Creating, managing and deploying deceptions on mobile devices
First Claim
1. A system for managing attacker incidents on a mobile device, comprising:
- a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, receive a list of deceptions to install in the mobile device, and install the deceptions in the received list in the mobile device;
a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device by the dedicated agent, and sending a notification that an incident has occurred; and
a deception management server sending instructions to said MDM to deploy deceptions on the mobile device, sending the list of deceptions to said MDM, registering the mobile device and its deceptions state, receiving the notification from said trap server that an incident has occurred, in response thereto instructing said MDM to run forensics on the mobile device, and receiving the forensics from the dedicated agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for managing attacker incidents, including a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, and install deceptions in the mobile device, a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device, and a deception management server sending instructions to the MDM to deploy deceptions on the mobile device, registering the mobile device and its deceptions state, receiving the notification from the trap server that an incident has occurred, and in response thereto instructing the MDM to run forensics on the mobile device.
136 Citations
7 Claims
-
1. A system for managing attacker incidents on a mobile device, comprising:
-
a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, receive a list of deceptions to install in the mobile device, and install the deceptions in the received list in the mobile device; a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device by the dedicated agent, and sending a notification that an incident has occurred; and a deception management server sending instructions to said MDM to deploy deceptions on the mobile device, sending the list of deceptions to said MDM, registering the mobile device and its deceptions state, receiving the notification from said trap server that an incident has occurred, in response thereto instructing said MDM to run forensics on the mobile device, and receiving the forensics from the dedicated agent. - View Dependent Claims (2, 3)
-
-
4. A method for managing attacker incidents on a mobile device, comprising:
-
instructing, by a deception management server, a mobile device manager (MDM) to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization; in response to said instructing running, by the MDM, a dedicated agent on the mobile device; registering, by the dedicated agent, the mobile device and its current deceptions state with the deception management server; receiving, by the dedicated agent from the deception management server, a list of deceptions to install in the mobile device; installing, by the dedicated agent, the deceptions in the received list in the mobile device, wherein the received deceptions include data leading to a trap server; attempting, by an attacker, to use deceptive data installed in the mobile phone, to connect to a service; in response to said attempting, triggering an incident in the trap server; notifying, by the trap server, the deception management server, that an incident has occurred; further instructing the MDM, by the deception management server, to run forensics on the mobile device; in response to said further instructing, running by the MDM, forensics on the mobile device; and transmitting forensic data, by a forensics collector in the dedicated agent, to the deception management server. - View Dependent Claims (5, 6)
-
-
7. A method for managing attacker incidents on a mobile device, comprising:
-
downloading, by a mobile device, a dedicated application; running by the mobile device, the dedicated application with parameters provided by a deception management server; registering, by the dedicated application, the mobile device and its current deceptions state with the deception management server; receiving, by the dedicated application from the deception management server, a list of deceptions to install in the mobile device; installing, by the dedicated agent, the deceptions in the received list in the mobile device; attempting, by an attacker, to use deceptive data in the mobile phone, to connect to a service; in response to said attempting, triggering an incident in a trap server; notifying, by the trap server, the dedicate application, that an incident has occurred; running by the dedicated application, forensics on the mobile device; and transmitting forensic data, by a forensics collector in the dedicated application, to the deception management server.
-
Specification