Cloud protection techniques

US 9,894,098 B2
Filed: 07/21/2014
Issued: 02/13/2018
Est. Priority Date: 10/28/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

creating a feigned cloud environment within a source cloud environment upon detection of an event from within the source environment, wherein creating further includes creating the feigned could environment on a set of cooperating computing resources including one or more processor-enabled and memory-enabled machines having one or more software and computing resources;

migrating services from the source cloud environment to a target cloud environment, wherein creating and migrating further includes processing the creating of the feigned cloud environment in parallel and concurrently with processing the migrating of the services; and

tracking activity of an intruder within the feigned cloud environment during the migration.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.

24 Citations

View as Search Results

17 Claims

1. A method, comprising:
- creating a feigned cloud environment within a source cloud environment upon detection of an event from within the source environment, wherein creating further includes creating the feigned could environment on a set of cooperating computing resources including one or more processor-enabled and memory-enabled machines having one or more software and computing resources;
  
  migrating services from the source cloud environment to a target cloud environment, wherein creating and migrating further includes processing the creating of the feigned cloud environment in parallel and concurrently with processing the migrating of the services; and
  
  tracking activity of an intruder within the feigned cloud environment during the migration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein creating further includes creating the feigned cloud environment based on risk level associated with the event.
  - 3. The method of claim 1, wherein creating further includes obtaining a policy that defines screens and parameters to those screens for the feigned cloud environment.
  - 4. The method of claim 3, wherein obtaining further includes obtaining from the policy fake resources for the feigned cloud environment.
  - 5. The method of claim 3, wherein obtaining further includes producing, in response to the policy, the parameters as one or more of:
    - fake Doman Name System names, fake application that appear to be executing in the feigned cloud environment, and fake types and amounts for network traffic to show appearing in the feigned cloud environment.
  - 6. The method of claim 1, wherein migrating further includes obtaining a listing for the services and servers associated with the cloud processing environment.
  - 7. The method of claim 1, wherein migrating further includes obtaining a policy that defines one or more of:
    - a target cloud processing environment identifier, a new Internet Protocol (IP) address fur reaching the target cloud processing environment, new communication port identifiers for the target cloud processing environment, and new keys associated with authentication and encryption in the target cloud processing environment.
  - 8. The method of claim 7, wherein obtaining further includes contacting a provisioning server where to provision the services to the target cloud processing environment.
  - 9. The method of claim 1, wherein migrating further includes shutting down the services during the migration.
  - 10. The method of claim 1, wherein tracking further includes capturing intruder events with the actions of the intruder in the feigned cloud processing environment and correlating the intruder events to resolve what the intruder is doing within the feigned cloud processing environment.

11. A method comprising:
- receiving an instruction from a source cloud processing environment to provision servers from the source cloud processing environment within a target cloud processing environment;
  
  shutting services down within the source cloud processing environment;
  
  provisioning fake services within the source cloud processing environment to make the cloud processing environment a honey pot cloud processing environment to entice intruders to access the fake services, wherein provisioning includes provisioning the honey pot cloud processing environment on a set of cooperating computing resources including one or more processor-enabled and memory-enabled machines having one or more software and computing resources; and
  
  migrating and provisioning the services that were shut down for execution in the target cloud processing environment, wherein provisioning and migrating further includes processing the provisioning of the fake services in parallel and concurrently with processing the migrating of the services.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein provisioning further includes monitoring actions of the intruders within the honey pot cloud processing environment.
  - 13. The method of claim 12, wherein monitoring further includes correlating events associated with the actions to determine who the intruder is and what the intruder is attempting to do within the honey pot cloud processing environment.
  - 14. The method of claim 13, wherein correlating further includes determining where the intruder came from.
  - 15. The method of claim 13, wherein correlating further includes determining how the intruder penetrated the honey pot cloud processing environment.
  - 16. The method of claim 11, wherein provisioning further includes feigning network traffic and resource names within the honey pot cloud processing environment.
  - 17. The method of claim 11, wherein migrating further includes maintaining the honey pot cloud processing environment during and after the migration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Inventors
Sabin, Jason Allen
Primary Examiner(s)
Jeudy, Josnel

Application Number

US14/336,794
Publication Number

US 20140359769A1
Time in Patent Office

1,303 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2123   Dummy operation

H04L 63/14   for detecting or protecting...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

Cloud protection techniques

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud protection techniques

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links