Automatically generating network resource groups and assigning customized decoy policies thereto
First Claim
1. A cyber security system to detect attackers, comprising:
- a processor executing instructions stored on a non-transitory computer-readable medium;
circuitry of a decoy deployer, under control of said processor via the instructions, (i) planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, (ii) conforming the decoy lateral attack vectors in the first group to the characteristics of the first group, and (iii) conforming the decoy lateral attack vectors in the second group to the characteristics of the second group; and
circuitry of a learning module, under control of said processor via the instructions, analyzing characteristics of the common enterprise network of resources, and deriving from the analyzed characteristics the grouping of the resources into the first and second groups.
0 Assignments
0 Petitions
Accused Products
Abstract
A cyber security system comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.
-
Citations
4 Claims
-
1. A cyber security system to detect attackers, comprising:
-
a processor executing instructions stored on a non-transitory computer-readable medium; circuitry of a decoy deployer, under control of said processor via the instructions, (i) planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, (ii) conforming the decoy lateral attack vectors in the first group to the characteristics of the first group, and (iii) conforming the decoy lateral attack vectors in the second group to the characteristics of the second group; and circuitry of a learning module, under control of said processor via the instructions, analyzing characteristics of the common enterprise network of resources, and deriving from the analyzed characteristics the grouping of the resources into the first and second groups. - View Dependent Claims (2)
-
-
3. A cyber security method for detecting attackers, comprising:
-
planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker; conforming the decoy lateral attack vectors in the first group to the characteristics of the first group; conforming the decoy lateral attack vectors in the second group to the characteristics of the second group; analyzing characteristics of the common enterprise network of resources; and deriving from said analyzing the grouping of the resources into the first and second groups. - View Dependent Claims (4)
-
Specification