Show metadata Hide metadata

(19)

(11)

2 799 117

(13)

(51)

IPC

G06F21/50(2013-01-01)

(21) (22)

Application

2022131236, 2022-11-30

(24)

Start date

2022-11-30

(22)

Actual filing date

2022-11-30

(45)

Published

2023-07-04

(72)

Inventor

Balashov Aleksandr ViktorovichCherepanov PavelNagornov Ivan GrigorevichGlazunov Nikita SergeevichSolomatin Aleksandr Igorevich

(73)

Holder

Publichnoe Aktsionernoe Obshchestvo Rossii" Sberbank)

METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED ACCESS TO CORPORATE NETWORK OBJECTS Russian patent published in 2023 - IPC G06F21/50

Abstract RU 2799117 C1

FIELD: corporate network security.

SUBSTANCE: method for preventing compromise of directory service (MS AD) objects in a corporate network, in which: data is obtained from the corporate network's MS AD storage that characterizes network objects and their attributes; defining highly privileged objects (HVO) of MS AD and MS AD objects associated with the HVO, allowing access to them; forming a graph, where nodes are MS AD objects, and edges are access parameters between them; modelling attack paths against the HVO based on the resulting graph, determining a subgraph containing nodes that allow control over the HVO or its associated MS AD objects; monitoring MS AD objects to determine changes in access privilege parameters on subgraph nodes; transfer data on the objects identified on the subgraph to the control system when changing their access privileges; performing access privilege management on identified MS AD objects.

EFFECT: increased efficiency of protecting the corporate network from compromising objects and gaining access to highly privileged objects.

4 cl, 4 dwg, 2 tbl

Similar patents RU2799117C1

Title	Year	Author	Number
STRATEGIES TO STUDY VULNERABILITIES AND TO SUPPRESS VULNERABILITIES CAUSED BY CAPTURING ACCOUNT DATA	2007	Dungan Dzhon Khartrehll Gregori D. Sajmon Dehniel R.	RU2462753C2
SYSTEM AND METHOD OF INTERCEPTING FILE STREAMS	2023	Matveev Lev Lazarevich	RU2816551C1
SYSTEM AND METHOD FOR PRIORITIZING INSTALLATION OF PATCHES ON COMPUTERS IN NETWORK	2023	Zaitsev Oleg Vladimirovich	RU2813483C1
CONTROL SYSTEM FOR SECURITY POLICY OF ELEMENTS OF CORPORATE COMMUNICATION NETWORK	2023	Dobryshin Mikhail Mikhailovich Shugurov Dmitrii Evgenevich Belov Andrei Sergeevich Anisimov Vladimir Georgievich Gromov Iurii Iurevich Klimov Sergei Mikhailovich Mishin Dmitrii Stanislavovich Filin Andrei Viktorovich	RU2813469C1
EXPERT ANALYSIS OF SYSTEM AND GRAPHIC DISPLAY OF PRIVILEGES ESCALATION ROUTES IN COMPUTING ENVIRONMENT	2006	Lambert Dzhon Tomlinson Mehtt'Ju	RU2421792C2
SYSTEM FOR CONTROLLING ACCESS TO FILES BASED ON MANUAL AND AUTOMATIC MARKUP THEREOF	2013	Shcheglov Andrej Jur'Evich Shcheglov Konstantin Andreevich	RU2543556C2
SYSTEM FOR AUTOMATIC UPDATING AND GENERATION OF TECHNIQUES FOR IMPLEMENTING COMPUTER ATTACKS FOR INFORMATION SECURITY SYSTEM	2023	Dobryshin Mikhail Mikhailovich Belov Andrei Sergeevich Shugurov Dmitrii Evgenevich Kirikova Iuliia Andreevna Zakalkin Pavel Vladimirovich Gromov Iurii Iurevich Anisimov Vladimir Georgievich Brechko Aleksandr Aleksandrovich	RU2809929C1
SYSTEM FOR CONTROLLING ACCESS TO FILES BASED ON AUTOMATIC MARKUP THEREOF WITH ARRANGEMENT OF ACCOUNT DATA OF ACCESS SUBJECT TO CREATED FILE	2015	Shcheglov Andrej Jurevich Shcheglov Konstantin Andreevich	RU2583759C1
SYSTEM AND METHOD FOR DEPLOYING PRECONFIGURED SOFTWARE	2012	Voronkov Konstantin Pavlovich Deshevykh Stepan Nikolaevich Jablokov Viktor Vladimirovich	RU2541935C2
SYSTEM AND METHOD FOR TARGET INSTALLATION OF CONFIGURED SOFTWARE	2012	Voronkov Konstantin Pavlovich Deshevykh Stepan Nikolaevich Jablokov Viktor Vladimirovich	RU2523113C1

RU 2 799 117 C1

Authors

Balashov Aleksandr Viktorovich

Cherepanov Pavel

Nagornov Ivan Grigorevich

Glazunov Nikita Sergeevich

Solomatin Aleksandr Igorevich

Dates

2023-07-04—Published

2022-11-30—Filed