公开(公告)号：US20160072838A1

公开(公告)日：2016-03-10

申请号：US14844844

申请日：2015-09-03

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Omer Zohar ,  Benny Ben-Rabi ,  Alex Barbalat ,  Shlomi Gabai

IPC: H04L29/06

CPC classification number: H04L63/1491 ,  H04L63/145

Abstract: A system for identifying the presence of advanced persistent threats on a network including a plurality of resources, interconnected to form a network, at least one decoy resource, at least one mini-trap installed on at least one of the plurality of resources and functionally associated with at one of the at least one decoy resource, the at least one mini-trap comprising deceptive information directing malware accessing the at least one mini-trap to the decoy resource associated therewith, and a manager node forming part of the network, locally or remotely, and configured to manage placement of the at least one mini-trap on the at least one of the plurality of resources and association between the at least one mini-trap and the decoy resource associated therewith.

Abstract translation: 用于识别网络上存在高级持续威胁的系统，包括互连以形成网络的多个资源，至少一个诱饵资源，至少一个安装在所述多个资源中的至少一个资源上的功能相关联的小型陷阱 在所述至少一个诱饵资源中的至少一个诱饵资源之一中，所述至少一个迷你陷阱包括欺骗性信息，其将恶意软件访问至少一个迷你陷阱指向与其相关联的诱饵资源，以及管理器节点，其形成网络的一部分，在本地或 并且被配置为管理所述多个资源中的至少一个资源上的所述至少一个迷你陷阱的放置以及所述至少一个迷你陷阱与与其相关联的诱饵资源之间的关联。

公开(公告)号：US09807115B2

公开(公告)日：2017-10-31

申请号：US15212378

申请日：2016-07-18

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Omer Zohar ,  Benny Ben-Rabi ,  Alex Barbalat ,  Shlomi Gabai

IPC: G06F12/14 ,  H04L29/06

CPC classification number: H04L63/1491 ,  H04L63/145

Abstract: A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.

公开(公告)号：US20160112440A1

公开(公告)日：2016-04-21

申请号：US14956639

申请日：2015-12-02

Applicant: TopSpin Security LTD.

Inventor： Doron KOLTON ,  Rami MIZRAHI ,  Manor HEMEL ,  Omer ZOHAR

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/145 ,  G06F21/567 ,  G06F21/577 ,  G06F2221/2119 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1425 ,  H04L67/02 ,  H04L69/16

Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.

Abstract translation: 一种用于识别网络节点是否被恶意软件感染的设备和方法，包括通过对网络节点和整个网络节点中的至少一个中的异常指示符的出现次数进行计数，包括识别多个异常指示符中的每一个的指示符事件 网络，并且如果在预定持续时间期间异常指示符的出现次数大于预定事件阈值，则在预定持续时间期间识别与异常指示符相关联的指示符事件，并为 指示符事件，确定所识别的指示符事件是否满足至少一个预定的感染规则，以及如果指示符事件满足至少一个预定的感染规则，则识别该网络节点被恶意软件感染。

公开(公告)号：US10015193B2

公开(公告)日：2018-07-03

申请号：US14956639

申请日：2015-12-02

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Manor Hemel ,  Omer Zohar

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/56 ,  G06F21/57

CPC classification number: H04L63/145 ,  G06F21/567 ,  G06F21/577 ,  G06F2221/2119 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1425 ,  H04L67/02 ,  H04L69/16

Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.

公开(公告)号：US09992225B2

公开(公告)日：2018-06-05

申请号：US14847315

申请日：2015-09-08

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Omer Zohar ,  Benny Ben-Rabi ,  Alex Barbalat ,  Shlomi Gabai

IPC: H04L29/06

CPC classification number: H04L63/1491 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145 ,  H04L2463/142 ,  H04L2463/144

Abstract: A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.

公开(公告)号：US20160080414A1

公开(公告)日：2016-03-17

申请号：US14847315

申请日：2015-09-08

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Omer Zohar ,  Benny Ben-Rabi ,  Alex Barbalat ,  Shlomi Gabai

IPC: H04L29/06

CPC classification number: H04L63/1491 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145 ,  H04L2463/142 ,  H04L2463/144

Abstract: A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.

Abstract translation: 一种用于收集关于恶意软件的信息及其使用方法的系统，所述系统包括工作环境，所述工作环境包括物理工作环境服务器，物理工作环境端点，工作环境网络，交换机以及指导所述工作环境网络和 外部网络，包括至少一个物理机器的诱饵环境，诱饵环境服务器，诱饵环境端点，诱饵环境网络和诱饵环境路由器，将至少一些文件引导到诱饵环境的文件引导机构，以及 威胁跟踪机制跟踪和观察由诱骗环境中的文件触发的操作。

公开(公告)号：US09807114B2

公开(公告)日：2017-10-31

申请号：US14844844

申请日：2015-09-03

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Omer Zohar ,  Benny Ben-Rabi ,  Alex Barbalat ,  Shlomi Gabai

IPC: G06F12/14 ,  H04L29/06

CPC classification number: H04L63/1491 ,  H04L63/145

Abstract: A system for identifying the presence of advanced persistent threats on a network including a plurality of resources, interconnected to form a network, at least one decoy resource, at least one mini-trap installed on at least one of the plurality of resources and functionally associated with at one of the at least one decoy resource, the at least one mini-trap comprising deceptive information directing malware accessing the at least one mini-trap to the decoy resource associated therewith, and a manager node forming part of the network, locally or remotely, and configured to manage placement of the at least one mini-trap on the at least one of the plurality of resources and association between the at least one mini-trap and the decoy resource associated therewith.

公开(公告)号：US20160323316A1

公开(公告)日：2016-11-03

申请号：US15212378

申请日：2016-07-18

Applicant: TopSpin Security LTD.

Inventor： Doron Kolton ,  Rami Mizrahi ,  Omer Zohar ,  Benny Ben-Rabi ,  Alex Barbalat ,  Shlomi Gabai

IPC: H04L29/06

CPC classification number: H04L63/1491 ,  H04L63/145

Abstract: A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.

Abstract translation: 一种用于识别在包括多个资源的网络上存在赎金的系统和方法，以及用于在其中捕获赎金。