×

Systems and methods for categorizing security incidents

  • US 10,341,377 B1
  • Filed: 10/13/2016
  • Issued: 07/02/2019
  • Est. Priority Date: 10/13/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for categorizing security incidents, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • detecting, by an endpoint computing security program, a threat signature alert triggered at a client machine associated with a client;

    identifying historical data that records how the client responded to previous reports of security incidents that were categorized to describe the security incidents;

    assigning a category for a new security incident that corresponds to the detected threat signature alert based on an analysis of the historical data indicating that the client responded more frequently to the category than the client responded to a different category;

    notifying the client, through an electronically transmitted security incident report, of both the new security incident and the category assigned to the new security incident based on the analysis of the historical data to enable the client to perform a security action to protect itself from a corresponding security threat; and

    performing the security action based on the electronically transmitted security incident report, the security action comprising at least one of;

    enabling one or more security settings;

    applying a patch that is designed to resolve the corresponding security threat;

    disabling, powering down, throttling, quarantining, sandboxing, and/ordisconnecting one or more computing resources;

    updating a signature threat alert set of definitions;

    orupgrading the endpoint computing security program.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×