Proactively protecting computers in a networking environment from malware
First Claim
1. In a computer networking environment that includes a plurality of event detection systems and an event evaluation computer communicatively connected to the event detection systems, a method of proactively protecting computers and resources in the networking environment from malware, the method comprising:
- (a) using the event detection systems to observe suspicious events that are potentially indicative of malware;
(b) determining whether the suspicious events observed satisfy a threshold indicative of malware; and
(c) if the suspicious events observed satisfy the threshold indicative of malware, implementing a restrictive security policy on the networking environment.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with the present invention, a system, method, and computer-readable medium for sharing information between computers, computing devices, and computing systems in a networking environment to determine whether a network is under attack by malware is provided. In instances when the network is under attack, one or more restrictive security policies that protect computers and/or resources available from the network are implemented.
-
Citations
20 Claims
-
1. In a computer networking environment that includes a plurality of event detection systems and an event evaluation computer communicatively connected to the event detection systems, a method of proactively protecting computers and resources in the networking environment from malware, the method comprising:
-
(a) using the event detection systems to observe suspicious events that are potentially indicative of malware;
(b) determining whether the suspicious events observed satisfy a threshold indicative of malware; and
(c) if the suspicious events observed satisfy the threshold indicative of malware, implementing a restrictive security policy on the networking environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A software system that proactively protects a network from malware, the software system comprising:
-
(a) an evaluation component for determining whether suspicious events observed in the network are indicative of malware;
(b) a plurality of event detection systems operative to observe suspicious events that occur in the network;
(c) a collection module that collects data that describes the suspicious events observed by the event detection systems; and
(d) a policy implementor operative to implement a restrictive security policy when the evaluation component determines that the suspicious events observed are indicative of malware. - View Dependent Claims (16, 17, 18)
-
-
19. A computer-readable medium bearing computer-executable instructions that, when executed on a computer in a networking environment that is communicatively connected to a plurality of event detection systems, causes the computer to:
-
(a) use the event detection systems to observe suspicious events or a pattern of events that are potentially indicative of malware;
(b) determine whether the suspicious events or a pattern of events observed satisfy a threshold indicative of malware; and
(c) if the suspicious events or a pattern of events observed satisfy a threshold, implement a restrictive security policy on the networking environment. - View Dependent Claims (20)
-
Specification