AUTOMATICALLY GENERATING NETWORK RESOURCE GROUPS AND ASSIGNING CUSTOMIZED DECOY POLICIES THERETO
0 Assignments
0 Petitions
Accused Products
Abstract
A cyber security system comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.
-
Citations
15 Claims
-
1-8. -8. (canceled)
- 9. A cyber security system to detect attackers, comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.
-
12. A cyber security method for detecting attackers, comprising planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.
-
15. A network analysis method, comprising:
-
analyzing characteristics of an enterprise network of resources, the characteristics comprising subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications; and deriving from said analyzing a grouping of the enterprise network into first and second groups of resources, wherein the first and second groups have different characteristics.
-
Specification
-
- Resources
-
Current Assigneeillusive networks LTD.
-
Original Assigneeillusive networks LTD.
-
InventorsTouboul, Shlomo, Levin, Hanan, Roubach, Stephane, Mischari, Assaf, Ben David, Itai, Avraham, Itay, Ozer, Adi, Kazaz, Chen, Israeli, Ofer, Vingurt, Olga, Gareh, Liad, Grimberg, Israel, Cohen, Cobby, Sultan, Sharon, Kubovsky, Matan
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesG06F 21/55 Detecting local intrusion o...G06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/577 Assessing vulnerabilities a...G06N 20/00 Machine learningH04L 2463/146 Tracing the source of attacksH04L 63/10 for controlling access to d...H04L 63/102 Entity profilesH04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/1491 using deception as counterm...H04L 63/20 for managing network securi...
