System and method for verifying malicious actions by utilizing virtualized elements

US 9,710,653 B2
Filed: 04/20/2015
Issued: 07/18/2017
Est. Priority Date: 04/20/2015
Status: Active Grant

First Claim

Patent Images

1. A networked system of hardware components configured with computer program code for verifying breach vulnerabilities within the networked system, the networked system comprising:

a memory device having executable instructions stored therein; and

a processing device, in response to executing the executable instructions, configured to;

prepare breach simulation tasks by reading configurations for types of breach scenarios and preparing a list of tasks to be simulated;

send breach simulation tasks to simulator nodes, the simulator nodes being deployed in the networked system and given access to a production server in the networked system, the breach simulation tasks sent to at least a first simulator node is designed to simulate an attacker party and the breach simulation tasks sent to at least a second simulator node is designed to simulate attacked parties involved in the types of breach scenarios;

execute the breach simulation tasks on the simulator nodes, wherein the at least first simulator node executes attacker tasks from the list of tasks that simulate an attacker party and the at least second simulator node executes attacked party tasks from the list of tasks that simulate an attacked party;

receive results from the simulator nodes;

determine that the simulator nodes of the attacker and attacked parties report on a same result by identifying corresponding outcomes between the simulator nodes of the attacker and attacked parties from the execution of the breach simulation tasks on the simulator nodes, wherein reporting on the same result comprising comparing transferred data transferred by the at least first simulator node and a copy of the transferred data that was successfully received at the at least second simulator node to verify whether breached data and transmitted copy of the breach data are the same;

determine that the simulator nodes of the attacker and attacked parties report on successful execution of the breach simulation tasks; and

identify a successful breach based on the simulator nodes of the attacker and attacked parties report on the same result and the simulator nodes of the attacker and attacked parties report on the successful execution of the breach simulation tasks.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system comprising a memory device having executable instructions stored in the memory device, and a processing device, in response to the executable instructions, configured to prepare breach simulation tasks by reading configurations for types of breach scenarios and preparing a list of tasks to be simulated, send breach simulation tasks to simulator nodes, the simulator nodes simulating parties involved in the types of breach scenarios, execute the breach simulation tasks on the simulator nodes, receive results from the simulator nodes, determine that the parties report on a same result, determine that the parties report on successful results, and identify a successful breach based on the parties report on the same result and the parties report on the successful results.

Citations

16 Claims

1. A networked system of hardware components configured with computer program code for verifying breach vulnerabilities within the networked system, the networked system comprising:
- a memory device having executable instructions stored therein; and
  
  a processing device, in response to executing the executable instructions, configured to;
  
  prepare breach simulation tasks by reading configurations for types of breach scenarios and preparing a list of tasks to be simulated;
  
  send breach simulation tasks to simulator nodes, the simulator nodes being deployed in the networked system and given access to a production server in the networked system, the breach simulation tasks sent to at least a first simulator node is designed to simulate an attacker party and the breach simulation tasks sent to at least a second simulator node is designed to simulate attacked parties involved in the types of breach scenarios;
  
  execute the breach simulation tasks on the simulator nodes, wherein the at least first simulator node executes attacker tasks from the list of tasks that simulate an attacker party and the at least second simulator node executes attacked party tasks from the list of tasks that simulate an attacked party;
  
  receive results from the simulator nodes;
  
  determine that the simulator nodes of the attacker and attacked parties report on a same result by identifying corresponding outcomes between the simulator nodes of the attacker and attacked parties from the execution of the breach simulation tasks on the simulator nodes, wherein reporting on the same result comprising comparing transferred data transferred by the at least first simulator node and a copy of the transferred data that was successfully received at the at least second simulator node to verify whether breached data and transmitted copy of the breach data are the same;
  
  determine that the simulator nodes of the attacker and attacked parties report on successful execution of the breach simulation tasks; and
  
  identify a successful breach based on the simulator nodes of the attacker and attacked parties report on the same result and the simulator nodes of the attacker and attacked parties report on the successful execution of the breach simulation tasks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The networked system of claim 1 wherein the simulator nodes of the attacker and attacked parties include at least one of client devices and servers.
  - 3. The networked system of claim 1 wherein the processing device is further configured to:
    - determine proper execution of the breach simulation tasks; and
      
      verify data received by the simulator nodes of the attacker and attacked parties and data transmitted from the simulator nodes of the attacker and attacked parties are consistent with a breach.
  - 4. The networked system of claim 3 wherein the processing device is further configured to verify the data received by the simulator nodes of the attacker and attacked parties and the data transmitted from the simulator nodes of the attacker and attacked parties are identical.
  - 5. The networked system of claim 1 wherein breach scenarios comprise sequences of moves executed on the simulator nodes with specific configurations and data assets.
  - 6. The networked system of claim 1 wherein the processing device is further configured to send the breach simulation tasks to the simulator nodes by generating one or more virtual devices configured to perform the breach simulation tasks.
  - 7. The networked system of claim 1 wherein the breach simulation tasks include data transfers, file modifications, change in system configuration, and changes to access permissions.
  - 8. The networked system of claim 1 wherein the results received from the simulator nodes include a hash of transferred and received data.

9. A non-transitory computer readable medium comprising program code that when executed by a programmable processor comprised in a networked system of hardware components configured with computer program code causes execution of a method for verifying breach vulnerabilities within the networked system, the computer readable media comprising:
- computer program code for preparing breach simulation tasks by reading configurations for types of breach scenarios and preparing a list of tasks to be simulated;
  
  computer program code for sending breach simulation tasks to simulator nodes, the simulator nodes being deployed in the networked system and given access to a production server in the networked system, the breach simulation tasks sent to at least a first simulator node is designed to simulate an attacker party and the breach simulation tasks sent to at least a second simulator node is designed to simulate attacked parties involved in the types of breach scenarios;
  
  computer program code for executing the breach simulation tasks on the simulator nodes, wherein the at least first simulator node executes attacker tasks from the list of tasks that simulate an attacker party and the at least second simulator node executes attacked party tasks from the list of tasks that simulate an attacked party;
  
  computer program code for receiving results from the simulator nodes;
  
  computer program code for determining that the simulator nodes of the attacker and attacked parties report on a same result by identifying corresponding outcomes between the simulator nodes of the attacker and attacked parties from the execution of the breach simulation tasks on the simulator nodes, wherein reporting on the same result comprising comparing transferred data transferred by the at least first simulator node and a copy of the transferred data that was successfully received at the at least second simulator node to verify whether breached data and transmitted copy of the breach data are the same;
  
  computer program code for determining that the simulator nodes of the attacker and attacked parties report on successful execution of the breach simulation tasks; and
  
  computer program code for identifying a successful breach based on the simulator nodes of the attacker and attacked parties report on the same result and the simulator nodes of the attacker and attacked parties report on the successful execution of the breach simulation tasks.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer readable medium of claim 9 wherein the simulator nodes of the attacker and attacked parties include at least one of client devices and servers.
  - 11. The computer readable medium of claim 9 further comprising:
    - computer program code for determining proper execution of the breach simulation tasks; and
      
      computer program code for verifying data received by the simulator nodes of the attacker and attacked parties and data transmitted from the simulator nodes of the attacker and attacked parties are consistent with a breach.
  - 12. The computer readable medium of claim 11 further comprising computer program code for verifying the data received by the simulator nodes of the attacker and attacked parties and the data transmitted from the simulator nodes of the attacker and attacked parties are identical.
  - 13. The computer readable medium of claim 9 wherein breach scenarios comprise sequences of moves executed on the simulator nodes with specific configurations and data assets.
  - 14. The computer readable medium of claim 9 further comprising computer program code for sending the breach simulation tasks to the simulator nodes by generating one or more virtual devices configured to perform the breach simulation tasks.
  - 15. The computer readable medium of claim 9 wherein the breach simulation tasks include data transfers, file modifications, change in system configuration, and changes to access permissions.
  - 16. The computer readable medium of claim 9 wherein the results received from the simulator nodes include a hash of transferred and received data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeBreach, Ltd.
Original Assignee
SafeBreach, Ltd.
Inventors
Kotler, Itzhak, Livni, Idan, Bar-Shalom, Dan, Bejerano, Guy
Primary Examiner(s)
McNally, Michael S
Assistant Examiner(s)
LIN, AMIE CHINYU

Application Number

US14/691,116
Publication Number

US 20160306979A1
Time in Patent Office

820 Days
Field of Search

726 23, 726 25
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06N 5/02   Knowledge representation; S...

System and method for verifying malicious actions by utilizing virtualized elements

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for verifying malicious actions by utilizing virtualized elements

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links