logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9553885 B1

PDFFull Text
Date of Patent:
Jan. 24, 2017

Filed:

Jan. 23, 2016

System and method for creation, deployment and management of augmented attacker map

Applicant:

Illusive Networks Ltd., Tel Aviv, IL;

Inventors:

Shlomo Touboul, Kfar Chaim, IL;

Hanan Levin, Tel Aviv, IL;

Stephane Roubach, Herzliya, IL;

Assaf Mischari, Petach Tikva, IL;

Itai Ben David, Tel Aviv, IL;

Itay Avraham, Tel Aviv, IL;

Adi Ozer, Shoham, IL;

Chen Kazaz, Tel Aviv, IL;

Ofer Israeli, Tel Aviv, IL;

Olga Vingurt, Shderot, IL;

Liad Gareh, Herzliya, IL;

Israel Grimberg, Ra'anana, IL;

Cobby Cohen, Tel Aviv, IL;

Sharon Sultan, Tel Aviv, IL;

Matan Kubovsky, Tel Aviv, IL;

Assignee:

ILLUSIVE NETWORKS LTD., Tel Aviv, IL;

Attorney:

Soquel Group I.P Ltd.

Primary Examiner:

Fatoumata Traore

Int. Cl.
CPC ...
G06F 12/14 (2006.01); G06F 12/16 (2006.01); H04L 29/06 (2006.01); G06F 21/57 (2013.01); G06F 21/56 (2013.01);
U.S. Cl.
CPC ...
H04L 63/1416 (2013.01); G06F 21/56 (2013.01); G06F 21/577 (2013.01); H04L 63/1425 (2013.01);
Abstract

A network surveillance system including a deception management server within a network, including a deployment module managing and planting decoy attack vectors in network resources, wherein an attack vector is an object in memory or storage of a first resource that may be used to access a second resource, and decoy servers accessible from resources in the network via decoy attack vectors, each decoy server including a forensic alert module causing a real-time forensic application to be transmitted to a destination resource in the network when the decoy server is being accessed by a specific resource in the network via a decoy attack vector, wherein the forensic application, when launched in the destination resource, identifies a process running within the specific resource that is accessing that decoy server, logs the activities performed by the thus-identified process in a forensic report, and transmits the forensic report to the deception management server.

Find Patent Forward Citations

Loading…