| 发明名称 |
System and a Method for Identifying Malware Network Activity Using a Decoy Environment |
| 摘要 |
A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment. |
| 申请公布号 |
US2016080414(A1) |
申请公布日期 |
2016.03.17 |
| 申请号 |
US201514847315 |
申请日期 |
2015.09.08 |
| 申请人 |
TopSpin Security LTD. |
发明人 |
Kolton Doron;Mizrahi Rami;Zohar Omer;Ben-Rabi Benny;Barbalat Alex;Gabai Shlomi |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for gathering information about malware, comprising:
a working environment comprising:
a plurality of working environment servers;a plurality of working environment endpoints;a working environment network interconnecting said plurality of working environment servers and said plurality of working environment endpoints;at least one working environment switch directing traffic within said working environment network; andat least one working environment router directing traffic between said working environment network and an external network; a decoy environment comprising:
at least one physical machine;at least one decoy environment server;at least one decoy environment endpoint;a decoy environment network interconnecting said at least one physical machine, said at least one decoy environment server and said at least one decoy environment endpoint; andat least one decoy environment router directing traffic between said decoy environment network and an external network; a file directing mechanism, functionally associated with said working environment and with said decoy environment, directing at least some files intended for said working environment to said at least one physical machine of said decoy environment; and a threat tracking mechanism, functionally associated with said decoy environment, tracking and observing actions triggered by said at least some files in said decoy environment. |
| 地址 |
Herzelia IL |
