System and method for creation, deployment and management of augmented attacker map
First Claim
1. A system for augmenting an attacker map of a network of resources, comprising:
- a deception management server within a network of resources, generating an attacker map for the network, the attacker map depicting a view of the network and comprising one or more lateral attack paths traversing some or all of the resources, each lateral attack path corresponding to one or more successive lateral attack vectors, wherein a lateral attack vector is an object in memory or storage of a first resource of the network that may potentially lead an attacker to a second resource of the network;
a deployment module planting one or more decoy lateral attack vectors in some of all of the resources of the network; and
an access governor authorizing access to resources in the network, and issuing a notification upon recognizing an attempt to access one or more of the resources of the network via one or more of the decoy lateral attack vectors planted by said deception module,wherein said deception management server further generates an augmented attacker map by augmenting the lateral attack paths based on the decoy lateral attack vectors added by said deployment module.
0 Assignments
0 Petitions
Accused Products
Abstract
A system for augmenting an attacker map of a network of resources, including a deception management server within a network of resources, generating an attacker map for the network, the attacker map including one or more attack paths traversing some or all of the resources, each attack path corresponding to one or more successive attack vectors, wherein an attack vector is an object in memory or storage of a first resource of the network that may potentially lead an attacker to a second resource of the network, and a deployment module for planting one or more decoy attack vectors in some of all of the resources of the network, wherein the deception management server generates an augmented attacker map by augmenting the attack paths based on the decoy attack vectors added by the deployment module.
116 Citations
8 Claims
-
1. A system for augmenting an attacker map of a network of resources, comprising:
-
a deception management server within a network of resources, generating an attacker map for the network, the attacker map depicting a view of the network and comprising one or more lateral attack paths traversing some or all of the resources, each lateral attack path corresponding to one or more successive lateral attack vectors, wherein a lateral attack vector is an object in memory or storage of a first resource of the network that may potentially lead an attacker to a second resource of the network; a deployment module planting one or more decoy lateral attack vectors in some of all of the resources of the network; and an access governor authorizing access to resources in the network, and issuing a notification upon recognizing an attempt to access one or more of the resources of the network via one or more of the decoy lateral attack vectors planted by said deception module, wherein said deception management server further generates an augmented attacker map by augmenting the lateral attack paths based on the decoy lateral attack vectors added by said deployment module. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer readable medium storing instructions, which, when executed by a processor of a management computer, cause the computer:
-
to generate an attacker map for a network of resources, the attacker map depicting a view of the network and comprising one or more lateral attack paths traversing some or all of the resources, each lateral attack path corresponding to one or more successive lateral attack vectors, wherein a lateral attack vector is an object in memory or storage of a first resource of the network that may potentially lead an attacker to a second resource of the network; to plant one or more decoy lateral attack vectors in some or all of the resources of the network; and to generate an augmented attacker map by augmenting the lateral attack paths based on the decoy lateral attack vectors; and to issue a notification upon recognizing an attempt to access one or more of the resources of the network via one or more of the decoy attack vectors that were planted. - View Dependent Claims (6, 7, 8)
-
Specification