Methods and systems for analyzing security events
First Claim
1. A method for analyzing a security event in a distributed fashion, comprising:
- (a) detecting an occurrence of a security event within a customer network;
(b) querying a first component of the customer network for data in response to the detected occurrence of the security event;
(c) receiving, by a data monitor located within the customer network, first data from the component in response to the query;
(d) determining, based on the received first data, whether to query for additional data;
(e) querying at least one of the first component and another component of the customer network to obtain the additional data in response to the determining step; and
(f) analyzing the security event using at least one of the first data and the additional data.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect, the technology relates to a method for analyzing a security event in a distributed fashion. The method includes the steps of detecting an occurrence of a security event within a customer network and querying a first component of the customer network for data in response to the detected occurrence of the security event. The method also includes the steps of receiving, by a data monitor located within the customer network, first data from the component in response to the query and determining, based on the received first data, whether to query for additional data. The method additionally includes querying at least one of the first component and another component of the customer network to obtain the additional data in response to the determining step, and analyzing the security event using at least one of the first data and the additional data.
-
Citations
33 Claims
-
1. A method for analyzing a security event in a distributed fashion, comprising:
-
(a) detecting an occurrence of a security event within a customer network;
(b) querying a first component of the customer network for data in response to the detected occurrence of the security event;
(c) receiving, by a data monitor located within the customer network, first data from the component in response to the query;
(d) determining, based on the received first data, whether to query for additional data;
(e) querying at least one of the first component and another component of the customer network to obtain the additional data in response to the determining step; and
(f) analyzing the security event using at least one of the first data and the additional data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for analyzing a security event in a distributed fashion, comprising:
-
(a) detecting an occurrence of a security event within a customer network;
(b) querying a first component of the customer network for data in response to the detected occurrence of the security event;
(c) receiving, by a data monitor located within the customer network, first data from the component in response to the query;
(d) determining, based on the received first data, whether to query for additional data;
(e) querying at least one of the first component and another component of the customer network to obtain the additional data in response to the determining step; and
(f) analyzing, by the data monitor, the security event using at least one of the first data and the additional data.
-
-
16. An apparatus for analyzing a security event within a customer network comprising:
-
(a) a data monitor, positioned within the customer network, to collect data from at least one component of the customer network in response to a query; and
(b) a security analysis module, in communication with the data monitor, to detect an occurrence of the security event, wherein the security analysis module comprises;
(b-a) a receiver for receiving data from the data monitor, (b-b) an analyzer, in communication with the receiver, for analyzing the security event, and (b-c) a querying module, in communication with the analyzer, for querying the data monitor for data repeatedly until the analyzer can analyze the security event using the data. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. An apparatus for analyzing a security event within a customer network comprising:
-
(a) a data monitor, positioned within the customer network, to collect data from the customer network; and
(b) a security analysis module, in communication with the data monitor, to determine an occurrence of the security event;
(c) a receiver for receiving data from the data monitor, (d) an analyzer, positioned within the customer network, for analyzing the security event, and (e) a querying module, in communication with the analyzer, for querying the data monitor for data repeatedly until the analyzer can analyze the security event using the data. - View Dependent Claims (31, 33)
-
-
32. The apparatus of claim 32 wherein the analyzer further comprises the security analysis appliance.
Specification