Predicting and preventing an attacker's next actions in a breached network
First Claim
Patent Images
1. A method for cyber security for a network of resources, wherein access to the resources via network connections that extend outside the network is governed by a firewall, the method comprising:
- detecting, by a management server, a breach by an attacker of a resource within a network of resources;
predicting, by the management server, the attacker'"'"'s target network subnet, based on network connections created by the attacker during the detected breach;
isolating, by the management server, the predicted attacker'"'"'s target network subnet in response to said predicting the attacker'"'"'s target network subnet;
predicting, by the management server, data leakage paths from inside the network to outside the network, based on an outbound network connection opened by the attacker and detected by the management server, during the breach; and
creating, by the management server, firewall rules to re-direct the outbound network connection opened by the attacker to a resource within the network, in response to said predicting the data leakage paths, wherein the re-directed outbound network connection to a resource within the network appears to the attacker to be the attacker'"'"'s intended outbound network connection to the attacker'"'"'s intended destination outside the network.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, predicting, by the management server, an attacker target subnet, based on connections created during the breach, and isolating, by the management server, the target subnet in response to the predicting a target subnet.
125 Citations
4 Claims
-
1. A method for cyber security for a network of resources, wherein access to the resources via network connections that extend outside the network is governed by a firewall, the method comprising:
-
detecting, by a management server, a breach by an attacker of a resource within a network of resources; predicting, by the management server, the attacker'"'"'s target network subnet, based on network connections created by the attacker during the detected breach; isolating, by the management server, the predicted attacker'"'"'s target network subnet in response to said predicting the attacker'"'"'s target network subnet; predicting, by the management server, data leakage paths from inside the network to outside the network, based on an outbound network connection opened by the attacker and detected by the management server, during the breach; and creating, by the management server, firewall rules to re-direct the outbound network connection opened by the attacker to a resource within the network, in response to said predicting the data leakage paths, wherein the re-directed outbound network connection to a resource within the network appears to the attacker to be the attacker'"'"'s intended outbound network connection to the attacker'"'"'s intended destination outside the network. - View Dependent Claims (2)
-
-
3. A method for cyber security for a network of resources, wherein access to the resources via network connections that extend outside the network is governed by a firewall, the method comprising:
-
detecting, by a management server, a breach by an attacker of a resource within a network of resources, wherein access to the resources via network connections is governed by a firewall; predicting, by the management server, which resources of the network were exposed to the attacker, based on address pointers stored on the breached resource; creating, by the management server, firewall rules to block access to the predicted attacker exposed resources from the breached resource, in response to said predicting which resources of the network were exposed to the attacker; predicting, by the management server, data leakage paths from inside the network to outside the network, based on an outbound network connection opened by the attacker and detected by the management server, during the breach; and creating, by the management server, firewall rules to re-direct the outbound network connection opened by the attacker to a resource within the network, in response to said predicting the data leakage paths, wherein the re-directed outbound network connection to a resource within the network appears to the attacker to be the attacker'"'"'s intended outbound network connection to the attacker'"'"'s intended destination outside the network. - View Dependent Claims (4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current Assigneeillusive networks LTD.
-
Original Assigneeillusive networks LTD.
-
InventorsTouboul, Shlomo, Levin, Hanan, Roubach, Stephane, Mischari, Assaf, Ben David, Itai, Avraham, Itay, Ozer, Adi, Kazaz, Chen, Israeli, Ofer, Vingurt, Olga, Gareh, Liad, Grimberg, Israel, Cohen, Cobby, Sultan, Sharon, Kubovsky, Matan
-
Primary Examiner(s)HOLDER, BRADLEY W
-
Application NumberUS15/682,577Publication NumberTime in Patent Office413 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/55 Detecting local intrusion o...G06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/577 Assessing vulnerabilities a...G06N 20/00 Machine learningH04L 2463/146 Tracing the source of attacksH04L 63/10 for controlling access to d...H04L 63/102 Entity profilesH04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/1491 using deception as counterm...H04L 63/20 for managing network securi...
