Automatically generating network resource groups and assigning customized decoy policies thereto

US 10,291,650 B2
Filed: 07/05/2017
Issued: 05/14/2019
Est. Priority Date: 06/08/2015
Status: Active Grant

First Claim

Patent Images

1. A cyber security system to detect attackers, comprising:

a processor executing instructions stored on a non-transitory computer-readable medium;

circuitry of a decoy deployer, under control of said processor via the instructions, (i) planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, (ii) conforming the decoy lateral attack vectors in the first group to the characteristics of the first group, and (iii) conforming the decoy lateral attack vectors in the second group to the characteristics of the second group; and

circuitry of a learning module, under control of said processor via the instructions, analyzing characteristics of the common enterprise network of resources, and deriving from the analyzed characteristics the grouping of the resources into the first and second groups.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cyber security system comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.

Citations

4 Claims

1. A cyber security system to detect attackers, comprising:
- a processor executing instructions stored on a non-transitory computer-readable medium;
  
  circuitry of a decoy deployer, under control of said processor via the instructions, (i) planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, (ii) conforming the decoy lateral attack vectors in the first group to the characteristics of the first group, and (iii) conforming the decoy lateral attack vectors in the second group to the characteristics of the second group; and
  
  circuitry of a learning module, under control of said processor via the instructions, analyzing characteristics of the common enterprise network of resources, and deriving from the analyzed characteristics the grouping of the resources into the first and second groups.
- View Dependent Claims (2)
- - 2. The system of claim 1 further comprising circuitry of a policy manager, under control of said processor via the instructions, assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources comprises one or more decoy lateral attack vectors, and one or more resources in the group in which the one or more decoy lateral attack vectors are to be planted.

3. A cyber security method for detecting attackers, comprising:
- planting one or more decoy lateral attack vectors in each of a first and a second group of real resources within a common enterprise network of resources, the first and second groups of real resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and applications that were installed, wherein a decoy lateral attack vector is a decoy data object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker;
  
  conforming the decoy lateral attack vectors in the first group to the characteristics of the first group;
  
  conforming the decoy lateral attack vectors in the second group to the characteristics of the second group;
  
  analyzing characteristics of the common enterprise network of resources; and
  
  deriving from said analyzing the grouping of the resources into the first and second groups.
- View Dependent Claims (4)
- - 4. The method of claim 3 further comprising assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources comprises one or more decoy lateral attack vectors, and one or more resources in the group in which the one or more decoy lateral attack vectors are to be planted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
illusive networks LTD.
Original Assignee
illusive networks LTD.
Inventors
Touboul, Shlomo, Levin, Hanan, Roubach, Stephane, Mischari, Assaf, Ben David, Itai, Avraham, Itay, Ozer, Adi, Kazaz, Chen, Israeli, Ofer, Vingurt, Olga, Gareh, Liad, Grimberg, Israel, Cohen, Cobby, Sultan, Sharon, Kubovsky, Matan
Primary Examiner(s)
Sholeman, Abu S

Application Number

US15/641,817
Publication Number

US 20170310689A1
Time in Patent Office

678 Days
Field of Search

726 25, 726 1
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06N 20/00   Machine learning

H04L 2463/146   Tracing the source of attacks

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

Automatically generating network resource groups and assigning customized decoy policies thereto

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically generating network resource groups and assigning customized decoy policies thereto

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links