AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE

AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE

A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monito...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: EVRON Gadi, Goldberg Imri, Ur Shmuel, Sysman Dean
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator EVRON Gadi
Goldberg Imri
Ur Shmuel
Sysman Dean
description A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monitored computer network from process(es) executed on one or more of the computing node(s): setting a score to the malicious activity threat according to potential damage characteristic(s) of the malicious activity threat when the score is above a first threshold launch a threat specific deception campaign by using at least one deception application executed by the computing node(s) for gathering additional data and updating the score according to an analysis of the additional data, and when the score/updated score is above a second threshold generate instructions for alerting an operator and/or reacting to the malicious activity on the at computing node(s).
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2017359376A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2017359376A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2017359376A13</originalsourceid><addsrcrecordid>eNrjZLByDA3x93UMcXVRCPEIcnUMUQhz9PF0cQzx9PdTcPMPUvD0DQjyDwNKe_o5e7q4-oUoBLkGB_j7BbvyMLCmJeYUp_JCaW4GZTfXEGcP3dSC_PjU4oLE5NS81JL40GAjA0NzY1NLY3MzR0Nj4lQBAHkqKkw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE</title><source>esp@cenet</source><creator>EVRON Gadi ; Goldberg Imri ; Ur Shmuel ; Sysman Dean</creator><creatorcontrib>EVRON Gadi ; Goldberg Imri ; Ur Shmuel ; Sysman Dean</creatorcontrib><description>A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monitored computer network from process(es) executed on one or more of the computing node(s): setting a score to the malicious activity threat according to potential damage characteristic(s) of the malicious activity threat when the score is above a first threshold launch a threat specific deception campaign by using at least one deception application executed by the computing node(s) for gathering additional data and updating the score according to an analysis of the additional data, and when the score/updated score is above a second threshold generate instructions for alerting an operator and/or reacting to the malicious activity on the at computing node(s).</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2017</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20171214&amp;DB=EPODOC&amp;CC=US&amp;NR=2017359376A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76290</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20171214&amp;DB=EPODOC&amp;CC=US&amp;NR=2017359376A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>EVRON Gadi</creatorcontrib><creatorcontrib>Goldberg Imri</creatorcontrib><creatorcontrib>Ur Shmuel</creatorcontrib><creatorcontrib>Sysman Dean</creatorcontrib><title>AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE</title><description>A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monitored computer network from process(es) executed on one or more of the computing node(s): setting a score to the malicious activity threat according to potential damage characteristic(s) of the malicious activity threat when the score is above a first threshold launch a threat specific deception campaign by using at least one deception application executed by the computing node(s) for gathering additional data and updating the score according to an analysis of the additional data, and when the score/updated score is above a second threshold generate instructions for alerting an operator and/or reacting to the malicious activity on the at computing node(s).</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2017</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLByDA3x93UMcXVRCPEIcnUMUQhz9PF0cQzx9PdTcPMPUvD0DQjyDwNKe_o5e7q4-oUoBLkGB_j7BbvyMLCmJeYUp_JCaW4GZTfXEGcP3dSC_PjU4oLE5NS81JL40GAjA0NzY1NLY3MzR0Nj4lQBAHkqKkw</recordid><startdate>20171214</startdate><enddate>20171214</enddate><creator>EVRON Gadi</creator><creator>Goldberg Imri</creator><creator>Ur Shmuel</creator><creator>Sysman Dean</creator><scope>EVB</scope></search><sort><creationdate>20171214</creationdate><title>AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE</title><author>EVRON Gadi ; Goldberg Imri ; Ur Shmuel ; Sysman Dean</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2017359376A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2017</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>EVRON Gadi</creatorcontrib><creatorcontrib>Goldberg Imri</creatorcontrib><creatorcontrib>Ur Shmuel</creatorcontrib><creatorcontrib>Sysman Dean</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>EVRON Gadi</au><au>Goldberg Imri</au><au>Ur Shmuel</au><au>Sysman Dean</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE</title><date>2017-12-14</date><risdate>2017</risdate><abstract>A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monitored computer network from process(es) executed on one or more of the computing node(s): setting a score to the malicious activity threat according to potential damage characteristic(s) of the malicious activity threat when the score is above a first threshold launch a threat specific deception campaign by using at least one deception application executed by the computing node(s) for gathering additional data and updating the score according to an analysis of the additional data, and when the score/updated score is above a second threshold generate instructions for alerting an operator and/or reacting to the malicious activity on the at computing node(s).</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US2017359376A1
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title AUTOMATED THREAT VALIDATION FOR IMPROVED INCIDENT RESPONSE
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T10%3A09%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=EVRON%20Gadi&rft.date=2017-12-14&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2017359376A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true