AUTOMATICALLY GENERATING NETWORK RESOURCE GROUPS AND ASSIGNING CUSTOMIZED DECOY POLICIES THERETO
First Claim
1. A cyber security system to detect attackers within a network of resources, comprising:
- circuitry of a network data collector collecting data regarding an enterprise network, the data comprising network computing resources and operating systems of the network computing resources, users and user privileges, installed applications, open ports, previous logged on users, browser histories, vault content and shares, from data sources comprising a directory service, the network resources, knowledge bases comprising firewall logs, and in/out ports of machines;
circuitry of a learning module analyzing the data collected by said network data collector, determining therefrom groupings of the network resources into at least two groups, and assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources comprises one or more decoy attack vectors, and one or more resources in the group in which the one or more decoy lateral attack vectors are to be planted, and wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker to discover information regarding a second resource within the network; and
circuitry of a decoy deployer planting, for each group of resources, one or more decoy lateral attack vectors in one or more resources in that group, in accordance with the decoy policy for that group.
1 Assignment
0 Petitions
Accused Products
Abstract
A cyber security system to detect attackers, including a data collector collecting data regarding a network, the data including network resources and users, a learning module analyzing data collected by the network data collector, determining therefrom groupings of the network resources into at least two groups, and assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources includes one or more decoy attack vectors, and one or more resources in the group in which the one or more decoy attack vectors are to be planted, and wherein an attack vector is an object of a first resource that may be used to access or discover a second resource, and a decoy deployer planting, for each group of resources, one or more decoy attack vectors in one or more resources in that group, in accordance with the decoy policy for that group.
-
Citations
8 Claims
-
1. A cyber security system to detect attackers within a network of resources, comprising:
-
circuitry of a network data collector collecting data regarding an enterprise network, the data comprising network computing resources and operating systems of the network computing resources, users and user privileges, installed applications, open ports, previous logged on users, browser histories, vault content and shares, from data sources comprising a directory service, the network resources, knowledge bases comprising firewall logs, and in/out ports of machines; circuitry of a learning module analyzing the data collected by said network data collector, determining therefrom groupings of the network resources into at least two groups, and assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources comprises one or more decoy attack vectors, and one or more resources in the group in which the one or more decoy lateral attack vectors are to be planted, and wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker to discover information regarding a second resource within the network; and circuitry of a decoy deployer planting, for each group of resources, one or more decoy lateral attack vectors in one or more resources in that group, in accordance with the decoy policy for that group. - View Dependent Claims (2, 3, 4)
-
-
5. A cyber security method for detecting attackers within a network of resources, comprising:
-
collecting data regarding an enterprise network, the data comprising network computing resources and operating systems of the network computing resources, users and user privileges, installed applications, open ports, previous logged on users, browser histories, vault content and shares, from data sources comprising a directory service, the network resources, knowledge bases comprising firewall logs, and in/out ports of machines; analyzing the data collected by said collecting data; determining groupings of the network resources into at least two groups; assigning a customized decoy policy to each group of resources, wherein a decoy policy for a group of resources comprises one or more decoy lateral attack vectors, and one or more resources in the group in which the one or more decoy attack vectors are to be planted, and wherein an a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker to discover information regarding a second resource within the network; and planting, for each group of resources, one or more decoy lateral attack vectors in one or more resources in that group, in accordance with the decoy policy for that group. - View Dependent Claims (6, 7, 8)
-
Specification