Multi-factor deception management and detection for malicious actions in a computer network
First Claim
Patent Images
1. A system for multi-factor network surveillance to detect attackers, comprising:
- a management server within a network of resources in which users access the resources based on credentials, comprising a memory containing instructions and a processor that executes the instructions to plant decoy credentials DC1, DC2, and DC3, in memory or storage of respective resources R1, R2 and R3, wherein the decoy credentials DC1 DC2 and DC3 may be used by an attacker to access respective resources R2, R3 and R4, and wherein R1 is a bona fide enterprise resource, and R2, R3 and R4 are decoy resources for the purpose of intrusion detection; and
a security manager comprising a memory containing instructions and a processor that executes the instructions to receive reports of attempts to use decoy credentials and to generate an alert that an attacker is intruding the network only when attempts to use the three decoy credentials DC1 DC2 and DC3 are reported.
1 Assignment
0 Petitions
Accused Products
Abstract
A network surveillance system, including a management server within a network of resources in which users access the resources in the network based on credentials, including a deployment module planting honeytokens in resources in the network, wherein a honeytoken is an object in memory or storage of a first resource that may be used by an attacker to access a second resource using decoy credentials, and wherein the deployment module plants a first honeytoken in a first resource, R1, used to access a second resource, R2, using first decoy credentials, and plants a second honeytoken in R2, used to access a third resource, R3, using second decoy credentials, and an alert module alerting that an attacker is intruding the network only in response to both an attempt to access R2 using the first decoy credentials, and a subsequent attempt to access R3 using the second decoy credentials.
115 Citations
4 Claims
-
1. A system for multi-factor network surveillance to detect attackers, comprising:
-
a management server within a network of resources in which users access the resources based on credentials, comprising a memory containing instructions and a processor that executes the instructions to plant decoy credentials DC1, DC2, and DC3, in memory or storage of respective resources R1, R2 and R3, wherein the decoy credentials DC1 DC2 and DC3 may be used by an attacker to access respective resources R2, R3 and R4, and wherein R1 is a bona fide enterprise resource, and R2, R3 and R4 are decoy resources for the purpose of intrusion detection; and a security manager comprising a memory containing instructions and a processor that executes the instructions to receive reports of attempts to use decoy credentials and to generate an alert that an attacker is intruding the network only when attempts to use the three decoy credentials DC1 DC2 and DC3 are reported. - View Dependent Claims (2, 3)
-
-
4. A system for multi-factor network surveillance to detect attackers, comprising:
-
a management server within a network of resources, comprising a memory containing instructions and a processor that executes the instructions to plant honeytokens HT1 HT2 and HT3 in respective resources R1, R2 and R31 wherein honeytokens HT1 HT2 and HT3 are objects in memory or storage of R1, R2 and R3, respectively, that may be used by an attacker to discover existence of R2, R3 and R4, respectively, and wherein R1 is a bona fide enterprise resource and R2, R3 and R4 are decoy resources for the purpose of intrusion detection; and a security manager comprising a memory containing instructions and a processor that executes the instructions to receive reports of attempts to access resources, and to generate an alert that an attacker is intruding the network only when attempts to access the three resources R2, R3 and R4 are reported.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current Assigneeillusive networks LTD.
-
Original Assigneeillusive networks LTD.
-
InventorsTouboul, Shlomo, Levin, Hanan, Roubach, Stephane, Mischari, Assaf, Ben David, Itai, Avraham, Itay, Ozer, Adi, Kazaz, Chen, Israeli, Ofer, Vingurt, Olga, Gareh, Liad, Grimberg, Israel, Cohen, Cobby, Sultan, Sharon, Kubovsky, Matan
-
Primary Examiner(s)POTRATZ, DANIEL B
-
Application NumberUS15/175,052Publication NumberTime in Patent Office686 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/55 Detecting local intrusion o...G06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/577 Assessing vulnerabilities a...G06N 20/00 Machine learningH04L 2463/146 Tracing the source of attacksH04L 63/10 for controlling access to d...H04L 63/102 Entity profilesH04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/1491 using deception as counterm...H04L 63/20 for managing network securi...
