-
1.发明授权公开(公告)号:US11080077B2
公开(公告)日:2021-08-03
申请号:US16170225
申请日:2018-10-25
摘要: Life cycle management techniques are provided for cloud-based application executors with key-based access to other devices. An exemplary method comprises determining that a retention time for a first cloud-based application executor (e.g., a virtual machine or a container) has elapsed, wherein the first cloud-based application executor has key-based access to at least one other device using a first key; in response to the determining, performing the following steps: creating a second cloud-based application executor; and determining a second key for the second cloud-based application executor that is different than the first key, wherein the second cloud-based application executor uses the first key to add the second key to one or more trusted keys of the at least one other device and deactivates the first key from the one or more trusted keys.
-
公开(公告)号:US20200019676A1
公开(公告)日:2020-01-16
申请号:US16031930
申请日:2018-07-10
发明人: Oron Golan , Aviram Fireberger , Amos Zamir , Kfir Wolfson , Jehuda Shemer
摘要: One example method includes bringing up a clone application in a validation environment, replaying recorded incoming network traffic to the clone application, obtaining a response of the clone application to the incoming network traffic, comparing the response of the clone application to recorded outgoing network traffic of the production application, and making a validation determination regarding the clone application, based on the comparison of the response of the clone application to recorded outgoing network traffic of the production application. When the clone application is not validated, the example method includes identifying and resolving a problem relating to the clone application.
-
公开(公告)号:US10715554B2
公开(公告)日:2020-07-14
申请号:US16143250
申请日:2018-09-26
发明人: Oron Golan , Kfir Wolfson , Amos Zamir , Aviram Fireberger , Udi Shemer
IPC分类号: H04L29/06
摘要: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.
-
4.发明申请公开(公告)号:US20200028863A1
公开(公告)日:2020-01-23
申请号:US16039503
申请日:2018-07-19
发明人: Kfir Wolfson , Jehuda Shemer , Aviram Fireberger , Amos Zamir , Oron Golan
摘要: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.
-
公开(公告)号:US10791144B1
公开(公告)日:2020-09-29
申请号:US15797597
申请日:2017-10-30
发明人: Oron Golan , Raul Shnier , Aviram Fireberger , Amos Zamir , Yevgeni Gehtman
IPC分类号: H04L29/06
摘要: The life cycle of one or more containers related to one or more containerized applications is managed by determining that a predefined retention time for a first container of the plurality of containers has elapsed; in response to the determining, performing the following honeypot container creation steps: suspending new session traffic to the first container; maintaining the first container as a honeypot container; and identifying communications sent to the honeypot container as an anomalous communication. Alert notifications are optionally generated for the anomalous communication.
-
公开(公告)号:US11379559B2
公开(公告)日:2022-07-05
申请号:US16031930
申请日:2018-07-10
发明人: Oron Golan , Aviram Fireberger , Amos Zamir , Kfir Wolfson , Jehuda Shemer
IPC分类号: G06F21/10 , H04L9/40 , H04L43/062 , H04L43/067 , H04L43/04 , H04L43/50
摘要: One example method includes bringing up a clone application in a validation environment, replaying recorded incoming network traffic to the clone application, obtaining a response of the clone application to the incoming network traffic, comparing the response of the clone application to recorded outgoing network traffic of the production application, and making a validation determination regarding the clone application, based on the comparison of the response of the clone application to recorded outgoing network traffic of the production application. When the clone application is not validated, the example method includes identifying and resolving a problem relating to the clone application.
-
7.发明授权公开(公告)号:US10951651B1
公开(公告)日:2021-03-16
申请号:US15797601
申请日:2017-10-30
发明人: Oron Golan , Raul Shnier , Amos Zamir , Aviram Fireberger , Yevgeni Gehtman
IPC分类号: H04L29/06
摘要: A plurality of containers related to one or more containerized applications are managed by monitoring an execution of the one or more containers; determining that a given one of the one or more containers exhibits anomalous behavior; and in response to the determining, adjusting a retention time of the given container, wherein the retention time of the given container determines when the given container is one or more of terminated and changes role to a honeypot container. The anomalous behavior comprises, for example, the given container exhibiting behavior that is different than a learned baseline model of the given container or including program code consistent with malicious activity. An alert notification of the anomalous behavior is optionally generated. The retention time of the given container can be adjusted for example, to an interval between deployment of the given container and the time the anomalous behavior is detected.
-
8.发明授权公开(公告)号:US10855709B2
公开(公告)日:2020-12-01
申请号:US16039503
申请日:2018-07-19
发明人: Kfir Wolfson , Jehuda Shemer , Aviram Fireberger , Amos Zamir , Oron Golan
IPC分类号: H04L29/06
摘要: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.
-
9.发明申请公开(公告)号:US20200099721A1
公开(公告)日:2020-03-26
申请号:US16143250
申请日:2018-09-26
发明人: Oron Golan , Kfir Wolfson , Amos Zamir , Aviram Fireberger , Udi Shemer
IPC分类号: H04L29/06
摘要: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.017 秒)
