Predicting and preventing an attacker's next actions in a breached network
First Claim
Patent Images
1. A method for cyber security for a network of resources, wherein access to the resources via network connections that extend outside the network is governed by a firewall, the method comprising:
- detecting, by a management server, a breach by an attacker of a resource within a network of resources;
predicting, by the management server, the attacker'"'"'s target network subnet, based on network connections created by the attacker during the detected breach;
isolating, by the management server, the predicted attacker'"'"'s target network subnet in response to said predicting the attacker'"'"'s target network subnet;
predicting, by the management server, data leakage paths from inside the network to outside the network, based on an outbound network connection opened by the attacker and detected by the management server, during the breach; and
creating, by the management server, firewall rules to re-direct the outbound network connection opened by the attacker to a resource within the network, in response to said predicting the data leakage paths, wherein the re-directed outbound network connection to a resource within the network appears to the attacker to be the attacker'"'"'s intended outbound network connection to the attacker'"'"'s intended destination outside the network.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, predicting, by the management server, an attacker target subnet, based on connections created during the breach, and isolating, by the management server, the target subnet in response to the predicting a target subnet.
125 Citations
4 Claims
-
1. A method for cyber security for a network of resources, wherein access to the resources via network connections that extend outside the network is governed by a firewall, the method comprising:
-
detecting, by a management server, a breach by an attacker of a resource within a network of resources; predicting, by the management server, the attacker'"'"'s target network subnet, based on network connections created by the attacker during the detected breach; isolating, by the management server, the predicted attacker'"'"'s target network subnet in response to said predicting the attacker'"'"'s target network subnet; predicting, by the management server, data leakage paths from inside the network to outside the network, based on an outbound network connection opened by the attacker and detected by the management server, during the breach; and creating, by the management server, firewall rules to re-direct the outbound network connection opened by the attacker to a resource within the network, in response to said predicting the data leakage paths, wherein the re-directed outbound network connection to a resource within the network appears to the attacker to be the attacker'"'"'s intended outbound network connection to the attacker'"'"'s intended destination outside the network. - View Dependent Claims (2)
-
-
3. A method for cyber security for a network of resources, wherein access to the resources via network connections that extend outside the network is governed by a firewall, the method comprising:
-
detecting, by a management server, a breach by an attacker of a resource within a network of resources, wherein access to the resources via network connections is governed by a firewall; predicting, by the management server, which resources of the network were exposed to the attacker, based on address pointers stored on the breached resource; creating, by the management server, firewall rules to block access to the predicted attacker exposed resources from the breached resource, in response to said predicting which resources of the network were exposed to the attacker; predicting, by the management server, data leakage paths from inside the network to outside the network, based on an outbound network connection opened by the attacker and detected by the management server, during the breach; and creating, by the management server, firewall rules to re-direct the outbound network connection opened by the attacker to a resource within the network, in response to said predicting the data leakage paths, wherein the re-directed outbound network connection to a resource within the network appears to the attacker to be the attacker'"'"'s intended outbound network connection to the attacker'"'"'s intended destination outside the network. - View Dependent Claims (4)
-
Specification