Patent · US Active

Deceiving attackers in endpoint systems

US10599842B2 · kind B2 · utility

31Cited by

1References

10Claims

0Family size

Assignee

Attivo Networks Inc. · US

Inventors

Venu Vissametty · San Jose, US
Muthukumar Lakshmanan · Bengaluru, IN
Harinath Vishwanath Ramchetty · Kanchinakote, IN
Vinod Kumar A. Porwal · Bengaluru, IN

Key dates

Filing date	Dec 19, 2016
Grant date	Mar 24, 2020
Priority date	—
Expiry date	Aug 19, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application and the command is a write or delete command, the command is ignored and a simulated acknowledgment is sent. If the command is a read command, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.