Abstract: A method, system and computer program for recoupling Kerberos Authentication and Authorization requests, the method including the steps of (a) extracting authorization information, including a copy of a Ticket Granting Ticket (TGT), from an authorization request; (b) retrieving authentication information including the TOT, the authentication information having been previously extracted from an authentication transaction and stored; (c) cross-referencing the extracted authorization information with the retrieved authentication information, such that a discrepancy between the cross-referenced information invokes a security event alert.
Type:
Application
Filed:
September 1, 2014
Publication date:
March 3, 2016
Applicant:
Aorato Ltd
Inventors:
Idan PLOTNIK, Tal Arieh Be'ery, Michael Dolinsky, Ohad Plotnik, Gregory Messerman, Sivan Krigsman
Abstract: A method system and computer program product for protecting Directory Services (DS) by monitoring traffic to the DS; deciding to block a client access request in the monitored traffic originating from a network client; synthesizing an error message based at least in part on the client access request; and sending the synthesized error message to the network client, causing the network client to abort access request process such as an authentication process or an authorization process.
Type:
Application
Filed:
July 10, 2014
Publication date:
January 14, 2016
Applicant:
Aorato Ltd.
Inventors:
Idan PLOTNIK, Tal Arieh BE'ERY, Michael DOLINSKY, Ohad PLOTNIK
Abstract: A system and method for protecting a networked organizational data storage facility, which is accessible by a network environment, by mapping the network environment, profiling the network environment and filtering the network traffic based on said profiling of the network environment.