System and method of active remediation and passive protection against cyber attacks
First Claim
1. A method for active remediation and/or passive protection against cyberattacks, the method comprising:
- monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network;
initiating a traceback to an identified source of the attack for generating a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack; and
sending a response to the identified source of the attack, wherein requested data is replaced with protected data comprising a protection module embedded within non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for active remediation and/or passive protection against cyber attacks includes an active remediation and passive protection server computer for monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one second agent in the at least one second network. The active remediation and passive protection server computer executes at least one of (i) one or more active remediation mechanisms to actively respond to the one or more detected attacks and/or unauthorized access and (ii) one or more passive protection mechanisms to passively protect against the one or more detected attacks and/or unauthorized access.
18 Citations
15 Claims
-
1. A method for active remediation and/or passive protection against cyberattacks, the method comprising:
- monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network;
initiating a traceback to an identified source of the attack for generating a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack; and sending a response to the identified source of the attack, wherein requested data is replaced with protected data comprising a protection module embedded within non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access. - View Dependent Claims (2, 3, 4, 5, 6, 9, 10, 11, 12)
- monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network;
-
7. A system for active remediation and/or passive protection against cyber attacks, the system comprising:
-
an active remediation and passive protection server computer between at least one first network and at least one second network, wherein the active remediation and passive protection server computer is configured to; monitor at least a portion of network data between the at least one first network and the at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network; and execute (i) an active remediation response to actively respond to the one or more detected attacks and/or unauthorized access by initiating a traceback to an identified source of the attack to generate a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack, and (ii) one or more passive protections to passively protect against the one or more detected attacks and/or unauthorized access, wherein passive protections include replacing requested data with protected data comprising a protection module embedded within new non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access. - View Dependent Claims (13, 14, 15)
-
-
8. A non-transitory computer readable medium storing a computer program which when executed by a processor of a computer is capable of performing a method for active remediation and/or passive protection against cyber attacks, the method comprising:
-
monitoring at least a portion of network data between at least one first network and at least one second network to detect one or more attacks and/or unauthorized access to at least one first agent in the at least one first network by at least one initiating agent in the at least one second network; and (generating a traceback to an identified source of the attack and generating a range of possible rogue agents compromised by unauthorized accesses and used by the identified source for the attack in the second network and sending a message to the range of possible rogue agents comprising notification to rogue agent administrators that their computer is being used in an attack; and sending a response to the identified source of the attack, wherein requested data is replaced with protected data comprising a protection module embedded within new non-confidential data, which is executed when the protected data is accessed to create an evidentiary trail for legal prosecution of the unauthorized access.
-
Specification