公开(公告)号：WO2019053715A1

公开(公告)日：2019-03-21

申请号：PCT/IL2018/051020

申请日：2018-09-12

Applicant: CYBER 2.0 (2015) LTD.

Inventor： KAPLAN HAELION, Erez

IPC: H04L29/06 ,  G06F9/54

CPC classification number: H04L41/0893 ,  G06F21/44 ,  G06F21/53 ,  G06F21/554 ,  H04L41/085 ,  H04L41/16 ,  H04L63/101 ,  H04L63/20

Abstract: A method, a computerized apparatus and a computer program product for automatic generation of security configuration and deployment thereof. The method comprises monitoring programs executed by a device within an organizational network, to identify an attempt to transmit outgoing communications. In response to determining a program executed by the device is attempting to transmit an outgoing communication: checking whether the program is listed in a base list of authorized programs. In response to determining that the program is listed in the base list, adding the program to a list of authorized programs.

公开(公告)号：WO2019186526A1

公开(公告)日：2019-10-03

申请号：PCT/IL2018/051388

申请日：2018-12-26

Applicant: CYBER 2.0 (2015) LTD.

Inventor： KAPLAN HAELION, Erez

IPC: H04L29/06

Abstract: System, product and method for connectivity-based scrambling is disclosed. Port scrambling mode is selected based on connectivity to a network. In one mode, ports of authorized outgoing communications are scrambled, while ports of unauthorized outgoing communications remain unscrambled. In another mode, ports of unauthorized outgoing communications are scrambled, while ports of authorized outgoing communications remain unscrambled. In some cases, under the first mode, ports of all incoming communications are descrambled, wile in the second mode, ports of all incoming communications remain unscrambled.

公开(公告)号：WO2020021523A1

公开(公告)日：2020-01-30

申请号：PCT/IL2019/050043

申请日：2019-01-10

Applicant: CYBER 2.0 (2015) LTD.

Inventor： KAPLAN HAELION, Erez

IPC: H04L12/58 ,  H04L29/06 ,  G06F21/44 ,  G06F21/55 ,  H04L12/28

Abstract: A method, apparatus, and computer program product for port scrambling usage in heterogeneous networks. Responsive to receiving a communication directed towards a network, wherein port scrambling and port descrambling are employed by the network, a transformation function is applied on a port at which the communication is directed to be received, whereby obtaining a scrambled port, and the communication is redirected to be received at the scrambled port. Responsive to receiving a communication from the network directed outside thereof, an inverse of the transformation function is applied on a port at which the communication is directed to be received, whereby obtaining a descrambled port, and the communication is redirected to be received at the descrambled port. Each device belonging to the network is configured for performing selective port scrambling of outgoing communications and port descrambling of incoming communications by utilizing the transformation function and inverse thereof, respectively.

公开(公告)号：WO2017115356A1

公开(公告)日：2017-07-06

申请号：PCT/IL2016/051381

申请日：2016-12-26

Applicant: CYBER 2.0 (2015) LTD.

Inventor： KAPLAN HAELION, Erez

IPC: H04L9/32 ,  G06F21/55

CPC classification number: H04L63/1416 ,  G06F21/44 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/1441 ,  H04L67/146 ,  H04L67/24

Abstract: A computer-implemented method, computerized apparatus and computer program product for monitoring traffic in a computer network. The computer network comprises a plurality of devices configured to apply a transformation function on a target port identifier of a requested transmission by an application program executing thereon and direct the transmission to a different target port per the scrambled identifier thereby obtained. The transformation function depends on at least one parameter shared among the plurality of devices and applying thereof is conditioned on the application program requesting transmission being listed in a list of authorized application programs. Attempts to access invalid ports as defined by the transformation function are identified and an action for mitigating a security threat ascribed thereto is provided.

Abstract translation: 用于监视计算机网络中的业务的计算机实现的方法，计算机化装置和计算机程序产品。 计算机网络包括多个设备，该多个设备被配置为通过在其上执行的应用程序对所请求的传输的目标端口标识符应用变换函数，并且根据由此获得的加密标识符将传输引导至不同的目标端口。 转换功能取决于多个设备之间共享的至少一个参数，并且其应用以请求发送的应用程序为条件被列在授权应用程序的列表中。 尝试访问由转换功能定义的无效端口，并提供用于减轻归属于其的安全威胁的动作。

公开(公告)号：WO2017115379A1

公开(公告)日：2017-07-06

申请号：PCT/IL2017/050003

申请日：2017-01-01

Applicant: CYBER 2.0 (2015) LTD.

Inventor： KAPLAN HAELION, Erez

IPC: G06F9/44 ,  G06F9/445 ,  G06F21/14

CPC classification number: G06F21/14

Abstract: A computer-implemented method, computerized apparatus and computer program product for enhanced resistance to reverse engineering of code using incremental polymorphism. Incremental modifications to a software resource of a computer program are received from a server and used for updating the resource from a current to an updated state in each of the computer program instances at a plurality of devices, whereby updating is performed in a synchronized manner and without the updated resource being transmitted via a communication channel. Processing performed by the computer program based on the updated resource results in different operation thereof than prior to the update, such that instances of the computer program obtained prior to the update without having the incremental modifications, or incremental modifications obtained without having the resource's current state, amount to invalid instances that operate differently from those instances in the plurality of devices, whereby reverse engineering is made more difficult.

Abstract translation: 计算机实现的方法，计算机化装置和计算机程序产品，用于增强对使用增量多态性对代码进行逆向工程的抵抗力。 从服务器接收对计算机程序的软件资源的增量修改，并用于在多个设备处的每个计算机程序实例中将资源从当前状态更新到更新状态，从而以同步的方式执行更新，并且 而不通过通信信道发送更新的资源。 由计算机程序基于更新的资源执行的处理导致其与更新之前不同的操作，使得在更新之前获得的计算机程序的实例在没有增量修改的情况下获得，或者在没有资源的当前状态的情况下获得增量修改 ，等同于与多个设备中的那些实例操作不同的无效实例，由此逆向工程变得更加困难。

公开(公告)号：WO2017033194A1

公开(公告)日：2017-03-02

申请号：PCT/IL2016/050931

申请日：2016-08-25

Applicant: CYBER 2.0 (2015) LTD.

Inventor： KAPLAN HAELION, Erez

IPC: H04L29/06 ,  H04L12/58

CPC classification number: H04L63/061 ,  H04L63/062 ,  H04L63/068 ,  H04L63/145

Abstract: A method, system and computer program product providing port scrambling for securing communications in internal computer networks are disclosed. A transformation function is applied on an identifier of a first port at which an outgoing communication is designated to be received, whereby an identifier of a second port the outgoing communication is directed to be received at is obtained. The transformation function depends on at least one parameter shared among a plurality of devices in a computer network, whereby a device receiving the communication at the second port is enabled to apply an inverse transformation function on the identifier of the second port to obtain the identifier of the first port and redirect the communication thereto. The transformation function is applied in condition that transmittal of the outgoing communication was requested by an application program listed in a list of authorized application programs for the plurality of devices.

Abstract translation: 公开了一种提供端口扰码以保护内部计算机网络中的通信的方法，系统和计算机程序产品。 转换功能被应用于指定要接收的输出通信的第一端口的标识符，由此获得指向要接收的传出通信的第二端口的标识符。 转换功能取决于计算机网络中的多个设备之间共享的至少一个参数，由此在第二端口接收通信的设备能够对第二端口的标识符应用逆变换功能，以获得 第一个端口并将通信重定向到其上。 在由多个设备的授权应用程序列表中列出的应用程序请求传出通信的条件下，应用变换功能。