专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10382464B2 Data access verification for enterprise resources 有权
公开(公告)号：US10382464B2
公开(公告)日：2019-08-13
申请号：US15394756
申请日：2016-12-29
申请人： Imperva, Inc.
发明人： Amichai Shulman , Sagie Dulce
IPC分类号： G06F21/55 , H04L29/06
摘要： According to one embodiment, a method in a computing device for responding to a determination that a verification with a user is desired responsive to detection of activity indicative of a possible insider threat is described. The method includes selecting a target role and a target user for the verification based on an activity context and an enterprise context repository, the selecting including selecting the target role from a plurality of target roles based on the activity context and optionally the enterprise context repository and selecting a target user in the selected target role based on the enterprise context repository. The method further includes causing a verification request to be sent to the selected target user; and generating an alert when a verification result indicates that the activity is indicative of the possible insider threat.

2. 发明申请

US20150135266A1 COMPROMISED INSIDER HONEY POTS USING REVERSE HONEY TOKENS 有权
标题翻译：使用反向HONEY TOKENS的压缩内脏蜂蜜点
公开(公告)号：US20150135266A1
公开(公告)日：2015-05-14
申请号：US14600855
申请日：2015-01-20
申请人： Imperva, Inc.
发明人： Amichai Shulman , Michael Cherny , Sagie Dulce
IPC分类号： H04L29/06
CPC分类号： H04L63/1491 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： According to one embodiment, a method for setting a trap to detect that an intruder has compromised a client end station (CES) in an attempt to gain unauthorized access to enterprise data provided by a server is described. The method includes causing a honey token to be placed on the CES secluded within a configuration repository, wherein the honey token is metadata and/or instructions indicating how applications can seemingly access the enterprise data but that is actually invalid, and the honey token is placed on the CES and not on the server. The method also includes causing attribute values to be installed on a security gateway for a security rule causing the security gateway to monitor network traffic for attempted use of the honey token, and to generate an alert when a set of one or more packets that include the honey token are received.
摘要翻译：根据一个实施例，描述了一种用于设置陷阱以检测入侵者已经破坏了客户端站（CES）以尝试获得未经授权的访问由服务器提供的企业数据的方法。该方法包括使蜂蜜令牌放置在配置库内隐藏的CES上，其中蜂蜜令牌是元数据和/或指示应用程序如何看起来访问企业数据但实际上无效的指令，并且蜂蜜令牌被放置在CES上，而不是在服务器上。该方法还包括使属性值安装在用于安全规则的安全网关上的安全规则，导致安全网关监视网络流量以尝试使用蜂蜜令牌，并且当包括一个或多个分组的一个或多个分组的集合时生成警报收到蜂蜜令牌。

3. 发明授权

US11533295B2 Techniques for securely detecting compromises of enterprise end stations utilizing tunnel tokens 有权
公开(公告)号：US11533295B2
公开(公告)日：2022-12-20
申请号：US16730768
申请日：2019-12-30
申请人： Imperva, Inc.
发明人： Amichai Shulman , Sagie Dulce , Daniella Goihman-Shuster , Shahar Ben-Hador
IPC分类号： H04L9/40 , H04L12/46 , H04L45/745 , H04L61/5007 , H04L61/2514 , H04L61/103
摘要： A method in a cloud network to detect compromises within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network. The method includes receiving, at a tunnel gateway server within the cloud network, a first set of packets via a tunnel across a public network from a first server within the enterprise network, where the first set of packets were generated responsive to the first server receiving a second set of packets that originated from within the enterprise network and that included data and a source enterprise network address, where the first set of packets does not include the source enterprise network address and the data includes a token. The method further includes transmitting, by the tunnel gateway server, the data within a third set of packets to a second server that acts as if it were an enterprise server within the enterprise network.

4. 发明授权

US10805325B2 Techniques for detecting enterprise intrusions utilizing active tokens 有权
公开(公告)号：US10805325B2
公开(公告)日：2020-10-13
申请号：US15672055
申请日：2017-08-08
申请人： Imperva, Inc.
发明人： Amichai Shulman , Sagie Dulce
IPC分类号： H04L29/06
摘要： A Token Transmission Server transmits active tokens within an enterprise network. The active tokens include either active data tokens or active request tokens, and are fraudulent from the perspective of the enterprise. A Token Monitoring Server monitors network traffic within the enterprise network to detect the presence of network traffic being originated by an enterprise device based upon the active tokens, and generates an alert indicating that the enterprise device is likely compromised.

5. 发明授权

US10469523B2 Techniques for detecting compromises of enterprise end stations utilizing noisy tokens 有权
公开(公告)号：US10469523B2
公开(公告)日：2019-11-05
申请号：US15345445
申请日：2016-11-07
申请人： Imperva, Inc.
发明人： Amichai Shulman , Sagie Dulce
IPC分类号： H04L29/06
摘要： Noisy tokens can be placed in locations of client end stations such that local operations performed upon the noisy tokens generate network traffic. A traffic monitoring module (TMM) can determine normal activity patterns of network traffic resulting from one or more of the placed noisy tokens being activated by one or more non-malicious operations, and identify that other network traffic resulting from one or more of the noisy tokens being activated does not meet the one or more normal activity patterns. In response, the TMM can cause an alert to be generated.

6. 发明授权

US09667651B2 Compromised insider honey pots using reverse honey tokens 有权
公开(公告)号：US09667651B2
公开(公告)日：2017-05-30
申请号：US15184982
申请日：2016-06-16
申请人： Imperva, Inc.
发明人： Amichai Shulman , Michael Cherny , Sagie Dulce
IPC分类号： H04L29/06
CPC分类号： H04L63/1491 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： According to one embodiment, a method for setting a trap to detect that an intruder has compromised a client end station (CES) in an attempt to gain unauthorized access to enterprise data provided by a server is described. The method includes causing a honey token to be placed on the CES secluded within a configuration repository, wherein the honey token is metadata and/or instructions indicating how applications can seemingly access the enterprise data but that is actually invalid, and the honey token is placed on the CES and not on the server. The method also includes causing attribute values to be installed on a security gateway for a security rule causing the security gateway to monitor network traffic for attempted use of the honey token, and to generate an alert when a set of one or more packets that include the honey token are received.

7. 发明授权

US09591008B2 Data access verification for enterprise resources 有权
标题翻译：企业资源的数据访问验证
公开(公告)号：US09591008B2
公开(公告)日：2017-03-07
申请号：US14688914
申请日：2015-04-16
申请人： Imperva, Inc.
发明人： Amichai Shulman , Sagie Dulce
IPC分类号： G06F21/30 , H04L29/06 , G06F21/55
CPC分类号： H04L63/1425 , G06F21/554 , G06F2221/034 , H04L63/0272 , H04L63/0281 , H04L63/10 , H04L63/1416 , H04L63/1441 , H04L63/18
摘要： According to one embodiment, a method in a computing device for responding to a determination that a verification with a user is desired responsive to detection of activity indicative of a possible insider threat is described. The method includes selecting a target role and a target user for the verification based on an activity context and an enterprise context repository, the selecting including selecting the target role from a plurality of target roles based on the activity context and optionally the enterprise context repository and selecting a target user in the selected target role based on the enterprise context repository. The method further includes causing a verification request to be sent to the selected target user; and generating an alert when a verification result indicates that the activity is indicative of the possible insider threat.
摘要翻译：根据一个实施例，描述了一种计算设备中的方法，用于响应于响应于指示可能的内部威胁的活动的检测而响应于用户的验证的确定。该方法包括基于活动上下文和企业上下文存储库来选择用于验证的目标角色和目标用户，该选择包括基于活动上下文以及可选的企业上下文库从多个目标角色中选择目标角色;以及基于企业上下文信息库选择所选目标角色中的目标用户。该方法还包括使验证请求被发送到所选择的目标用户; 并且当验证结果指示该活动指示可能的内部威胁时，产生警报。

8. 发明授权

US08973142B2 Compromised insider honey pots using reverse honey tokens 有权
标题翻译：使用反向蜂蜜令牌的内疚蜜罐
公开(公告)号：US08973142B2
公开(公告)日：2015-03-03
申请号：US13934099
申请日：2013-07-02
申请人： Imperva Inc.
发明人： Amichai Shulman , Michael Cherny , Sagie Dulce
IPC分类号： G06F12/14 , H04L29/06
CPC分类号： H04L63/1491 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： According to one embodiment, a method for setting a trap to detect that an intruder has compromised a client end station (CES) in an attempt to gain unauthorized access to enterprise data provided by a server is described. The method includes causing a honey token to be placed on the CES secluded within a configuration repository, wherein the honey token is metadata and/or instructions indicating how applications can seemingly access the enterprise data but that is actually invalid, and the honey token is placed on the CES and not on the server. The method also includes causing attribute values to be installed on a security gateway for a security rule causing the security gateway to monitor network traffic for attempted use of the honey token, and to generate an alert when a set of one or more packets that include the honey token are received.
摘要翻译：根据一个实施例，描述了一种用于设置陷阱以检测入侵者已经破坏了客户端站（CES）以尝试获得未经授权的访问由服务器提供的企业数据的方法。该方法包括使蜂蜜令牌放置在配置库内隐藏的CES上，其中蜂蜜令牌是元数据和/或指示应用程序如何看起来访问企业数据但实际上无效的指令，并且蜂蜜令牌被放置在CES上，而不是在服务器上。该方法还包括使属性值安装在用于安全规则的安全网关上的安全规则，导致安全网关监视网络流量以尝试使用蜂蜜令牌，并且当包括一个或多个分组的一个或多个分组的集合时生成警报收到蜂蜜令牌。

9. 发明授权

US09680833B2 Detection of compromised unmanaged client end stations using synchronized tokens from enterprise-managed client end stations 有权
公开(公告)号：US09680833B2
公开(公告)日：2017-06-13
申请号：US14750539
申请日：2015-06-25
申请人： Imperva, Inc.
发明人： Sagie Dulce , Amichai Shulman
IPC分类号： G06F7/04 , H04L29/06
CPC分类号： H04L63/10 , H04L63/1408 , H04L63/1491
摘要： Techniques related to detecting compromised unmanaged client end stations using synchronized tokens placed on enterprise-managed client end stations are described. A token distribution module causes token(s) to be placed with user data of a managed client end station in specific locations. The placement locations are selected due to the token(s) likely being synchronized, the token(s) being unlikely to be discovered or used by an authorized user, but likely discovered by an attacker. During a synchronization process, the token(s) are sent to an unmanaged client end station. The token(s) can be detected and/or acquired from the unmanaged client end station by an attacker, and thereafter used in an attempt to access an apparent enterprise resource. A token detection module can detect this use of the token(s) to thereby detect the compromise of the unmanaged client end station, without needing direct access to the unmanaged client end station.

10. 发明申请

US20150013006A1 COMPROMISED INSIDER HONEY POTS USING REVERSE HONEY TOKENS 有权
公开(公告)号：US20150013006A1
公开(公告)日：2015-01-08
申请号：US13934099
申请日：2013-07-02
申请人： Imperva Inc.
发明人： Amichai Shulman , Michael Cherny , Sagie Dulce
IPC分类号： H04L29/06
CPC分类号： H04L63/1491 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： According to one embodiment, a method for setting a trap to detect that an intruder has compromised a client end station (CES) in an attempt to gain unauthorized access to enterprise data provided by a server is described. The method includes causing a honey token to be placed on the CES secluded within a configuration repository, wherein the honey token is metadata and/or instructions indicating how applications can seemingly access the enterprise data but that is actually invalid, and the honey token is placed on the CES and not on the server. The method also includes causing attribute values to be installed on a security gateway for a security rule causing the security gateway to monitor network traffic for attempted use of the honey token, and to generate an alert when a set of one or more packets that include the honey token are received.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式