Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method, system and a platform for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application. The method comprising receiving, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service; detecting, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application; and causing mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.

Abstract: A system and method for protecting cloud-hosted applications against hypertext transfer protocol (HTTP) flood distributed denial-of-service (DDoS) attacks are provided. The method includes collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing at least one rate-based feature and at least one rate-invariant feature based on the collected telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate behavior of at least HTTP traffic directed to the protected cloud-hosted application; evaluating the at least one rate-based feature and the at least one rate-invariant feature to determine whether the behavior of the at least HTTP traffic indicates a potential HTTP flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTP flood DDoS attack is determined.

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow distributed denial-of-service (DDoS) attacks. The comprising collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing a set of rate-based and rate-invariant features based on the collected telemetries; evaluating each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and causing execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

Abstract: A defense platform for protecting a cloud-hosted application against distributed denial-of-services (DDoS) attacks, wherein the defense platform is deployed out-of-path of incoming traffic of the cloud-hosted application hosted in a plurality of cloud computing platforms, comprising: a detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the detector is configured to: receive telemetries related to behavior of the cloud-hosted application from sources deployed in the plurality of cloud computing platforms; and detect, based on the telemetries, a potential DDoS attack; wherein, the controller, upon detection of a potential DDoS attack, is configured to: divert traffic directed to the cloud-hosted application to the mitigator; cause the mitigator to perform at least one mitigation action to remove malicious traffic from the diverted traffic; and cause injection of clean traffic to at least one of the plurality of cloud computing platforms hosting the cloud

Abstract: A method and system for operating protection services to provide defense against cyber-attacks. The comprises generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen; monitoring at least a plurality of protection resources to detect at least one trigger event; determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, thereby causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

Abstract: A method for a predictive detection of cyber-attacks are provided. In an embodiment, the method includes receiving security events; matching each received security event to a plurality of previously generated event sequences to result in at least one matched event sequence; comparing each of the at least one matched event sequence to a plurality of previously identified attack patterns to result in at least one matched attack pattern; for each matched attack pattern, computing a risk score potentially indicating a cyber-attack; and causing execution of a mitigation action based on the risk score.

Abstract: A method and system for matching event sequences for predictive detection of cyber-attacks are discussed. The method comprises receiving a reference event sequence and a query event sequence; converting the reference event sequence to a first step-value list and the query event sequence to a second step-value list; and matching the first and second step-value lists to identify at least one optimal common pattern.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and system for optimizing segregation between human-operated clients and machine-operated clients accessing computing resources are provided. The method comprises receiving, from a client, an authentication request, wherein the authentication request is received in response to a redirect request sent from a remote server to the client; dynamically selecting at least one authentication challenge from a plurality of different authentication challenges; sending the at least one generated authentication challenge to the client; determining whether a notification call is received from the client during a predefined time interval; and upon receiving the notification call during the predefined time interval, confirming that the client passes the authentication challenge, wherein a client that passes the authentication challenge is a human-operated client.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and system for operating protection services to provide defense against cyber-attacks. The comprises generating a workflow scheme assigned to at least one protected entity, wherein the workflow scheme includes at least one operation regimen and triggering criteria associated with the at least one operation regimen; monitoring at least a plurality of protection resources to detect at least one trigger event; determining if the at least one detected trigger event satisfies the triggering criteria associated with the at least one operation regimen; and changing a state of the at least one operation regimen when the at least one detected trigger event satisfies the at least one triggering criterion, thereby causing provisioning and operating of at least one protection resource of the plurality of protection resources, wherein the provisioning is based on contents defined in the at least one operation regimen.

Abstract: A method and system for detecting an access to a protected resource by headless browser bots are provided. The method includes receiving a request from a client machine; generating an anti-headless browser bot (AHBB) challenge, wherein the AHBB challenge comprises at least a headless browser identifying characteristic; receiving a response to the AHBB challenge; comparing the response to the AHBB challenge to at least a challenge requirement to determine any one of: a pass result, and a fail result; and upon determining a pass result, granting the client machine access to the protected resource.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and system for optimizing segregation between human-operated clients and machine-operated clients accessing computing resources are provided. The method comprises receiving, from a client, an authentication request, wherein the authentication request is received in response to a redirect request sent from a remote server to the client; dynamically selecting at least one authentication challenge from a plurality of different authentication challenges; sending the at least one generated authentication challenge to the client; determining whether a notification call is received from the client during a predefined time interval; and upon receiving the notification call during the predefined time interval, confirming that the client passes the authentication challenge, wherein a client that passes the authentication challenge is a human-operated client.