×

Testing security incident response through automated injection of known indicators of compromise

  • US 10,135,862 B1
  • Filed: 12/04/2015
  • Issued: 11/20/2018
  • Est. Priority Date: 12/04/2015
  • Status: Active Grant
First Claim
Patent Images

1. A non-transitory computer-readable medium embodying at least one program executable in at least one computing device, wherein when executed the at least one program causes the at least one computing device to at least:

  • receive a data feed of a plurality of known indicators of compromise from an external server;

    determine that a security incident response of an organization is to be tested;

    select a particular indicator of compromise of the plurality of known indicators of compromise to be a fabricated indicator of compromise;

    receive a stream of event data that is generated by a network monitoring system of the organization, wherein the stream of event data includes at least one event corresponding to operation of a network host monitored by the network monitoring system;

    modify the stream of event data to include fabricated data embodying the particular indicator of compromise;

    provide the stream of event data to an intrusion detection system of the organization, wherein the intrusion detection system is configured to identify the particular indicator of compromise as a security compromise;

    generate a plurality of metrics assessing a response of the organization to the particular indicator of compromise, wherein a first metric of the plurality of metrics indicates a timeliness of a security administrator response, and a second metric of the plurality of metrics indicates whether an expected action was performed as part of the security administrator response; and

    determine a corrective action by comparing the plurality of metrics to a list of manually created reference metrics; and

    cause a recommendation for the corrective action to be rendered via a display.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×