Method and system for intrusion prevention and deflection

摘要

A system for preventing intrusion in communication traffic with a set of machines in a network includes a data base having stored therein patterns representative of forbidden communication entities as well a firewall module configured for blocking forbidden communication entities in the traffic as identified by respective patterns included in the data base. The system also has another data base having stored therein patterns representative of allowed communication entities for communication with the set of machines and a test system including test facilities replicating the machines in the set. A communication module is configured for allowing communication of allowed communication entities as identified by respective patterns included in the other data base. Unknown communication entities as identified by respective unknown patterns not included in either of the data base and further data base are directed to the test system and run on the test facilities therein to detect possible adverse effects of such unknown communication entities on the test system. The system is further configured so that in the presence of an adverse effect, the unknown communication entity leading to the adverse effect is blocked by the firewall module, and in the absence of an adverse effect, communication of the unknown communication entity failing to lead to the adverse effect is allowed.