System and method for automatic service discovery and protection
First Claim
1. A system for automatically discovering services operating on a network, the system comprising:
- a service discovery database configured to store expected service behavioral characteristics and service identities of known services operating on the network, each of the service identities being associated with a set of the expected service behavioral characteristics in the service discovery database;
a set of service discovery modules, the set of service discovery modules configured to collect service behavioral data of unknown services operating on the network, wherein the unknown services are not previously known to the network, wherein the set of service discovery modules comprise an identity provider service discovery module configure to;
monitor authentication attempts to an identity provider service; and
generate a log of authentication attempt data associated with the authentication attempts of services attempting to authenticate to the network;
a service discovery module controller communicatively coupled to the service discovery database and the set of service discovery modules, the service discovery module controller configured to identify the unknown services operating on and attempting to authenticate to the network, wherein the identifying includes;
generating a first set of service behavioral characteristics from the service behavioral data;
analyzing the first set of service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis;
analyzing the log of authentication attempt data to identify characteristics of the log of authentication attempt data;
comparing the characteristics of the log of authentication attempt data to a predetermined authentication attempt fingerprint dataset, andidentifying a first service identity of at least one of the unknown services operating on the network that is attempting to authenticate to the network using (i) the first behavioral analysis and an association of the first service identity and a first set of the expected service behavioral characteristics and (ii) results of the comparison of the characteristics of the log of authentication attempt data to the predetermined authentication attempt fingerprint dataset; and
wherein the service discovery module controller is configured to;
automatically implement a security measure based on identifying the after identifying the first service identity of the unknown service, wherein implementing the security measure includes modifying a network access method of the unknown service corresponding to the first service identity to require, at least, a multi-factor authentication measure for connecting to or continued operation of the unknown service on the network thereby reducing or mitigating vulnerability in the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module controller communicatively coupled to the service discovery module database and the set of service discovery modules, the service discovery module controller configured to generate service behavioral characteristics from the service behavioral data, analyze the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis, identify a first service identity of at least one service operating on the network from the first behavioral analysis and an association of the first service identity and the expected service behavioral characteristics.
19 Citations
24 Claims
-
1. A system for automatically discovering services operating on a network, the system comprising:
-
a service discovery database configured to store expected service behavioral characteristics and service identities of known services operating on the network, each of the service identities being associated with a set of the expected service behavioral characteristics in the service discovery database; a set of service discovery modules, the set of service discovery modules configured to collect service behavioral data of unknown services operating on the network, wherein the unknown services are not previously known to the network, wherein the set of service discovery modules comprise an identity provider service discovery module configure to; monitor authentication attempts to an identity provider service; and generate a log of authentication attempt data associated with the authentication attempts of services attempting to authenticate to the network; a service discovery module controller communicatively coupled to the service discovery database and the set of service discovery modules, the service discovery module controller configured to identify the unknown services operating on and attempting to authenticate to the network, wherein the identifying includes; generating a first set of service behavioral characteristics from the service behavioral data; analyzing the first set of service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis; analyzing the log of authentication attempt data to identify characteristics of the log of authentication attempt data; comparing the characteristics of the log of authentication attempt data to a predetermined authentication attempt fingerprint dataset, and identifying a first service identity of at least one of the unknown services operating on the network that is attempting to authenticate to the network using (i) the first behavioral analysis and an association of the first service identity and a first set of the expected service behavioral characteristics and (ii) results of the comparison of the characteristics of the log of authentication attempt data to the predetermined authentication attempt fingerprint dataset; and wherein the service discovery module controller is configured to; automatically implement a security measure based on identifying the after identifying the first service identity of the unknown service, wherein implementing the security measure includes modifying a network access method of the unknown service corresponding to the first service identity to require, at least, a multi-factor authentication measure for connecting to or continued operation of the unknown service on the network thereby reducing or mitigating vulnerability in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for automatically discovering unknown services operating on a network, the method comprising:
-
storing expected service behavioral characteristics and service identities of known services operating on the network, each service identity associated with a set of the expected service behavioral characteristics; collecting service behavioral data of the unknown services operating on the network; monitoring authentication attempts to an identity provider service and generating a log of authentication attempt data associated with the authentication attempts of services attempting to authenticate to the network; generating service behavioral characteristics from the service behavioral data; analyzing the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis; analyzing the log of authentication attempt data to identify characteristics of the log of authentication attempt data; comparing the characteristics of the log of authentication attempt data to a predetermined authentication attempt fingerprint dataset, and identifying a first service identity of at least one of the unknown services operating on the network that is attempting to authenticate to the network based on (i) the first behavioral analysis and an association of the first service identity and a first set of the expected service behavioral characteristics and (ii) results of the comparison of the characteristics of the log of authentication attempt data to the predetermined authentication attempt fingerprint dataset; wherein, based on identifying the first service of the at least one of the unknown services operating on the network; automatically implementing a security measure based on identifying the first service identity of the unknown service, wherein implementing the security measure includes modifying a network access method of the at least one unknown service corresponding to the first service identity to require an authentication measure comprising a multi-factor authentication for continued operation of the unknown service on the network thereby reducing or mitigating vulnerability in the network.
-
Specification