System and method for securing a computer system against malicious actions by utilizing virtualized elements

US 9,473,522 B1
Filed: 04/20/2015
Issued: 10/18/2016
Est. Priority Date: 04/20/2015
Status: Active Grant

First Claim

Patent Images

1. A system for protecting a target computing system, the system comprising:

a memory device having executable instructions stored therein; and

a processing device, in response to the executable instructions, configured to test for vulnerabilities on the target computing system from malicious users, the processing device configured to;

deploy simulator nodes in the target computing system, the simulator nodes representing one or more users, program code, or devices and configured to receive electronic task data representing tasks for execution and to execute computer instructions to simulate operations of parties involved in breach scenarios;

simulate malicious action associated with a malicious user scenario by transmitting the electronic task data to be executed by the simulator nodes in the target computing system, the electronic task data sent to each simulator node representing one or more exploitation activities on the target computing system and comprising a portion of the electronic task data in an execution queue representing the malicious user scenario;

receive electronic result data from the deployed simulator nodes representing results associated with the electronic task data executed by the simulator nodes;

determine whether the malicious action was successful within the target computing system based on the electronic result data;

update a snapshot of currently known breaches on the target computing system with the determination that the malicious action was successful, the snapshot comprising a graph including nodes representative of simulator nodes and edges representative of specific scenarios with simulation results of the specific scenarios;

determine whether the snapshot has new breach scenarios and previously known scenarios that have been fixed; and

conclude the new breach scenarios and the previously known scenarios that have been fixed by searching the graph.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting a computing system, the method comprising allocating simulator nodes, the simulator nodes emulating operations of devices in a target system, simulating malicious action utilizing the simulator nodes, and determining that the malicious action was successfully.

Citations

18 Claims

1. A system for protecting a target computing system, the system comprising:
- a memory device having executable instructions stored therein; and
  
  a processing device, in response to the executable instructions, configured to test for vulnerabilities on the target computing system from malicious users, the processing device configured to;
  
  deploy simulator nodes in the target computing system, the simulator nodes representing one or more users, program code, or devices and configured to receive electronic task data representing tasks for execution and to execute computer instructions to simulate operations of parties involved in breach scenarios;
  
  simulate malicious action associated with a malicious user scenario by transmitting the electronic task data to be executed by the simulator nodes in the target computing system, the electronic task data sent to each simulator node representing one or more exploitation activities on the target computing system and comprising a portion of the electronic task data in an execution queue representing the malicious user scenario;
  
  receive electronic result data from the deployed simulator nodes representing results associated with the electronic task data executed by the simulator nodes;
  
  determine whether the malicious action was successful within the target computing system based on the electronic result data;
  
  update a snapshot of currently known breaches on the target computing system with the determination that the malicious action was successful, the snapshot comprising a graph including nodes representative of simulator nodes and edges representative of specific scenarios with simulation results of the specific scenarios;
  
  determine whether the snapshot has new breach scenarios and previously known scenarios that have been fixed; and
  
  conclude the new breach scenarios and the previously known scenarios that have been fixed by searching the graph.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the simulator nodes include at least one of virtual machines, virtual appliances, operating environments, and physical devices.
  - 3. The system of claim 1 wherein the simulator nodes are configured to virtualize or clone at least one of hardware, software, cloud computing, network and communication elements.
  - 4. The system of claim 1 wherein the processing device is operative to configure a security system of the target computing system based on the simulation of the malicious action.
  - 5. The system of claim 4 wherein the security system includes one or more security controllers.
  - 6. The system of claim 5 wherein the one or more security controllers includes at least one of firewall products, antivirus products, endpoint security products, web application firewall (WAF) products, access control list (ACL) features of network products (including switches, routers, and proxies), data leakage prevention (DLP) products, mobile device management (MDM) products, mobile access management (MAM) products, content inspection products, and malicious action detection and mitigation systems.
  - 7. The system of claim 5 wherein the processing device is further operable to configure the security controller, and re-simulate the malicious action.
  - 8. The system of claim 1 wherein the malicious action comprises a breach scenario.
  - 9. The system of claim 8 wherein the breach scenario includes a plurality of operations performed by the simulator nodes.
  - 10. The system of claim 1 wherein the simulator nodes are operable to establish communication connections.

11. A non-transitory computer readable medium comprising program code that when executed by a programmable processor causes execution of a method for protecting a target computing system, the computer readable media comprising:
- executable instructions that test for vulnerabilities on the target computing system from malicious users, the executable instructions comprising;
  
  computer program code for deploying simulator nodes in the target computing system, the simulator nodes representing one or more users, program code, or devices and configured to receive electronic task data representing tasks for execution and to execute computer instructions to simulate operations of parties involved in breach scenarios;
  
  computer program code for simulating malicious action associated with a malicious user scenario by transmitting the electronic task data to be executed by the simulator nodes in the target computing system, the electronic task data sent to each simulator node representing one or more exploitation activities on the target computing system and comprising a portion of the electronic task data in an execution queue representing the malicious user scenario;
  
  computer program code for receiving electronic result data from the deployed simulator nodes representing results associated with the electronic task data executed by the simulator nodes;
  
  computer program code for determining whether the malicious action was successful within the target computing system based on the electronic result data;
  
  computer program code for updating a snapshot of currently known breaches on the target computing system with the determination that the malicious action was successful, the snapshot comprising a graph including nodes representative of simulator nodes and edges representative of specific scenarios with simulation results of the specific scenarios;
  
  computer program code for determining whether the snapshot has new breach scenarios and previously known scenarios that have been fixed; and
  
  computer program code for concluding the new breach scenarios and the previously known scenarios that have been fixed by searching the graph.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer readable medium of claim 11 wherein the simulator nodes include at least one of virtual machines, virtual appliances, operating environments, and physical devices.
  - 13. The computer readable medium of claim 11 further comprising computer program code for configuring the simulator nodes to virtualize or clone at least one of hardware, software, cloud computing, network and communication elements.
  - 14. The computer readable medium of claim 11 wherein the programmable processor is operative to configure a security system of the target computing system based on the simulation of the malicious action, the security system includes one or more security controllers.
  - 15. The computer readable medium of claim 14 wherein the one or more security controllers includes at least one of firewall products, antivirus products, endpoint security products, web application firewall (WAF) products, access control list (ACL) features of network products (including switches, routers, and proxies), data leakage prevention (DLP) products, mobile device management (MDM) products, mobile access management (MAM) products, content inspection products, and malicious action detection and mitigation systems.
  - 16. The computer readable medium of claim 14 further comprising computer program code for configuring the security controller, and re-simulate the malicious action.
  - 17. The computer readable medium of claim 11 wherein the malicious action comprises a breach scenario.
  - 18. The computer readable medium of claim 17 wherein the breach scenario includes a plurality of operations performed by the simulator nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeBreach, Ltd.
Original Assignee
SafeBreach, Ltd.
Inventors
Kotler, Itzhak, Livni, Idan, Bar-Shalom, Dan, Bejerano, Guy
Primary Examiner(s)
Edwards, Linglan

Application Number

US14/691,027
Publication Number

US 20160308895A1
Time in Patent Office

547 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45504   Abstract machines for progr...

H04L 63/1433   Vulnerability analysis

System and method for securing a computer system against malicious actions by utilizing virtualized elements

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing a computer system against malicious actions by utilizing virtualized elements

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links