Systems and methods for detection and suppression of abnormal conditions within a networked environment
First Claim
1. A processor-implemented system for handling a malicious computer-related security event, wherein the security event occurs at central network access points of the Internet, wherein the central network access points are points involving networks of autonomous and different Internet service providers, said system comprising:
- a non-signature based security event detection software system operating on a first computer connected to a first network of a first Internet service provider;
wherein the non-signature based security event detection software system detects the security event by examining a runtime state of the first computer,wherein detecting the security event by examining the runtime state of the first computer comprises;
comparing the runtime state of the first computer to a normal runtime state of the first computer, anddetermining that the runtime state of the first computer is different from the normal runtime state of the first computer;
a second computer, on which a security event management software system operates, the security event detection software system having access to security event detection results generated by the non-signature based security event detection software system;
wherein the security event management processing software system deploys information to systems of the other Internet service providers that are associated with the central network access points; and
wherein the deployed information is used by the other Internet service providers to handle a security event within their respective networks that is similar to or same as the security event encountered in the first network.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for handling a malicious computer-related security event that occurs at central network access points of the Internet involving networks of autonomous and different internet service providers. A system includes a non-signature based security event detection software system operating on a first computer connected to a first network of a first internet service provider, where the non-signature based security event detection software system detects the security event by examining runtime state of the first computer. A security event management software system operates on a processor-based platform and has access to security event detection results generated by the non-signature based security event detection software system.
-
Citations
21 Claims
-
1. A processor-implemented system for handling a malicious computer-related security event, wherein the security event occurs at central network access points of the Internet, wherein the central network access points are points involving networks of autonomous and different Internet service providers, said system comprising:
-
a non-signature based security event detection software system operating on a first computer connected to a first network of a first Internet service provider; wherein the non-signature based security event detection software system detects the security event by examining a runtime state of the first computer, wherein detecting the security event by examining the runtime state of the first computer comprises; comparing the runtime state of the first computer to a normal runtime state of the first computer, and determining that the runtime state of the first computer is different from the normal runtime state of the first computer; a second computer, on which a security event management software system operates, the security event detection software system having access to security event detection results generated by the non-signature based security event detection software system; wherein the security event management processing software system deploys information to systems of the other Internet service providers that are associated with the central network access points; and wherein the deployed information is used by the other Internet service providers to handle a security event within their respective networks that is similar to or same as the security event encountered in the first network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A processor-implemented method for handling a malicious computer-related security event, wherein the security event occurs at central network access points of the Internet, wherein the central network access points are points involving networks of autonomous and different Internet service providers, said method comprising:
-
operating a non-signature based security event detection software system on a first computer connected to a first network of a first Internet service provider; detecting the security event by the non-signature based security event detection software system by examining a runtime state of the first computer, wherein detecting the security event by examining the runtime state of the first computer comprises; comparing the runtime state of the first computer to a normal runtime state of the first computer, and determining that the runtime state of the first computer is different from the normal runtime state of the first computer; operating a security event management software system on a processor-based platform, wherein the security event management software system has access to security event detection results generated by the non-signature based security event detection software system; and deploying information by the security event management processing software system to systems of the other Internet service providers that are associated with the central network access points; wherein the deployed information is used by the other Internet service providers to handle a security event within their respective networks that is similar to or same as the security event encountered in the first network.
-
Specification