| 发明名称 |
SYSTEM AND METHOD FOR CREATION, DEPLOYMENT AND MANAGEMENT OF AUGMENTED ATTACKER MAP |
| 摘要 |
A network surveillance system including a deception management server within a network, including a deployment module managing and planting decoy attack vectors in network resources, wherein an attack vector is an object in memory or storage of a first resource that may be used to access a second resource, and decoy servers accessible from resources in the network via decoy attack vectors, each decoy server including a forensic alert module causing a real-time forensic application to be transmitted to a destination resource in the network when the decoy server is being accessed by a specific resource in the network via a decoy attack vector, wherein the forensic application, when launched in the destination resource, identifies a process running within the specific resource that is accessing that decoy server, logs the activities performed by the thus-identified process in a forensic report, and transmits the forensic report to the deception management server. |
| 申请公布号 |
US2016359876(A1) |
申请公布日期 |
2016.12.08 |
| 申请号 |
US201615004904 |
申请日期 |
2016.01.23 |
| 申请人 |
Illusive Networks Ltd. |
发明人 |
TOUBOUL SHLOMO;LEVIN HANAN;ROUBACH STEPHANE;MISCHARI ASSAF;BEN DAVID ITAI;AVRAHAM ITAY;OZER ADI;KAZAZ CHEN;ISRAELI OFER;VINGURT OLGA;GAREH LIAD;GRIMBERG ISRAEL;COHEN COBBY;SULTAN SHARON;KUBOVSKY MATAN |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for network surveillance to detect attackers, comprising:
a deception management server within a network of resources, comprising a deployment module managing and planting one or more decoy attack vectors in one or more of the resources in the network, wherein an attack vector is an object in memory or storage of a first resource that may be used to access a second resource; and one or more decoy servers accessible from resources in the network, each decoy server comprising a forensic alert module that issues an alert when a specific resource in the network accesses that decoy server via one or more of the decoy attack vectors planted in that specific resource by said deployment module, the alert causing said deception management server to transmit a real-time forensic application to the specific resource, wherein the forensic application, when launched in the specific resource, identifies a process running within the specific resource that is accessing that decoy server, logs the activities performed by the thus-identified process in a forensic report, and transmits the forensic report to said deception management server. |
| 地址 |
TEL AVIV IL |
