Automated Protection of Software Defined Systems
Publication Date: 2017-Jul-13
The IP.com Prior Art Database
Title Automated Protection of Software Defined Systems
Abstract Disclosed are a system and method to automatically and safely deploy honeypot systems alongside software-defined systems (e.g., in a Cloud environment) that mirror actual systems on a very low, easily deployed level. The goal is to bait attackers into invading the honeypots instead of actual systems, thereby protecting an organization’s data.
Description Today's systems are under constant assault by external and internal attackers. This includes probing for vulnerable software and services, trying to exploit found vulnerabilities, and gaining access to protected data. This requires data center operators to be ever vigilant not only in the scanning of deployed services but also in the monitoring of anomalous activity.
Applications are a key target for attackers. If applications are not tested for security vulnerabilities and fixed, then attackers can find and enter through any threat window.
The deployment honeypots is a common method for security researchers to protect against and capture incoming attacks, and it is increasing in popularity with system operators. The term, honeypots, refers to specifically rigged systems to expose vulnerabilities or seemingly valuable data to tempt an attacker to invade said systems. This allows the operator to not only detect a malicious attack (i.e., a legitimate user is not likely to connect with a fake system) and analyze it, but also distracts attackers from the real systems; therefore, the honeypots function as early warning systems.*
Deploying and operating honeypots requires extensive security experience to create a safe environment to which to direct attackers, prevent attackers from escaping, and establish fake services that closely mirror existing to-be-protected systems. In addition, the operator needs to set up monitoring and automatic reactions to detect attacks and take (automatic) actions such as blocking the attacker from the network.
Overall, honeypots are an effective, often-used method to bait attackers and draw attention away from valuable systems. The technical experience and high-maintenance costs required to run such a system oftentimes prevent deployment or, worse, create a poorly managed, easily exploitable entry point into the network thus creating the exact problem organizations want to avoid.
The novel contribution is a system and method to automatically and safely deploy honeypot systems alongside software-defined systems (e.g., in a Cloud environment) that mirror the to-be-protected systems on a very low level. The goal is to bait attackers into invading the honeypots. This gives the system operators an early warning of an attack in addition to valuable information on the attacker's behavior, which then
available for feeding to other security systems, creating an automated defensive reaction.
Unlike the existing honeypot systems, this simulator does not create a full replication of the original system. Instead, the...