Abstract: Introduced here are security techniques for networks. More specifically, fictitious identities (also referred to as “bogus identities”) can be willfully created and injected into the network in order to obfuscate those who are not authorized to access the network. For example, such techniques may be used to befuddle hackers attempting to breach an internal network. The fictitious identities can be created by bypassing the operating system of computing device(s) residing within the network and deploying the fictitious identities within an operating system process responsible for implementing a security policy. Such action utilizes a limited amount of memory. The fictitious identities create a false visual of the network that is visible to any threat, regardless of where the threat is located in the network. Moreover, the fictitious identities may not infringe upon the topology of the network or affect the ability of authenticated users to continue using the network.

Abstract: Introduced here are techniques for modeling networks in a discrete manner. More specifically, various embodiments concern a virtual machine that collects data regarding a network and applies algorithms to the data to discover network elements, which can be used to discover the topology of the network and model the network. The algorithms applied by the virtual machine may also recognize patterns within the data corresponding to naming schemes, subnet structures, application logic, etc. In some embodiments, the algorithms employ artificial intelligence techniques in order to more promptly respond to changes in the data. The virtual machine may only have read-only access to certain objects residing within the network. For example, the virtual machine may be able to examine information hosted by a directory server, but the virtual machine may not be able to effect any changes to the information.

Abstract: Introduced here are techniques for modeling networks in a discrete manner. More specifically, various embodiments concern a virtual machine that collects data regarding a network and applies algorithms to the data to discover network elements, which can be used to discover the topology of the network and model the network. The algorithms applied by the virtual machine may also recognize patterns within the data corresponding to naming schemes, subnet structures, application logic, etc. In some embodiments, the algorithms employ artificial intelligence techniques in order to more promptly respond to changes in the data. The virtual machine may only have read-only access to certain objects residing within the network. For example, the virtual machine may be able to examine information hosted by a directory server, but the virtual machine may not be able to effect any changes to the information.

Abstract: Introduced here are techniques for modeling networks in a discrete manner. More specifically, various embodiments concern a virtual machine that collects data regarding a network and applies algorithms to the data to discover network elements, which can be used to discover the topology of the network and model the network. The algorithms applied by the virtual machine may also recognize patterns within the data corresponding to naming schemes, subnet structures, application logic, etc. In some embodiments, the algorithms employ artificial intelligence techniques in order to more promptly respond to changes in the data. The virtual machine may only have read-only access to certain objects residing within the network. For example, the virtual machine may be able to examine information hosted by a directory server, but the virtual machine may not be able to effect any changes to the information.

Abstract: Various embodiments pertain to techniques for injecting supplemental data into search query results delivered to an operating system. More specifically, an operating system can submit a search query to a directory server (or some other network-accessible database), and then pass results of the search query to a local proxy. The local proxy can inject supplemental data into the results. For example, the local proxy could inject bogus user account information in an effort to obfuscate an unauthorized entity who attempts to penetrate the network by parsing the results of the search query.

Abstract: Various embodiments are described herein that add supplemental data into security-related query results delivered to an operating system. More specifically, an operating system can submit a security-related query to a directory server (or some other network-accessible database), and then pass results of the security-related query to a local proxy. The local proxy can add supplemental data into the results. For example, the local proxy could add bogus directory information in an effort to obfuscate an attempt to gain access to network data by an unauthorized entity who attempts to penetrate the network by parsing the results of the security-related query.

Abstract: Introduced here are security techniques for networks. More specifically, fictitious identities (also referred to as “bogus identities”) can be willfully created and injected into the network in order to obfuscate those who are not authorized to access the network. For example, such techniques may be used to befuddle hackers attempting to breach an internal network. The fictitious identities can be created by bypassing the operating system of computing device(s) residing within the network and deploying the fictitious identities within an operating system process responsible for implementing a security policy. Such action utilizes a limited amount of memory. The fictitious identities create a false visual of the network that is visible to any threat, regardless of where the threat is located in the network. Moreover, the fictitious identities may not infringe upon the topology of the network or affect the ability of authenticated users to continue using the network.