SYSTEMS AND METHODS FOR DISTRIBUTED THREAT DETECTION IN A COMPUTER NETWORK
First Claim
1. A computer-implemented method comprising:
- receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network;
emulating the service identified in the request to generate a response to the request;
sending the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network; and
analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for distributed threat detection in a computer network is described. The method may include receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network from a network element of the second computer network. The method may also include emulating the service identified in the request to generate a response to the request, and sending the response to the threat sensor for forwarding to the network element within the second computer network. Furthermore, the method may include analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.
42 Citations
21 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network; emulating the service identified in the request to generate a response to the request; sending the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network; and analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article of manufacture having one or more non-transitory computer readable storage media storing executable instructions thereon which when executed cause a system to perform a method comprising:
-
receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network; emulating the service identified in the request to generate a response to the request; sending the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network; and analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a memory; and a processor coupled with the memory to execute a threat detection system to receive, at a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network in an unsolicited request received from a network element of the second computer network, emulate the service identified in the request to generate a response to the request, send the response to the threat sensor, the threat sensor to forward the response generated by the threat detection system to the network element within the second computer network, and analyze one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification