| CPC H04L 41/16 (2013.01) [G06N 20/00 (2019.01); H04L 41/14 (2013.01); H04L 41/40 (2022.05); H04L 43/12 (2013.01); H04L 43/20 (2022.05); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/145 (2013.01); H04L 63/1466 (2013.01); H04L 63/1491 (2013.01); H04L 63/20 (2013.01); H04L 41/22 (2013.01)] | 24 Claims |
|
1. An apparatus, comprising:
a network reachability module configured to map and dynamically track network reachability of a cyber-security response-orchestrator engine, where the cyber-security response-orchestrator engine is configured to perform autonomous actions, without a human to initiate the actions, to mitigate a detected cyber threat,
where the network reachability module includes a tracking module to 1) monitor network traffic on a network and 2) maintain a list of known devices on the network, wherein the network is dynamically tracked and the list is updated as previously unknown devices on the network are detected, and
where the network reachability module further includes a trigger module configured to cooperate with the tracking module, where the trigger module is configured to generate a spoofed communication, supported by a network protocol used by the network, that is used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a location of a host for the cyber-security response-orchestrator engine.
|