| 发明名称 |
Correlation based security risk identification |
| 摘要 |
Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network. |
| 申请公布号 |
US9185136(B2) |
申请公布日期 |
2015.11.10 |
| 申请号 |
US201314092991 |
申请日期 |
2013.11.28 |
| 申请人 |
Cyber-Ark Software Ltd. |
发明人 |
Dulkin Andrey;Kamanovsky Denis;Eilat Yoel;Sade Yair |
| 分类号 |
H04L29/06;G06F21/57 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method for identifying security risks, comprising:
using at least one server connected to a computer network to perform the following actions:
retrieving, via said computer network, a plurality of account credentials indications of a plurality of user accounts from a first group of machines in said computer network and generating a mapping dataset which maps said plurality of account credentials indications to machines in said first group, each of said plurality of account credentials indications is an indication of at least one of:a logon action made with authentication credentials of one of said plurality of user accounts on a member of said first group of machines, anda presence of said authentication credentials on a member of said first group of machines;collecting a plurality of account access rights, each one of said plurality of account access rights grants to one of said plurality of user accounts an access to at least one member of a second group of machines in said network; andidentifying automatically at least one of a presence and absence of a plurality of security risks to at least one member of said second group by an analysis of said mapping database and a correlation between at least one of said plurality of account credentials indications and at least one of said plurality of account access rights;automatically generating a record of at least one of said presence and absence of said plurality of security risks; where said at least one account credentials indication and said at least one account access right is of the same account from said plurality of user accounts. |
| 地址 |
Petach-Tikva IL |
