CLOUD PROTECTION TECHNIQUES

US 20180139239A1
Filed: 01/12/2018
Published: 05/17/2018
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.

Citations

21 Claims

1. (canceled)

2. A method, comprising:
- detecting activity within an environment that indicates an intruder within the environment;
  
  migrating the environment to a new environment;
  
  creating a feigned environment within the environment to encourage additional activity by the intruder; and
  
  monitoring the additional activity within the feigned environment as the environment is migrating to the new environment.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 3. The method of claim 2, wherein detecting further includes detecting a security event associated with the intruder
  - 4. The method of claim 2, wherein migrating further includes shutting down resources within the environment.
  - 5. The method of claim 2, creating further includes starting fake resources within the feigned environment.
  - 6. The method of claim 5, wherein starting further includes generating fake resource parameters for the feigned resources making the feigned resources appear to the intruder to be resources of the environment.
  - 7. The method of claim 2, wherein generating further includes providing at least one fake resource as a server application appearing to be a server within the feigned environment.
  - 8. The method of claim 2, wherein providing further includes generating network traffic by the server application that is sent to a log file to entice the additional activity within the feigned environment.
  - 9. The method of claim 2, wherein creating further includes configuring and initiating a Virtual Machines (VM) as the feigned environment
  - 10. The method of claim 9, wherein configuring and initiating further includes providing the VM with a Just enough Operating System (JeOS).
  - 11. The method of claim 10, wherein providing further includes generating a first fake Virtual Machine (VM) and a second fake VM within the VM as a honeypot.
  - 12. The method of claim 11, wherein configuring and initiating further includes generating traffic between the first fake VM and the second fake VM to entice the intruder to the honeypot.
  - 13. The method of claim 2, wherein monitoring further includes notifying users of the environment when the environment is migrated to the new environment for the users to transition over to the new environment.

14. A non-transitory computer-readable storage medium comprising executable instructions that when executed by one or more processors perform a method to:
- detect a security event indicating an intruder is operating within a source environment;
  
  migrate resources of the source environment to a target environment;
  
  generate fake resources to represent the resources within the source environment and creating a fake environment of the source environment; and
  
  log actions taken by the intruder against the fake resources during migration of the resources to the target environment.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The medium of claim 14, wherein the executable instructions further include additional executable instructions to notify users of the source environment to transition to a new network location where the target environment is operational once the resources are fully migrated to the target environment.
  - 16. The medium of claim 14, wherein the executable instructions further include additional executable instructions to shut down the source environment once the resources are completely operational in the target environment and once users of the source environment are notified of the target environment.
  - 17. The medium of claim 14, wherein the executable instructions further include additional executable instructions to instantiate an instance of the executable instructions within the target environment once the resources are completely operational in the target environment and once users of the source environment are notified of the target environment.
  - 18. The medium of claim 14, wherein the executable instructions to migrate further include shutting down one or more Virtual Machines (VMs) processing the resources within the source environment.
  - 19. The medium of claim 14, wherein the executable instructions to generate further include configure at least some of the fake resource to process as a honeypot to entice the intruder to stay in the fake environment and to take additional actions during migration to the target environment.

20. A system, comprising:
- a source cloud processing environment comprising resources; and
  
  a target cloud processing environment comprising an instance of the resources;
  
  wherein the source cloud processing is configured to;
  
  i) detect an unauthorized intruder operating in the source cloud processing environment, ii) migrate the instance to the target cloud processing environment, iii) generate fake resources representing the resources in the source cloud processing environment, iv) create one or more honeypots through configured interactions between the fake resources within the source cloud processing environment, v) monitor actions taken by the unauthorized intruder during migration to the target cloud processing environment, and vi) shut down the source cloud processing environment once the instance is operational in the target cloud processing environment.
- View Dependent Claims (21)
- - 21. The system of claim 20, wherein the target cloud processing is configured to process i)-vi) within the target cloud processing environment once the instance is operation in the target cloud processing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Inventors
Sabin, Jason Allen

Granted Patent

US 10,341,383 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2123   Dummy operation

H04L 63/14   for detecting or protecting...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

CLOUD PROTECTION TECHNIQUES

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD PROTECTION TECHNIQUES

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links