Open source intelligence deceptions
First Claim
1. A system to detect attackers who attempt to breach an enterprise network and attackers who have already breached the enterprise network, comprising:
- an open source intelligence (OSINT) discoverer within an enterprise network scanning public open source Internet resources outside of the enterprise network to discover open source Internet resources that contain data related to the enterprise that is publicly available online, wherein the enterprise network comprises switches and routers, and a firewall located within a gateway between the enterprise network and the Internet;
an OSINT replacer generating deceptive files by replacing placeholders within template files with deceptive information, based on the data discovered by said OSINT discoverer;
an OSINT distributor planting the deceptive files generated by said OSINT replacer within public open source Internet resources outside of the enterprise network, that were discovered by said OSINT discoverer; and
a deception management server that alerts an administrator in response to an attacker attempting to make a connection within the enterprise network using information in a deceptive file planted by said OSINT distributor.
1 Assignment
0 Petitions
Accused Products
Abstract
A system to detect attackers who attempt to breach an enterprise network and attackers who have already breached the enterprise network, including an open source intelligence (OSINT) discoverer scanning the Internet to discover data related to an enterprise that is available online, an OSINT replacer generating deceptive files by replacing placeholders within template files with deceptive information, based on the data discovered by the OSINT discoverer, an OSINT distributor planting the deceptive files generated by the OSINT replacer within designated OSINT resources, and a deception management server that alerts an administrator in response to an attacker attempting to make a connection within the network using information in a deceptive file planted by the OSINT distributor.
140 Citations
18 Claims
-
1. A system to detect attackers who attempt to breach an enterprise network and attackers who have already breached the enterprise network, comprising:
-
an open source intelligence (OSINT) discoverer within an enterprise network scanning public open source Internet resources outside of the enterprise network to discover open source Internet resources that contain data related to the enterprise that is publicly available online, wherein the enterprise network comprises switches and routers, and a firewall located within a gateway between the enterprise network and the Internet; an OSINT replacer generating deceptive files by replacing placeholders within template files with deceptive information, based on the data discovered by said OSINT discoverer; an OSINT distributor planting the deceptive files generated by said OSINT replacer within public open source Internet resources outside of the enterprise network, that were discovered by said OSINT discoverer; and a deception management server that alerts an administrator in response to an attacker attempting to make a connection within the enterprise network using information in a deceptive file planted by said OSINT distributor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for detecting attackers who attempt to breach an enterprise network and attackers who have already breached the enterprise network, comprising:
-
scanning, from within the enterprise network, public open source Internet resources outside of the enterprise network to discover open source Internet resources that contain data related to the enterprise that is publicly available online, wherein the enterprise network comprises switches and routers, and a firewall located within a gateway between the enterprise network and the Internet; generating files and text by replacing placeholders within template files with deceptive information based on the results of said scanning; planting the files and text generated by said generating within public open source Internet resources outside of the enterprise network, that were discovered by said scanning; and alerting an administrator in response to an attacker attempting to make a connection within the enterprise network using information in a deceptive file planted by planting. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification