US 12,328,340 B2
Method for improving IT security in a network
Colin Hamill, Towson, MD (US)
Assigned to Sentinel Forge Technologies LLC, Towson, MD (US)
Filed by Sentinel Forge Technologies LLC, Towson, MD (US)
Filed on Dec. 5, 2022, as Appl. No. 18/061,677.
Claims priority of provisional application 63/285,645, filed on Dec. 3, 2021.
Prior Publication US 2023/0231880 A1, Jul. 20, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1491 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] 4 Claims
OG exemplary drawing
 
1. A method for improving IT security in a computer network, comprising:
a. Installing on a computer network a first Sentinel Node;
b. Deploying from said first Sentinel Node a first Sentinel virtual decoy onto said computer network;
c. Configuring said first Sentinel virtual decoy so that there is no legitimate reason for a computer, user, or device to communicate with said first Sentinel virtual decoy;
d. Capturing from said first Sentinel virtual decoy, from said first Sentinel Node, a first baseline configuration of said first Sentinel virtual decoy;
e. Monitoring said first Sentinel virtual decoy and said computer network, by said first Sentinel Node, for any attempts by computers, users, or devices connected to said computer network, to communicate with said first Sentinel virtual decoy;
f. Detecting by said first Sentinel Node an attempt to communicate with said first Sentinel virtual decoy;
g. Transmitting an alert message to at least one designated individual on said attempt to communicate with said first Sentinel virtual decoy;
h. Capturing from said first Sentinel virtual decoy, from said first Sentinel Node, a second baseline configuration of said first Sentinel virtual decoy;
i. Comparing said second baseline configuration of said first Sentinel virtual decoy to the first baseline configuration to measure any differences;
j. Deploying a plurality of Warrior Sentinel virtual decoys from said first Sentinel Node onto said computer network;
k. Configuring said plurality of Warrior Sentinel virtual decoys so that there is no legitimate reason for a computer, user, or device to communicate with said plurality of Warrior Sentinel virtual decoys;
l. Capturing from said plurality of Warrior Sentinel virtual decoys, from said first Sentinel Node, a first baseline configuration for each of said plurality of Warrior Sentinel virtual decoys;
m. Monitoring said plurality of Warrior Sentinel virtual decoys and said computer network, by said first Sentinel Node, for any attempts by computers, users, or devices connected to said computer network, to communicate with any one or more of said plurality of Warrior Sentinel virtual decoys;
n. Detecting by said first Sentinel Node an attempt to communicate with said one or more of said plurality of Warrior Sentinel virtual decoys;
o. Capturing from said one or more of said plurality of Warrior Sentinel virtual decoys, from said first Sentinel Node, a second baseline configuration of said one or more of said plurality of Warrior Sentinel virtual decoys;
p. Analyzing the changes to the first and second baseline configurations to identify the nature of malicious activity;
q. When said first Sentinel Node detects, after a predetermined time period, no additional attempts to communicate with said first Sentinel virtual decoy or with one or more of said plurality of Warrior Sentinel virtual decoys, removing by said first Sentinel Node one or more of said plurality of Warrior Sentinel virtual decoys, from said computer network.