Abstract: Disclosed herein are devices, systems and methods for securely accessing data transferred via multiple isolated networks network, comprising adjusting one or more mapping records comprising network mapping and routing settings for a plurality of isolated networks connecting a plurality of clients to a server to expose one of the plurality of isolated networks to one or more processing engines executed by the server while concealing all other isolated networks from the respective processing engine, activating a lock configured to enable each processing engines to execute a single thread, executing the processing engine(s) to fetch data from the exposed isolated network(s), and releasing the lock, Wherein each processing engine is able to access the isolated network exposed to the respective processing engine while unable to access any of the isolated networks concealed from respective processing engine.

Abstract: Disclosed herein are devices, systems and methods for securely accessing data transferred via multiple isolated networks network, comprising adjusting one or more mapping records comprising network mapping and routing settings for a plurality of isolated networks connecting a plurality of clients to a server to expose one of the plurality of isolated networks to one or more processing engines executed by the server while concealing all other isolated networks from the respective processing engine, activating a lock configured to enable each processing engines to execute a single thread, executing the processing engine(s) to fetch data from the exposed isolated network(s), and releasing the lock. Wherein each processing engine is able to access the isolated network exposed to the respective processing engine while unable to access any of the isolated networks concealed from respective processing engine.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: and instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: Disclosed herein are devices, systems and methods for securely accessing data transferred via multiple isolated networks network, comprising adjusting one or more mapping records comprising network mapping and routing settings for a plurality of isolated networks connecting a plurality of clients to a server to expose one of the plurality of isolated networks to one or more processing engines executed by the server while concealing all other isolated networks from the respective processing engine, activating a lock configured to enable each processing engines to execute a single thread, executing the processing engine(s) to fetch data from the exposed isolated network(s), and releasing the lock. Wherein each processing engine is able to access the isolated network exposed to the respective processing engine while unable to access any of the isolated networks concealed from respective processing engine.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: A system for managing network connected devices, comprising at least one hardware processor adapted to produce a plurality of unique device descriptors, each describing one of a plurality of network connected devices, by: for each of a plurality of device descriptors, each having a plurality of supported actions, and one or more domain device identifiers, each identifier associating the device descriptor with one of a plurality of management domains: for each of the plurality of management domains not associated with the device descriptor: instructing execution on a network connected device described by the device descriptor a domain identification query according to the descriptor's plurality of supported actions, to determine a new domain device identifier; identifying in the plurality of device descriptors a second device descriptor having a domain device identifier equal to the new domain device identifier; and merging the device descriptor with the second device descriptor.

Abstract: A computer implemented method of detecting execution of unregistered code in a protected networked system, comprising maintaining a pages registry record in a storage of an endpoint in a protected networked system, the pages registry record comprising a registration signature for each of a plurality of registered executable pages, monitoring a plurality of executable pages at a page management level using an adjusted page fault handler of an operating system kernel executed by one or more processors of the endpoint, detecting one or more unregistered executable pages by identifying incompliance of a runtime signature calculated in runtime for the unregistered executable page(s) with respective registration signature stored in the pages registry record and initiating one or more actions in case of the detection of the unregistered executable page(s).

Abstract: A computer implemented method of detecting unauthorized access to a protected network by monitoring a dynamically updated deception environment, comprising launching, on one or more decoy endpoints, one or more decoy operating system (OS) managing one or more of a plurality of deception applications mapping a plurality of applications executed in a protected network, updating dynamically a usage indication for a plurality of deception data objects deployed in the protected network to emulate usage of the plurality of deception data objects for accessing the deception application(s) wherein the plurality of deception data objects are configured to trigger an interaction with the deception application(s) when used, detecting usage of data contained in the deception data object(s) by monitoring the interaction and identifying one or more potential unauthorized operations based on analysis of the detection.

Abstract: A computer implemented method of detecting unauthorized access to a protected network by detecting a usage of dynamically updated deception communication, comprising deploying, in a protected network, a plurality of decoy endpoints configured to transmit one or more communication deception data objects encoded according to one or more communication protocols used in the protected network, instructing a first decoy endpoint of the plurality of decoy endpoints to transmit the communication deception data object(s) to a second decoy endpoint of the plurality of decoy endpoints, monitoring the protected network to detect a usage of data contained in the one or more communication deception data object, detecting one or more potential unauthorized operations based on analysis of the detection and initiating one or more actions according to the detection.

Abstract: A computer implemented method of detecting unauthorized access to a protected network by monitoring a dynamically updated deception environment, comprising launching, on one or more decoy endpoints, one or more decoy operating system (OS) managing one or more of a plurality of deception applications mapping a plurality of applications executed in a protected network, updating dynamically a usage indication for a plurality of deception data objects deployed in the protected network to emulate usage of the plurality of deception data objects for accessing the deception application(s) wherein the plurality of deception data objects are configured to trigger an interaction with the deception application(s) when used, detecting usage of data contained in the deception data object(s) by monitoring the interaction and identifying one or more potential unauthorized operations based on analysis of the detection.

Abstract: A method for deploying threat specific deception campaigns for updating a score given to a malicious activity threat by performing an analysis of processes executed by computing nodes of a monitored computer network. When an analysis outcome is indicative of a malicious activity threat to the monitored computer network from process(es) executed on one or more of the computing node(s): setting a score to the malicious activity threat according to potential damage characteristic(s) of the malicious activity threat when the score is above a first threshold launch a threat specific deception campaign by using at least one deception application executed by the computing node(s) for gathering additional data and updating the score according to an analysis of the additional data, and when the score/updated score is above a second threshold generate instructions for alerting an operator and/or reacting to the malicious activity on the at computing node(s).

Abstract: A computer implemented method of detecting unauthorized access to a protected network by monitoring a dynamically updated deception environment, comprising launching, on one or more decoy endpoints, one or more decoy operating system (OS) managing one or more of a plurality of deception applications mapping a plurality of applications executed in a protected network, updating dynamically a usage indication for a plurality of deception data objects deployed in the protected network to emulate usage of the plurality of deception data objects for accessing the deception application(s) wherein the plurality of deception data objects are configured to trigger an interaction with the deception application(s) when used, detecting usage of data contained in the deception data object(s) by monitoring the interaction and identifying one or more potential unauthorized operations based on analysis of the detection.