×

Predicting and preventing an attacker's next actions in a breached network

  • US 9,794,283 B2
  • Filed: 06/12/2017
  • Issued: 10/17/2017
  • Est. Priority Date: 06/08/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for cyber security, comprising:

  • detecting, by a decoy management server, a breach by an attacker of a specific resource within a network of resources in which users access the resources based on credentials, wherein access to the resources via network connections is governed by a firewall, wherein each resource has a domain name server (DNS) record stored on a DNS server, and wherein some of the resources are servers that are accessed via IP addresses;

    changing, by the decoy management server, the DNS record for the breached resource on the DNS server, in response to said detecting;

    predicting, by the decoy management server, which credentials are compromised, based on credentials stored on the breached resource;

    changing, by the decoy management server, those credentials that were predicted to be compromised, in response to said predicting which credentials are compromised;

    predicting, by the decoy management server, which servers in the network are compromised, based on connections created during the breach;

    changing, by the decoy management server, IP addresses of the predicted compromised servers in response to said predicting which servers are compromised;

    creating, by the decoy management server, firewall rules to block access to the predicted compromised servers from the breached resource, in response to said predicting which servers are compromised;

    predicting, by the decoy management server, data leakage paths from inside the network to outside the network, based on an open outbound connection during the breach; and

    creating, by the decoy management server, firewall rules to block that outbound connection in response to said predicting data leakage paths.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×