Cloud protection techniques

US 10,341,383 B2
Filed: 01/12/2018
Issued: 07/02/2019
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium comprising executable instructions that when executed by one or more processors perform a method to:

detect a security event indicating an intruder is operating within a source environment;

migrate resources of the source environment to a target environment;

generate fake resources to represent the resources within the source environment and creating a fake processing environment of the source environment with the fake resource operational within the fake processing environment as a combination of fake services, fake systems, fake directories, and fake data stores; and

log actions taken by the intruder against the fake resources during migration of the resources to the target environment.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.

23 Citations

8 Claims

1. A non-transitory computer-readable storage medium comprising executable instructions that when executed by one or more processors perform a method to:
- detect a security event indicating an intruder is operating within a source environment;
  
  migrate resources of the source environment to a target environment;
  
  generate fake resources to represent the resources within the source environment and creating a fake processing environment of the source environment with the fake resource operational within the fake processing environment as a combination of fake services, fake systems, fake directories, and fake data stores; and
  
  log actions taken by the intruder against the fake resources during migration of the resources to the target environment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The medium of claim 1, wherein the executable instructions further include additional executable instructions to notify users of the source environment to transition to a new network location where the target environment is operational once the resources are fully migrated to the target environment.
  - 3. The medium of claim 1, wherein the executable instructions further include additional executable instructions to shut down the source environment once the resources are completely operational in the target environment and once users of the source environment are notified of the target environment.
  - 4. The medium of claim 1, wherein the executable instructions further include additional executable instructions to instantiate an instance of the executable instructions within the target environment once the resources are completely operational in the target environment and once users of the source environment are notified of the target environment.
  - 5. The medium of claim 1, wherein the executable instructions to migrate further include shutting down one or more Virtual Machines (VMs) processing the resources within the source environment.
  - 6. The medium of claim 1, wherein the executable instructions to generate further include configure at least some of the fake resource to process as a honeypot to entice the intruder to stay in the fake processing environment and to take additional actions during migration to the target environment.

7. A system, comprising:
- a source cloud processing environment comprising;
  
  resources, at least one hardware processor, and non-transitory computer-readable storage medium having executable instructions;
  
  a target cloud processing environment comprising;
  
  an instance of the resources, at least one hardware processor, and non-transitory computer-readable storage medium having executable instructions;
  
  the at least one hardware processor of the source cloud processing environment executes the executable instructions from the non-transitory computer-readable storage medium of the source cloud processing environment, and wherein the executable instructions of the source cloud processing environment is configured to perform processing to;
  
  i) detect an unauthorized intruder operating in the source cloud processing environment, ii) migrate the instance to the target cloud processing environment, iii) generate fake resources representing the resources in the source cloud processing environment with the fake resource operational within the source cloud processing environment as a combination of fake services, fake systems, fake directories, and fake data stores, iv) create one or more honeypots through configured interactions between the fake resources within the source cloud processing environment, v) monitor actions taken by the unauthorized intruder during migration to the target cloud processing environment, and vi) shut down the source cloud processing environment once the instance is operational in the target cloud processing environment.
- View Dependent Claims (8)
- - 8. The system of claim 7, wherein the at least one hardware processor of the target cloud processing environment executes the executable instructions from the non-transitory computer-readable storage medium of the target cloud processing environment, and wherein the executable instructions of the target cloud processing environment is configured to perform processes i)-vi) within the target cloud processing environment once the instance is operation in the target cloud processing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Inventors
Sabin, Jason Allen
Primary Examiner(s)
Jeudy, Josnel

Application Number

US15/870,184
Publication Number

US 20180139239A1
Time in Patent Office

536 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2123   Dummy operation

H04L 63/14   for detecting or protecting...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

Cloud protection techniques

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud protection techniques

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links