Patent · US Active

Scoping cyber-attack incidents based on similarities, accessibility and network activity

US10686820B1 · kind B1 · utility

5Cited by

0References

24Claims

0Family size

Assignee

SKYBOX SECURITY, INC. · IL

Inventors

Tal Sheffer · Herzliya, IL
Ravid Circus · Kfar Sava, IL
Moshe Raab · Kfar Sava, IL
Lior Ben Naon · Nes Ziona, IL
Gideon Cohen · Palo Alto, US

Key dates

Filing date	Jun 28, 2017
Grant date	Jun 16, 2020
Priority date	—
Expiry date	Nov 7, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method for evaluating a scope of cyber-attack incidents, the method may include detecting original compromised assets and malicious external machines that are related to each of the cyber-attack incidents; classifying potentially compromised assets to different classes based on (a) similarities between the potentially compromised assets and the original compromised assets, (b) a level of accessibility from the original compromised assets and malicious external machines to the potentially compromised assets, and (c) volumes of traffic between the potentially compromised assets and each one of the malicious external machines and the original compromised assets; wherein the different classes comprise compromised and non-compromised; and generating an alert that is indicative of the compromised assets and of potentially compromised assets that were classified as compromised.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.