Data exfiltration attack simulation technology

US 8,782,796 B2
Filed: 06/22/2012
Issued: 07/15/2014
Est. Priority Date: 06/22/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for testing network security, the method comprising:

storing on a monitoring system at least one specified data message and a at least one specified access credential to at least one third-party web-based service;

installing on at least one testing system to be tested on a network, at least one software agent configured with the at least one specified data message and the at least one specified access credential to the at least one third-party web-based service;

executing the at least one software agent on the testing system to send the at least one specified data message to the at least one third-party web-based service using the at least one specified access credential;

accessing, with a monitoring system which is independent of the network, the at least one third-party web-based service with the at least one specified access credential;

comparing, with the monitoring system, if data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent; and

assigning a risk factor to the testing system and the at least one third-party web-based service if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Novel systems and methods for testing network security are disclosed. In one example, at least one specified data message and at least one specified access credential to at least one third-party web-based service is stored on a monitoring system. At least one software agent configured with the specified data message and the specified access credential to the third-party web-based service is installed on at least on system to be tested. The software agent is executed on the testing system to send the specified data message to the third-party web-based service using the specified access credential. A monitoring system which is independent of the network, access the third-party web-based service with the access credential. The monitoring system compares, if data on the third-party web-based service is equivalent to the specified data message sent by the software agent. In another example, the software agent is configured with a custom start-logging command.

Citations

20 Claims

1. A computer-implemented method for testing network security, the method comprising:
- storing on a monitoring system at least one specified data message and a at least one specified access credential to at least one third-party web-based service;
  
  installing on at least one testing system to be tested on a network, at least one software agent configured with the at least one specified data message and the at least one specified access credential to the at least one third-party web-based service;
  
  executing the at least one software agent on the testing system to send the at least one specified data message to the at least one third-party web-based service using the at least one specified access credential;
  
  accessing, with a monitoring system which is independent of the network, the at least one third-party web-based service with the at least one specified access credential;
  
  comparing, with the monitoring system, if data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent; and
  
  assigning a risk factor to the testing system and the at least one third-party web-based service if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - downloading from the monitoring system to the testing system the at least one software agent with the at least one specified data message and the at least one specified access credential to the at least one third-party web-based service.
  - 3. The method of claim 1, wherein the at least one third-party web-based service is at least one of a storage service, a chat service, an email service, and a social media service.
  - 4. The method of claim 1, wherein the at least one specified data message includes at least one of card holder data, personal health information data, personally identifiable information data, and social security number data.
  - 5. The method of claim 1, wherein the at least one specified data message is selected by a user using a graphical user interface presented by the monitoring system.
  - 6. The method of claim 1, further comprising:
    - logging if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.
  - 7. The method of claim 1, wherein the comparing at the monitoring system if any data on the at least one third-party web-based service is equivalent to the data message sent by the at least one software agent includes computing a hash value of the at least one specified data message and comparing the hash value to a hash value of the at least one specified data message stored by the monitoring system.

8. A system for testing security of a network, the system comprising:
- a memory;
  
  a processor communicatively coupled to the memory for performing;
  
  storing on a monitoring system at least one specified data message and a at least one specified access credential to at least one third-party web-based service;
  
  installing on at least one testing system to be tested on a network, at least one software agent configured with the at least one specified data message and the at least one specified access credential to the at least one third-party web-based service;
  
  executing the at least one software agent on the testing system to send the at least one specified data message to the at least one third-party web-based service using the at least one specified access credential;
  
  accessing, with a monitoring system which is independent of the network, the at least one third-party web-based service with the at least one specified access credential;
  
  comparing, with the monitoring system, if data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent; and
  
  assigning a risk factor to the testing system and the at least one third-party web-based service if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - downloading from the monitoring system to the testing system the at least one software agent with the at least one specified data message and the at least one specified access credential to the at least one third-party web-based service.
  - 10. The system of claim 8, wherein the at least one third-party web-based service is at least one of a storage service, a chat service, an email service, and a social media service.
  - 11. The system of claim 8, wherein the at least one specified data message includes at least one of card holder data, personal health information data, personally identifiable information data, and social security number data.
  - 12. The system of claim 8, wherein the at least one specified data message is selected by a user using a graphical user interface presented by the monitoring system.
  - 13. The system of claim 8, further comprising:
    - logging if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.
  - 14. The system of claim 8, wherein the comparing at the monitoring system if any data on the at least one third-party web-based service is equivalent to the data message sent by the at least one software agent includes computing a hash value of the at least one specified data message and comparing the hash value to a hash value of the at least one specified data message stored by the monitoring system.

15. A non-transitory machine readable medium encoded with a program for testing security of a network, the program comprising instructions for:
- storing on a monitoring system at least one specified data message and a at least one specified access credential to at least one third-party web-based service;
  
  installing on at least one testing system to be tested on a network, at least one software agent configured with the at least one specified data message and the at least one specified access credential to the at least one third-party web-based service;
  
  executing the at least one software agent on the testing system to send the at least one specified data message to the at least one third-party web-based service using the at least one specified access credential;
  
  accessing, with a monitoring system which is independent of the network, the at least one third-party web-based service with the at least one specified access credential; and
  
  comparing, with the monitoring system, if data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent; and
  
  assigning a risk factor to the testing system and the at least one third-party web-based service if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine readable medium of claim 15, further comprising:
    - downloading from the monitoring system to the testing system the at least one software agent with the at least one specified data message and the specified at least one access credential to the at least one third-party web-based service.
  - 17. The non-transitory machine readable medium of claim 15, wherein the at least one third-party web-based service is at least one of a storage service, a chat service, an email service, and a social media service.
  - 18. The non-transitory machine readable medium of claim 15, wherein the at least one specified data message includes at least one of card holder data, personal health information data, personally identifiable information data, and social security number data.
  - 19. The non-transitory machine readable medium of claim 15, wherein the at least one specified data message is selected by a user using a graphical user interface presented by the monitoring system.
  - 20. The non-transitory machine readable medium of claim 15, further comprising:
    - logging if any data on the at least one third-party web-based service is equivalent to the at least one specified data message sent by the at least one software agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stratum Security Incorporated
Original Assignee
Stratum Security Incorporated
Inventors
Hawthorn, Trevor Tyler, Miller, Nathan, LoSapio, Jeffrey
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US13/530,784
Publication Number

US 20130347085A1
Time in Patent Office

753 Days
Field of Search

726/5, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/0823   using certificates cryptogr...

H04L 63/1433   Vulnerability analysis

Data exfiltration attack simulation technology

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data exfiltration attack simulation technology

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links