System and method for detecting lateral movement using SSH private keys
US11799874B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 31, 2022 |
| Grant date | Oct 24, 2023 |
| Priority date | — |
| Expiry date | Apr 7, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/14
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and method for detecting lateral movement based on a compromised cryptographic network protocol (CNP) key in a cloud computing environment includes inspecting a workload for a private CNP key, including metadata and a public CNP key hash; storing in a security graph: a private CNP key node representing the private CNP key, and a workload node representing the workload, wherein the security graph represents the cloud computing environment in which the workload is deployed; connecting in the security graph the private CNP key node to a public CNP key node in response to determining that the public CNP key hash of the private CNP key matches a public key hash associated with the public CNP key node; and generating a lateral movement path in response to determining that the private CNP key is compromised, the path including another workload node connected to the public CNP key.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.