Capturing a security breach
First Claim
Patent Images
1. A method of capturing a security breach, comprising:
- deploying a honey pot server comprising a honey pot;
using a processor to detect a breach of the honey pot, wherein the breach indicates the honey pot has been compromised;
using the processor to capture a state of the honey pot, including by creating a copy of data associated with the honey pot as compromised; and
using the processor to automatically redeploy the honey pot, including by reinitializing the state of the honey pot to an initial state in which the honey pot was in at the time it was deployed; and
wherein deploying the honey pot comprises registering with a virtual machine instance an initialization image associated with the initial state and instructing the virtual machine instance to execute the image, the image comprising data usable by the virtual machine to provide a virtual environment having a running instance of an operating system and one or more applications or other programs running on the operating system instance, and wherein redeploying the honey pot includes using the image to reset the virtual machine instance to the initial state.
6 Assignments
0 Petitions
Accused Products
Abstract
A technique is disclosed for capturing a security breach. In one embodiment, the technique comprises initially deploying a honey pot; detecting a breach of the honey pot; and automatically redeploying the honey pot.
-
Citations
17 Claims
-
1. A method of capturing a security breach, comprising:
-
deploying a honey pot server comprising a honey pot; using a processor to detect a breach of the honey pot, wherein the breach indicates the honey pot has been compromised; using the processor to capture a state of the honey pot, including by creating a copy of data associated with the honey pot as compromised; and using the processor to automatically redeploy the honey pot, including by reinitializing the state of the honey pot to an initial state in which the honey pot was in at the time it was deployed; and wherein deploying the honey pot comprises registering with a virtual machine instance an initialization image associated with the initial state and instructing the virtual machine instance to execute the image, the image comprising data usable by the virtual machine to provide a virtual environment having a running instance of an operating system and one or more applications or other programs running on the operating system instance, and wherein redeploying the honey pot includes using the image to reset the virtual machine instance to the initial state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for capturing a security breach, the computer program product being embodied in a computer readable storage medium and comprising computer instructions for:
-
deploying a honey pot; detecting a breach of the honey pot, wherein the breach indicates the honey pot has been compromised; capturing a state of the honey pot, including by creating a copy of data associated with the honey pot as compromised; and automatically redeploying the honey pot, including by reinitializing the state of the honey pot to an initial state in which the honey pot was in at the time it was deployed; and wherein deploying the honey pot comprises registering with a virtual machine instance an initialization image associated with the initial state and instructing the virtual machine instance to execute the image, the image comprising data usable by the virtual machine to provide a virtual environment having a running instance of an operating system and one or more applications or other programs running on the operating system instance, and wherein redeploying the honey pot includes using the image to reset the virtual machine instance to the initial state.
-
-
17. A system for capturing a security breach, comprising:
-
a processor configured to; deploy a honey pot; detect a breach of the honey pot, wherein the breach indicates the honey pot has been compromised; capture a state of the honey pot, including by creating a copy of data associated with the honey pot as compromised; and automatically redeploy the honey pot, including by reinitializing the state of the honey pot to an initial state in which the honey pot was in at the time it was deployed; and a memory coupled with the processor, wherein the memory provides the processor with instructions; wherein the processor is configured to deploy the honey pot at least in part by registering with a virtual machine instance an initialization image associated with the initial state and instructing the virtual machine instance to execute the image, the image comprising data usable by the virtual machine to provide a virtual environment having a running instance of an operating system and one or more applications or other programs running on the operating system instance, and wherein redeploying the honey pot includes using the image to reset the virtual machine instance to the initial state.
-
Specification