| 发明名称 | Managing security breaches in a networked computing environment | ||
| 摘要 | Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user. | ||
| 申请公布号 | US9462013(B1) | 申请公布日期 | 2016.10.04 |
| 申请号 | US201514699279 | 申请日期 | 2015.04.29 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Boss Gregory J.;Hamilton, II Rick A.;Hoy Jeffrey R.;Magro Agueda M. H. |
| 分类号 | G06F12/14;H04L29/06 | 主分类号 | G06F12/14 |
| 代理机构 | Roberts Mlotkowski Safran Cole & Calderon, P.C. | 代理人 | Hartwell William;Calderon Andrew M.;Roberts Mlotkowski Safran Cole & Calderon, P.C. |
| 主权项 | 1. A method of managing security breaches in a networked computing environment, comprising: detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment comprises a decoy system interweaved with the production system; receiving, by the at least one computer device, a communication after the detecting the breach; determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user; and based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user; wherein the networked computing environment comprises layers, and further comprising determining one of the layers at which the breach occurred; and wherein: the communication is determined to be associated with the malicious user;the routing is based on the determined one of the layers; wherein the routing comprises: permitting the malicious user to access at least one element of the production system in one or more first layers up to and including the determined one of the layers; androuting the malicious user to at least one element of the decoy system in one or more second layers downstream of the determined one of the layers. | ||
| 地址 | Armonk NY US | ||