Cloud protection techniques
First Claim
1. A method implemented in a non-transitory machine readable storage medium and processed by one or more processors of a source server device and configured to perform the method, comprising:
- identifying, by the source server device, a security intrusion to a source cloud environment;
instructing, by the source server device, a cloud protection agent to shut down an enterprise system operating within the source cloud environment;
migrating, by the source server device, the enterprise system from the source cloud environment to a target cloud environment once the cloud protection agent indicates resources of the enterprise system are ready for migration; and
creating, by the source server device, a feigned enterprise system within the source cloud environment as migration proceeds, the feigned enterprise system is a fake and partially operational enterprise system that is used to dupe an intruder and to track actions of the intruder to determine what the intruder is doing, who the intruder is, where the intruder came from, and how the intruder penetrated the source cloud environment, the feigned enterprise system created in parallel and concurrently with the migration.
8 Assignments
0 Petitions
Accused Products
Abstract
Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.
30 Citations
20 Claims
-
1. A method implemented in a non-transitory machine readable storage medium and processed by one or more processors of a source server device and configured to perform the method, comprising:
-
identifying, by the source server device, a security intrusion to a source cloud environment; instructing, by the source server device, a cloud protection agent to shut down an enterprise system operating within the source cloud environment; migrating, by the source server device, the enterprise system from the source cloud environment to a target cloud environment once the cloud protection agent indicates resources of the enterprise system are ready for migration; and creating, by the source server device, a feigned enterprise system within the source cloud environment as migration proceeds, the feigned enterprise system is a fake and partially operational enterprise system that is used to dupe an intruder and to track actions of the intruder to determine what the intruder is doing, who the intruder is, where the intruder came from, and how the intruder penetrated the source cloud environment, the feigned enterprise system created in parallel and concurrently with the migration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a target sever device configured to perform the method, comprising:
-
detecting, at the target service device, an instruction to initiate within a target cloud environment after some configurable amount of files are available within the target cloud environment based on conditions defined in an installation package; configuring, by the target server device, configuration settings set from a prior instance of a prior enterprise system; configuring, by the target server device, resources for a new instance of the prior enterprise system based on configuration data; and initiating, by the target server device, the resources to establish an enterprise system within the target cloud environment, the enterprise system representing the prior instance of the prior enterprise system that was migrated from a source cloud environment based on an identified security threat by a cloud protection manager and the enterprise system created in parallel and concurrently during migration. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system, comprising:
-
a processor configured with a cloud protection manager that resides and is implemented within a non-transitory computer-readable storage medium and that executes on a source server device; and another processor configured with a cloud protection agent that resides and is implemented within a non-transitory computer-readable storage medium and that executes on a target server device; the cloud protection manager configured to detect a security threat in a source cloud environment and begin migration of an enterprise system to a target cloud environment, the cloud protection manager also configured to create a fake enterprise system within the source cloud environment and track actions taken by an intruder within the source cloud environment, the actions determine what the intruder is doing, who the intruder is, where the intruder came from, how the intruder penetrated the source cloud environment and devices and resources accessed by the intruder, the fake enterprise system remains at least partially operational within the source cloud environment while the actions of the intruder is being tracked, and the cloud protection agent configured to assist in migrating the enterprise system and to install the enterprise system within the target cloud environment and in parallel with and concurrent to the migration from the source cloud environment, the fake enterprise system is created in the source cloud environment, and the cloud protection agent configured to notify the cloud protection manager once the enterprise system is up and running within the target cloud environment. - View Dependent Claims (20)
-
Specification