurality of protection resources to detect at least one trigger event;
  
  determine if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and
  
  change a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, and causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Radware Limited
Original Assignee
Radware Limited
Inventors
Doron, Ehud, Tamir, Alon, Sokolsky, Gershon, Oron, Asaf, Ben-Ezra, Yotam, Aviv, David
Primary Examiner(s)
Li, Meng

Application Number

US15/483,375
Publication Number

US 20170214713A1
Time in Patent Office

470 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/141   Denial of service attacks a...

H04L 47/726   Reserving resources in mult...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

System and method for operating protection services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

2 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for operating protection services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links