Distributed real-time network protection for authentication systems
First Claim
1. A method for centrally managing information about security events detected by a group of protected web-connected resources, the method comprising:
- receiving a plurality of security event reports from one or more deployment components by a first computer, wherein each of the deployment components is coupled to a native service local to one of a plurality of web-connected resources of a plurality of additional, separate computers;
based on the received security event reports, determining by the first computer a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics;
transmitting the determined threat level indicator to each of the web-connected resources of a plurality of the additional, separate computers;
receiving the threat level indicator by each of the web-connected resources of the plurality of additional, separate computers; and
one or more of the native services of the plurality of additional, separate computers selecting and performing a security breach abatement action according to the received threat level indicator, wherein the selecting is performed by the native service according to a Security Policy local to each corresponding additional, separate computer;
wherein the threat indicator excludes instructions for security breach abatement.
1 Assignment
0 Petitions
Accused Products
Abstract
Information about security events detected by a group of protected web-connected resources is centrally managed in order to detect distributed attacks and slow paced attacks by providing to a plurality of web-connected resources a deployment component which couples to a native authorization service of each web-connected resource; receiving a plurality of security event reports from one or more of the deployment components by a command and control center computer; based on collected information from the plurality of security event reports, determining a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics; and transmitting the threat level indicator to each of the web-connected resources.
28 Citations
20 Claims
-
1. A method for centrally managing information about security events detected by a group of protected web-connected resources, the method comprising:
-
receiving a plurality of security event reports from one or more deployment components by a first computer, wherein each of the deployment components is coupled to a native service local to one of a plurality of web-connected resources of a plurality of additional, separate computers; based on the received security event reports, determining by the first computer a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics; transmitting the determined threat level indicator to each of the web-connected resources of a plurality of the additional, separate computers; receiving the threat level indicator by each of the web-connected resources of the plurality of additional, separate computers; and one or more of the native services of the plurality of additional, separate computers selecting and performing a security breach abatement action according to the received threat level indicator, wherein the selecting is performed by the native service according to a Security Policy local to each corresponding additional, separate computer; wherein the threat indicator excludes instructions for security breach abatement. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for centrally managing information about security events detected by a group of protected web-connected resources, the computer program product comprising:
-
a plurality of computer readable tangible storage memory devices; first program instruction stored by one of the memory device to receive a plurality of security event reports from one or more deployment components by a first computer, wherein each of the deployment components is coupled to a native service local to one of a plurality of web-connected resources of a plurality of additional, separate computers; second program instruction stored by one of the memory device to, based on the received security event reports, determine by the first computer a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics; third program instruction stored by one of the memory device to transmit the determined threat level indicator to each of the web-connected resources of the plurality of the additional, separate computers; fourth program instructions stored by one of the memory device to receive the threat level indicator by each of the web-connected resources of the plurality of the additional, separate computers; and fifth program instructions stored by one of the memory device for one or more of the native services of the plurality of the additional, separate computers to select and perform a security breach abatement action according to the received threat level indicator, wherein the selecting is performed by the native service and according to a Security Policy local to each corresponding additional, separate computer; wherein he threat indicator excludes instructions for security breach abatement. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for centrally managing information about security events detected by a group of protected web-connected resources, the system comprising:
-
a hardware portion of a first computing platform to perform a logical process; a plurality of web-connected resources of a plurality of additional, separate computers, each of which is coupled to a native authorization service of each web-connected resource; a report input portion of the first computing platform to receive a plurality of security event reports from one or more of the deployment components by, wherein each of the deployment components is coupled to a native service local to one of a plurality of web-connected resources of the plurality of the additional, separate computers; a threat level analyzer portion of the first computing platform to, based on the security event reports, determine a threat level indicator across the plurality of web-connected resources using one or more analyses and metrics; an indicator output to transmit the threat level indicator from the first computing platform to each of the web-connected resources of the plurality of the additional, separate computers; and one or more of the native services of the plurality of additional, separate computers selecting and performing a security breach abatement action according to the received threat level indicator, wherein the selecting is performed by the native service according to a Security Policy local to each corresponding additional, separate computer; wherein the threat indicator excludes instructions for security breach abatement. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification