SECURITY THREAT DETECTION
First Claim
1. A method comprising:
- maintaining, by a network security device, a network traffic log, wherein the network traffic log includes information associated with network activities observed within a private network;
responsive to an event, retrospectively scanning, by the network security device, the network traffic log in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities; and
when the threat is identified as a result of said retrospectively scanning, then performing, by the network security device, one or more of a remedial action and a preventive action with respect to the threat.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities. When the threat is identified as a result of the retrospective scan, then remedial and/or preventive action is taken with respect to the threat.
-
Citations
17 Claims
-
1. A method comprising:
-
maintaining, by a network security device, a network traffic log, wherein the network traffic log includes information associated with network activities observed within a private network; responsive to an event, retrospectively scanning, by the network security device, the network traffic log in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities; and when the threat is identified as a result of said retrospectively scanning, then performing, by the network security device, one or more of a remedial action and a preventive action with respect to the threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification