×

Detection of compromised credentials as a network service

  • US 10,367,784 B2
  • Filed: 09/30/2016
  • Issued: 07/30/2019
  • Est. Priority Date: 09/30/2016
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • a processor configured to;

    monitor a plurality of sessions at a firewall;

    log a plurality of failed or timed out attempts to authenticate at the firewall in a log;

    analyze the log for a pattern of the failed or timed out attempts to authenticate at the firewall to identify potentially compromised credentials for authentication;

    determine that a set of credentials for authentication have been compromised based on the analysis of the log, wherein the log includes a first threshold number of successful authentication events for a first authentication factor followed by a second threshold number of timed-out authentication events for a second authentication factor, wherein the first authentication factor is distinct from the second authentication factor, and wherein the second threshold number of timed-out authentication events for the second authentication factor correspond to timed-out authentication attempts based on an authentication timeout setting associated with the second authentication factor; and

    perform a responsive action based on determining that the set of credentials for authentication have been compromised based on the analysis of the log that determines that a number of monitored authentication success events for the first authentication factor exceeds the first threshold number of successful authentication events for the first authentication factor and that a number of monitored authentication failure events for the second authentication factor exceeds the second threshold number of timed-out authentication events for the second authentication factor; and

    a memory coupled to the processor and configured to provide the processor with instructions.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×