Managing security breaches in a networked computing environment

US 10,666,670 B2
Filed: 05/20/2019
Issued: 05/26/2020
Est. Priority Date: 04/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method of managing security breaches in a networked computing environment, comprising:

receiving, by at least one computer device, a communication;

determining, by the at least one computer device, whether the communication is associated with a valid user or a malicious user; and

in response to determining that the communication is associated with the malicious user, routing the malicious user to an element of a decoy system in the networked computing environment which comprises the decoy system and a production system,wherein;

the decoy system is separate from the production system and comprises elements corresponding to elements of the production system;

the routing comprises permitting the malicious user to access at least one element of the production system in one or more first layers;

the networked computing environment comprises layers, and further comprising determining one of the layers at which a breach occurred; and

the routing further comprises routing the malicious user to at least one element of the decoy system in one or more second layers downstream of the determined one of the layers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user.

Citations

14 Claims

1. A method of managing security breaches in a networked computing environment, comprising:
- receiving, by at least one computer device, a communication;
  
  determining, by the at least one computer device, whether the communication is associated with a valid user or a malicious user; and
  
  in response to determining that the communication is associated with the malicious user, routing the malicious user to an element of a decoy system in the networked computing environment which comprises the decoy system and a production system,wherein;
  
  the decoy system is separate from the production system and comprises elements corresponding to elements of the production system;
  
  the routing comprises permitting the malicious user to access at least one element of the production system in one or more first layers;
  
  the networked computing environment comprises layers, and further comprising determining one of the layers at which a breach occurred; and
  
  the routing further comprises routing the malicious user to at least one element of the decoy system in one or more second layers downstream of the determined one of the layers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the decoy system stores fake data that is different from real data stored in the production system, andfurther comprising maintaining the production system intact for servicing valid users after detecting the breach.
  - 3. The method of claim 1, wherein a service provider at least one of creates, maintains, deploys and supports the at least one computer device.
  - 4. The method of claim 1, wherein the receiving the communication, the determining, and the routing are provided by a service provider on a subscription, advertising, and/or fee basis.
  - 5. The method of claim 1, wherein the receiving the communication, the determining, and the routing are provided by software as a service in a cloud environment.
  - 6. The method of claim 2, wherein the malicious user is denied access beyond the determined one of the layers.
  - 7. The method of claim 1, wherein the determining whether the communication is associated with the valid user or the malicious user comprises comparing data associated with the communication to a list of identified malicious users and a list of valid users.

8. A system for managing security breaches, comprising:
- a networked computing environment comprising;
  
  a first layer;
  
  a production application server and a decoy application server in a second layer;
  
  a third layer; and
  
  a production database and a decoy database in a fourth layer,wherein;
  
  the decoy application server corresponds to and is separate from the production application server, and the decoy database corresponds to and is separate from the production database,the system is configured to route a malicious user associated with a breach to the production application server and the decoy database based on a detected layer of the breach being one of the second layer and the third layer,the decoy database stores fake data that is different from real data stored in the production database, andthe system is configured to route the malicious user associated with the breach to the decoy application server and the decoy database based on the detected layer of the breach being the first layer, and route a valid user to the production application server and the production database.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the malicious user and the valid user access the networked computing environment via respective client devices communicating with an external security device.
  - 10. The system of claim 8, further comprising a breach tool configured to determine a layer at which the breach occurred.
  - 11. The system of claim 10, wherein the system is further configured to route the malicious user to the decoy application server and the decoy database based on the breach tool determining the breach occurred at the first layer.
  - 12. The system of claim 10, wherein the system is further configured to route the malicious user to the production application server and the decoy database based on the breach tool determining the breach occurred at one of the second layer and the third layer.

13. A computer program product for managing security breaches, the computer program product comprising a computer readable storage device having program instructions embodied therewith, the program instructions being executable by a computer device to cause the computer device to:
- determine, by the computer device, an identification of a malicious user and a detected layer of a breach of a production system of a networked computing environment; and
  
  route, by the computer device, the malicious user to an element of a decoy system of the networked computing environment based on the identification of the malicious user,wherein;
  
  the decoy system is separate from the production system and comprises elements corresponding to elements of the production system,the networked computing environment comprises;
  
  an external security device in a first layer;
  
  a production application server and a decoy application server in a second layer;
  
  an internal security device in a third layer; and
  
  a production database and a decoy database in a fourth layer,the malicious user is routed to the production application server and the decoy database based on the detected layer of the breach being one of the second layer and the third layer, andthe malicious user is routed to the decoy application server and the decoy database based on the detected layer of the breach being the first layer.
- View Dependent Claims (14)
- - 14. The computer program product of claim 13, wherein the decoy system stores fake data that is different from real data stored in the production system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Boss, Gregory J., Hamilton, II, Rick A., Hoy, Jeffrey R., Magro, Agueda M. H.
Primary Examiner(s)
Tabor, Amare F

Application Number

US16/416,624
Publication Number

US 20190273751A1
Time in Patent Office

372 Days
Field of Search

726 22- 25, 713187-189
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2127   Bluffing

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1491   using deception as counterm...

Managing security breaches in a networked computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Managing security breaches in a networked computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links