Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network
US-9882929-B1 · Jan 30, 2018 · US
Synthetic Cyber-Risk Model for Vulnerability Determination
US2018343278A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018343278-A1 |
| Application number | US-201816036138-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 16, 2018 |
| Priority date | Nov 11, 2014 |
| Publication date | Nov 29, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system, method, and device are presented for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether any modifications to the same or a new synthesized test is preferred. The technology includes self-healing processes that, using the feedback mechanisms, can attempt to find patches for known vulnerabilities, test for unknown vulnerabilities, and configure the target network's resources in accordance with predefined service-level agreements.
First claim
Opening claim text (preview).
We claim: 1 . A method comprising: receiving information associated with a cyberthreat, wherein the cyberthreat is associated with an objective; using the information, mapping one or more characteristics of the cyberthreat into instructions for performing steps to simulate an existence of the cyberthreat within a target network without implementing the objective of the cyberthreat in the target network; determining one or more agents to execute the instructions; initiating execution of the instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receiving feedback including receiving a level of success of the one or more agents in performing the steps; and generating an analysis, based on the feedback, that includes a recommended configuration change for a computing device within the target network to improve detection of or response to the cyberthreat. 2 . The method of claim 1 , wherein the feedback includes: a number of the steps that were successfully completed; and an indication of whether the computing device detected the cyberthreat or how the computing device responded to the cyberthreat. 3 . The method of claim 1 , wherein mapping one or more of the characteristics of the cyberthreat to instruction includes determining logic that, when executed by the one or more agents, would achieve or approximately achieve the objective of the cyber-threat if the cyberthreat were to execute the objective successfully, wherein the logic is configured to dynamically generate a file, create network communication, or access a user account, system, account, directory, database, or registry. 4 . The method of claim 1 , wherein receiving information associated with the cyberthreat includes: receiving an indication of the cyberthreat to data security from an external source; and determining the one or more characteristics of the cyberthreat based on information from the external source. 5 . The method of claim 1 , further comprising automatically implementing the recommended configuration change responsive to the analysis. 6 . The method of claim 1 , wherein generating the analysis includes determining whether the target network is at or near a threshold level of vulnerability to the cyberattack, the recommended configuration change being generated responsive to the target network being at or near the threshold. 7 . The method of claim 1 , wherein the recommended configuration change is dynamically generated based on a configurable set of rules. 8 . The method of claim 1 , wherein the recommended configuration change includes at least one of: dynamically terminating network communication ports used by the simulated cyberthreat; enabling a firewall rule; failing the target network so that network traffic is routed to a failover network; or routing traffic to a demilitarized zone for further analysis in a sandbox network. 9 . A non-transitory computer-readable medium storing instructions that, when executed, cause one or more processors to perform operations comprising: receiving information associated with a cyberthreat, wherein the cyberthreat is associated with an objective; using the information, mapping one or more characteristics of the cyberthreat into instructions for performing steps to simulate an existence of the cyberthreat within a target network without implementing the objective of the cyberthreat in the target network; determining one or more agents to execute the instructions; initiating execution of the instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receiving feedback including receiving a level of success of the one or more agents in performing the steps; and generating an analysis, based on the feedback, that includes a recommended configuration change for a computing device within the target network to improve detection of or response to the cyberthreat. 10 . The non-transitory computer-readable medium of claim 9 , wherein the feedback includes: a number of the steps that were successfully completed; and an indication of whether the computing device detected the cyberthreat or how the computing device responded to the cyberthreat. 11 . The non-transitory computer-readable medium of claim 9 , wherein mapping one or more of the characteristics of the cyberthreat to instruction includes determining logic that, when executed by the one or more agents, would achieve or approximately achieve the objective of the cyber-threat if the cyberthreat were to execute the objective successfully, wherein the logic is configured to dynamically generate a file, create network communication, or access a user account, system, account, directory, database, or registry. 12 . The non-transitory computer-readable medium of claim 9 , wherein receiving information associated with the cyberthreat includes: receiving an indication of the cyberthreat to data security from an external source; and determining the one or more characteristics of the cyberthreat based on information from the external source. 13 . The non-transitory computer-readable medium of claim 9 , wherein the operations further comprise automatically implementing the recommended configuration change responsive to the analysis. 14 . The non-transitory computer-readable medium of claim 9 , wherein generating the analysis includes determining whether the target network is at or near a threshold level of vulnerability to the cyberattack, the recommended configuration change being generated responsive to the target network being at or near the threshold. 15 . The non-transitory computer-readable medium of claim 9 , wherein the recommended configuration change is dynamically generated based on a configurable set of rules. 16 . The non-transitory computer-readable medium of claim 9 , wherein the recommended configuration change includes at least one of: dynamically terminating network communication ports used by the simulated cyberthreat; enabling a firewall rule; failing the target network so that network traffic is routed to a failover network; or routing traffic to a demilitarized zone for further analysis in a sandbox network. 17 . A system comprising: one or more processors; and one or more computer readable media storing instructions that, when executed, cause the one or more processors to perform operations including: receiving information associated with a cyberthreat, wherein the cyberthreat is associated with an objective; using the information, mapping one or more characteristics of the cyberthreat into instructions for performing steps to simulate an existence of the cyberthreat within a target network without implementing the objective of the cyberthreat in the target network; determining one or more agents to execute the instructions; initiating execution of the instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receiving feedback including receiving a level of success of the one or more agents in performing the steps; and generating an analysis, based on the feedback, that includes a recommended configuration change for a computing device within the target network to improve detection of or response to the cyberthreat. 18 . The system of claim 17 , wherein mapping one or more of the characteristics of the cyberthreat to instruction includes determining logic that, when executed by the one or more agents, would achieve or approximately achieve the objective of th
Assignees
Inventors
Classifications
Fully automatic configuration · CPC title
for predicting network behaviour · CPC title
comprising network management agents or mobile agents therefor · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
involving simulating, designing, planning or modelling of a network · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018343278A1 cover?
- A system, method, and device are presented for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether …
- Who is the assignee on this patent?
- Goldman Sachs & Co Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Nov 29 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).