SYSTEM AND METHOD EMPLOYING STRUCTURED INTELLIGENCE TO VERIFY AND CONTAIN THREATS AT ENDPOINTS
First Claim
Patent Images
1. A computerized method to identify potentially malicious code at an endpoint in a network, the method comprising the steps of:
- via a threat monitor;
monitoring network data;
extracting at least one set of network data;
processing the at least one set of network data to generate a report;
via a verifier including an agent coordinator, issuing at least one of (i) instructions, and (ii) indicators to an endpoint agent based on the report; and
processing, via the endpoint agent, the at least one of (i) instructions, and (ii) indicators to generate verification information.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method to detect and contain threatening executable code by employing a threat monitor, verifier, endpoint agent, and a security information and event management module.
249 Citations
46 Claims
-
1. A computerized method to identify potentially malicious code at an endpoint in a network, the method comprising the steps of:
-
via a threat monitor; monitoring network data; extracting at least one set of network data; processing the at least one set of network data to generate a report; via a verifier including an agent coordinator, issuing at least one of (i) instructions, and (ii) indicators to an endpoint agent based on the report; and processing, via the endpoint agent, the at least one of (i) instructions, and (ii) indicators to generate verification information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system operable to identify potentially malicious code on an endpoint in a network, the system comprising:
-
a threat monitor operable to monitor network data, to extract at least one set of network data, and to process the at least one set of network data to generate a report; and a verifier including an agent coordinator operable to issue at least one of (i) instructions and (ii) indicators to an endpoint agent based on the report; wherein, the endpoint agent is operable to process the at least one of (i) instructions and (ii) indicators to generate verification information. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A system operable to identify potentially malicious code on an endpoint in a network, the system comprising:
-
a controller configured to manage, (i) a threat monitor operable to monitor network data, to extract at least one set of network data, and to process the at least one set of network data to generate a report, and (ii) a verifier including an agent coordinator operable to issue at least one of (i) instructions and (ii) indicators to an endpoint agent based on the report, wherein, the endpoint agent is operable to process the at least one of (i) instructions and (ii) indicators to generate verification information. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
Specification