SYSTEM AND METHOD OF PROTECTING CLIENT COMPUTERS
First Claim
1. A method of providing security for a plurality of client computers, the method comprising:
- receiving an event report identifying possible malware on a client computer;
receiving a set of data from the client computer;
automatically analyzing the set of data based on a set of known actual identifiers of compromise (IOCs) related to the possible malware;
updating the set of known actual identifiers of compromise; and
automatically re-analyzing the set of data based on the update.
5 Assignments
0 Petitions
Accused Products
Abstract
A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.
-
Citations
20 Claims
-
1. A method of providing security for a plurality of client computers, the method comprising:
-
receiving an event report identifying possible malware on a client computer; receiving a set of data from the client computer; automatically analyzing the set of data based on a set of known actual identifiers of compromise (IOCs) related to the possible malware; updating the set of known actual identifiers of compromise; and automatically re-analyzing the set of data based on the update. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine readable medium storing a program which when executed by at least one processing unit provides security for a plurality of client computers, the program comprising sets of instructions for:
-
receiving an event report identifying a possible infection of a client computer; receiving a set of data from the client computer; automatically analyzing the set of data based on a set of known actual identifiers of compromise (IOCs); updating the set of known actual identifiers of compromise; and automatically re-analyzing the set of data based on the update to the set of known actual identifiers of compromise. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A device comprising at least one processing unit and a machine readable medium storing a program which when executed by the processing unit provides security for a plurality of client computers, the program comprising sets of instructions for:
-
receiving an event report identifying a possible infection of a client computer; receiving a set of data from the client computer; automatically analyzing the set of data based on a set of known actual identifiers of compromise (IOCs); updating the set of known actual identifiers of compromise; and automatically re-analyzing the set of data based on the update to the set of known actual identifiers of compromise. - View Dependent Claims (17, 18, 19, 20)
-
Specification