DETECTION OF ADVANCED PERSISTENT THREAT ATTACK ON A PRIVATE COMPUTER NETWORK
First Claim
1. A system for detecting an advanced persistent threat (APT) attack on a private computer network of an organization, the system comprising:
- a plurality of hosts computers, the plurality of hosts computers receives network traffic over the private computer network, parses the network traffic to generate event data that indicate access to particular computers on the private computer network that store confidential data of the organization, and transmits the event data over the private computer network; and
an APT detection server comprising one or more computers that receive the event data from the plurality of hosts computers, store the event data in an event log, and correlate data in the event log using a set of alert rules to detect an APT attack by identifying an anomalous access to one or more of the particular computers.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for detecting an advanced persistent threat (APT) attack on a private computer network includes hosts computers that receive network traffic and process the network traffic to identify an access event that indicates access to a critical asset of an organization that owns or maintains the private computer network. The critical asset may be a computer that stores confidential data of the organization. Access events may be stored in an event log as event data. Access events indicated in the event log may be correlated using a set of alert rules to identify an APT attack.
-
Citations
17 Claims
-
1. A system for detecting an advanced persistent threat (APT) attack on a private computer network of an organization, the system comprising:
-
a plurality of hosts computers, the plurality of hosts computers receives network traffic over the private computer network, parses the network traffic to generate event data that indicate access to particular computers on the private computer network that store confidential data of the organization, and transmits the event data over the private computer network; and an APT detection server comprising one or more computers that receive the event data from the plurality of hosts computers, store the event data in an event log, and correlate data in the event log using a set of alert rules to detect an APT attack by identifying an anomalous access to one or more of the particular computers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of detecting an advanced persistent threat (APT) attack on a private computer network of an organization, the method comprising:
-
receiving network traffic in hosts computers on the private computer network; the hosts computers parsing the network traffic to generate event data that indicate access to particular computers on the private computer network that store confidential data of the organization; the host computers transmitting the event data to an APT detection server that comprises one or more computers; the APT detection server receiving the event data from the host computers, storing the event data in an event log, correlating data in the event log using a set of alert rules, and detecting an APT attack by identifying an anomalous access to one or more of the particular computers. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification