×

SYSTEMS AND METHODS FOR IMPLEMENTING INTRUSION PREVENTION

  • US 20180359264A1
  • Filed: 05/12/2016
  • Published: 12/13/2018
  • Est. Priority Date: 05/12/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer system comprising:

  • one or more processing units;

    memory storing one or more programs for execution by the one or more processors, the one more programs comprising;

    instructions for receiving data collected at one or more remote computing assets;

    instructions for obtaining a plurality of workflow templates, wherein each respective workflow template in the plurality of workflow templates corresponds to a different threat vector in a plurality of threat vectors and wherein each respective workflow template in the plurality of workflow templates comprises;

    (i) a trigger definition, (ii) an authorization token, and (iii) an enumerated countermeasure responsive to the corresponding threat vector; and

    instructions for identifying an active threat by comparing the data collected at the one or more remote computing assets against the trigger definition of respective workflow templates in the plurality of workflow templates, wherein, when a match between the data collected at the one or more remote computing assets and a trigger definition of a corresponding workflow template is identified, an active threat is deemed to be identified, and the instructions for identifying further comprise;

    (A) enacting the authorization token of the corresponding workflow template, wherein the enacting comprises;

    (a) obtaining authorization from a first authorization contact associated with the corresponding workflow template, the obtaining (a) comprising (i) pushing an alert regarding the corresponding workflow template through a first established trust channel to a first remote device associated with the first authorization contact without user intervention by the first authorization contact, wherein the first remote device is other than the one or more remote computing assets, and (ii) receiving a first indication to proceed from the first authorization contact, and(b) obtaining authorization from a second authorization contact associated with the corresponding workflow template, by a method comprising (i) pushing the alert regarding the corresponding workflow template through a second established trust channel to a second remote device associated with the second authorization contact without user intervention by the second authorization contact, wherein the second remote device is other than the one or more remote computing assets and wherein the second remote device is other than the first remote device, and (ii) receiving a second indication to proceed from the second authorization contact, and(B) responsive to satisfactory completion of the authorization protocol, wherein satisfaction of the authorization protocol requires receiving the first and second indication to proceed, executing the enumerated countermeasure of the corresponding workflow template.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×