AUTOMATIC NETWORK ATTACK DETECTION AND REMEDIATION USING INFORMATION COLLECTED BY HONEYPOTS
First Claim
Patent Images
1. A method for securing a computer system, the method comprising:
- detecting a malware attack on a honeypot node, and, based on the detected malware attack, automatically generating investigation directives for verifying whether an endpoint of the computer system is subject to the malware attack;
distributing the investigation directives to one or more software agents that are each associated with one or more endpoints of the computer system; and
identifying, by the software agents using the investigation directives, at least one infected endpoint in the computer system that is subject to the malware attack.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for securing a computer system includes detecting a malware attack on a honeypot node, and, based on the detected malware attack, automatically generating investigation directives for verifying whether an endpoint of the computer system is subject to the malware attack. The investigation directives are distributed to one or more software agents that are each associated with one or more endpoints of the computer system. At least one infected endpoint in the computer system, which is subject to the malware attack, is identified by the software agents using the investigation directives.
42 Citations
24 Claims
-
1. A method for securing a computer system, the method comprising:
-
detecting a malware attack on a honeypot node, and, based on the detected malware attack, automatically generating investigation directives for verifying whether an endpoint of the computer system is subject to the malware attack; distributing the investigation directives to one or more software agents that are each associated with one or more endpoints of the computer system; and identifying, by the software agents using the investigation directives, at least one infected endpoint in the computer system that is subject to the malware attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Apparatus for securing a computer system, the apparatus comprising:
-
a honeypot node, which is configured to detect a malware attack thereon and to initiate, based on the detected malware attack, automatic generation of investigation directives for verifying whether an endpoint of the computer system is subject to the malware attack; and one or more software agents, which are each associated with one or more endpoints of the computer system and configured to receive the investigation directives, and to identify, using the investigation directives, at least one infected endpoint in the computer system that is subject to the malware attack. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification