METHODS AND CLOUD-BASED SYSTEMS FOR CORRELATING MALWARE DETECTIONS BY ENDPOINT DEVICES AND SERVERS
First Claim
1. A method for correlating malware detections by endpoint devices and servers, comprising:
- receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts;
correlating, by the correlator, the one or more events collected without invasive techniques with the one or more events collected using the one or more invasive techniques;
creating, by the correlator, a suspicious pattern, when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using the one or more invasive techniques is used to detect a malware; and
updating, by the correlator, databases of one or more endpoint devices with created suspicious patterns.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are systems and method for correlating malware detections by endpoint devices and servers. In one aspect, an exemplary method comprises receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts, correlating the one or more events collected without invasive techniques with one or more events collected using the one or more invasive techniques, creating a suspicious pattern when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using one or more invasive techniques is used to detect a malware, and updating databases of one or more endpoint devices with created suspicious patterns.
0 Citations
20 Claims
-
1. A method for correlating malware detections by endpoint devices and servers, comprising:
-
receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts; correlating, by the correlator, the one or more events collected without invasive techniques with the one or more events collected using the one or more invasive techniques; creating, by the correlator, a suspicious pattern, when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using the one or more invasive techniques is used to detect a malware; and updating, by the correlator, databases of one or more endpoint devices with created suspicious patterns. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for correlating malware detections by endpoint devices and servers, comprising:
at least one processor of a correlator configured to; receive, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts; correlate, by the correlator, the one or more events collected without invasive techniques with the one or more events collected using the one or more invasive techniques; create, by the correlator, a suspicious pattern, when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using the one or more invasive techniques is used to detect a malware; and update, by the correlator, databases of one or more endpoint devices with created suspicious patterns. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A non-transitory computer readable medium storing thereon computer executable instructions for correlating malware detections by endpoint devices and servers, including instructions for:
-
receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts; correlating, by the correlator, the one or more events collected without invasive techniques with the one or more events collected using the one or more invasive techniques; creating, by the correlator, a suspicious pattern, when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using the one or more invasive techniques is used to detect a malware; and updating, by the correlator, databases of one or more endpoint devices with created suspicious patterns. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification