Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Abstract: A cyber threat detection and deception system interoperates synergistically with a data storage management system. As a proxy for identifying crown jewels among many and diverse data assets in a network, the illustrative cyber threat detection and deception system uses service level information obtained from the data storage management system, e.g., RPO, RTO, append-only secondary storage, synthetic-full frequency, etc. The cyber threat detection and deception system emulates proprietary protocols used by storage management technologies such as the data storage management system, etc. By creating emulation traps and an emulation lexicon of these storage-related protocols, the illustrative cyber threat detection and deception system can create and execute cyber deception plans for the proprietary storage management assets.

Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Abstract: A system and method may include a first unit configured to receive a stream of bytes, cause a second unit to execute the stream of bytes from a selected first offset, and monitor an execution of the stream of bytes by the second unit. A second unit may be configured to execute the stream of bytes from the selected offset. The first unit may be configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes a malware.

Abstract: An embodiment may create a memory image including a representation of a thread environment block (TEB) and representation of a process environment block (PEB) according to specifications of an operating system. A memory image may be loaded into a memory and a shellcode may be caused to use the memory image when executed. An access to the memory image, made by the shellcode, may be monitored and controlled.

Abstract: An embodiment may create a memory image including a representation of a thread environment block (TEB) and representation of a process environment block (PEB) according to specifications of an operating system. A memory image may be loaded into a memory and a shellcode may be caused to use the memory image when executed. An access to the memory image, made by the shellcode, may be monitored and controlled.

Abstract: A system and method may include a first unit configured to receive a stream of bytes, cause a second unit to execute the stream of bytes from a selected first offset, and monitor an execution of the stream of bytes by the second unit. A second unit may be configured to execute the stream of bytes from the selected offset. The first unit may be configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes a malware.