Managing security breaches in a networked computing environment
First Claim
1. A method of managing security breaches in a networked computing environment, comprising:
- detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment comprises a decoy system interweaved with the production system;
receiving, by the at least one computer device, a communication after the detecting the breach;
determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user; and
based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user;
wherein the networked computing environment comprises layers, andfurther comprising determining one of the layers at which the breach occurred; and
wherein;
the communication is determined to be associated with the malicious user;
the routing is based on the determined one of the layers;
wherein the routing comprises;
permitting the malicious user to access at least one element of the production system in one or more first layers up to and including the determined one of the layers; and
routing the malicious user to at least one element of the decoy system in one or more second layers downstream of the determined one of the layers.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user.
-
Citations
12 Claims
-
1. A method of managing security breaches in a networked computing environment, comprising:
-
detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment comprises a decoy system interweaved with the production system; receiving, by the at least one computer device, a communication after the detecting the breach; determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user; and based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user; wherein the networked computing environment comprises layers, and further comprising determining one of the layers at which the breach occurred; and wherein; the communication is determined to be associated with the malicious user; the routing is based on the determined one of the layers; wherein the routing comprises; permitting the malicious user to access at least one element of the production system in one or more first layers up to and including the determined one of the layers; and routing the malicious user to at least one element of the decoy system in one or more second layers downstream of the determined one of the layers. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for managing security breaches, comprising:
-
at least one computer device in a networked computing environment, wherein the at least one computer device is configured to; determine an identification of a malicious user and a detected layer of a breach of a production system of the networked computing environment; route a valid user to an element of the production system; and route the malicious user to a corresponding element of a decoy system of the networked computing environment based on the determined identification of the malicious user and the detected layer of the breach; wherein the networked computing environment comprises; an external security device in a first layer;
a production application server and a decoy application server in a second layer;
an internal security device in a third layer; and
a production database and a decoy database in a fourth layer;wherein; the malicious user is routed to the decoy application server and the decoy database based on the detected layer of the breach being the first layer; and the malicious user is routed to the production application server and the decoy database based on the detected layer of the breach being one of the second layer and the third layer.
-
-
8. A system for managing security breaches, comprising:
a networked computing environment comprising; an external security device in a first layer; a production application server and a decoy application server in a second layer; an internal security device in a third layer; and
a production database and a decoy database in a fourth layer,wherein a malicious user associated with a breach is routed to at least one of the decoy application server and the decoy database, and a valid user is routed to the production application server and the production database; wherein the malicious user and the valid user access the networked computing environment via respective client devices communicating with the external security device; further comprising a breach tool that determines a layer at which the breach occurred; and wherein the malicious user is routed to the production application server and the decoy database based on the breach tool determining the breach occurred at one of the second layer and the third layer. - View Dependent Claims (9, 10)
-
11. A computer program product for managing security breaches, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions being executable by a computer device to cause the computer device to:
-
determine, by the computer device, an identification of a malicious user and a detected layer of a breach of a production system of a networked computing environment, wherein the determining comprises receiving or obtaining the identification of the malicious user and the detected layer of the breach from a breach tool; route, by the computer device, a valid user to an element of the production system after the breach; and route, by the computer device, the malicious user to an element of a decoy system of the networked computing environment based on the identification of the malicious user and the detected layer of the breach; wherein the networked computing environment comprises; an external security device in a first layer; a production application server and a decoy application server in a second layer; an internal security device in a third layer; and
a production database and a decoy database in a fourth layer;wherein; the malicious user is routed to the decoy application server and the decoy database based on the detected layer of the breach being the first layer; and the malicious user is routed to the production application server and the decoy database based on the detected layer of the breach being one of the second layer and the third layer. - View Dependent Claims (12)
-
Specification