Cyber-security system and methods thereof
First Claim
1. A method for adaptively securing a protected entity against cyber-threats, comprising:
- selecting at least one security application from a plurality of security applications, wherein each of the plurality of security applications is configured to handle a different type of cyber-threat, wherein the at least one security application executes a plurality of security services assigned to the at least one selected security application;
determining at least one workflow rule respective of the at least one security application, wherein the at least one workflow rule is defined to handle a certain type of cyber-threat;
generating a plurality of signals by the plurality of security services, wherein each signal of the plurality of signals is generated with respect to a potential cyber-threat;
generating at least one security event respective of the plurality of received signals;
determining if the at least one security event satisfies the at least one workflow rule; and
upon determining that the at least one security event satisfies the workflow rule, generating at least one action with respect to the potential cyber-threat, wherein the at least one workflow rule applies a set of logical operators on events to generate the at least one action.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for adaptively securing a protected entity against cyber-threats are presented. The method includes selecting at least one security application configured to handle a cyber-threat, wherein the at least one security application executes a plurality of security services assigned to the at least one security application; determining at least one workflow rule respective of the at least one security application; receiving a plurality of signals from the plurality of security services, wherein each signal of the plurality of signals is generated with respect to a potential cyber-threat; generating at least one security event respective of the plurality of received signals; checking determining if the at least one security event satisfies the at least one workflow rule; and upon determining that the at least one security event satisfies the workflow rule, generating at least one action with respect to the potential cyber-threat.
60 Citations
33 Claims
-
1. A method for adaptively securing a protected entity against cyber-threats, comprising:
-
selecting at least one security application from a plurality of security applications, wherein each of the plurality of security applications is configured to handle a different type of cyber-threat, wherein the at least one security application executes a plurality of security services assigned to the at least one selected security application; determining at least one workflow rule respective of the at least one security application, wherein the at least one workflow rule is defined to handle a certain type of cyber-threat; generating a plurality of signals by the plurality of security services, wherein each signal of the plurality of signals is generated with respect to a potential cyber-threat; generating at least one security event respective of the plurality of received signals; determining if the at least one security event satisfies the at least one workflow rule; and upon determining that the at least one security event satisfies the workflow rule, generating at least one action with respect to the potential cyber-threat, wherein the at least one workflow rule applies a set of logical operators on events to generate the at least one action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for adaptively securing a protected entity against cyber-threats, comprising:
-
selecting at least one security application from a plurality of security applications, wherein each of the plurality of security applications is configured to handle a different type of cyber-threat, wherein the at least one security application executes a plurality of security services assigned to the selected at least one security application, and wherein each security service of the plurality of security services is configured to execute at least one engine, wherein each of the least one application is configured with at least one workflow rule, wherein the at least one workflow rule applies a set of logical operators on events to generate at least one action; receiving a plurality of signals related to the protected entity; analyzing the plurality of received signals to determine if the selected at least one security application is optimally configured to handle a potential cyber-threat that threatens the protected entity; and upon determining that the at least one security application is not optimally configured to handle the potential cyber-threat, reprogramming the selected at least one security application. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for adaptively securing a protected entity against cyber-threats, comprising:
-
a processor; and a memory, the memory containing instructions that, when executed by the processor, configure the system to; select at least one security application from a plurality of security applications, wherein each of the plurality of security applications is configured to handle a different type of cyber-threat, wherein the at least one security application executes a plurality of security services assigned to the at least one security application; determine at least one workflow rule respective of the at least one security application, wherein the at least one workflow rule is defined to handle a certain type of cyber-threat; generate a plurality of signals by the plurality of security services, wherein each signal of the plurality of signals is generated with respect to a potential cyber-threat; generate at least one security event respective of the plurality of received signals; determine if the at least one security event satisfies the at least one workflow rule; and upon determining that the at least one security event satisfies the workflow rule, generate at least one action with respect to the potential cyber-threat, wherein the at least one workflow rule applies a set of logical operators on events to generate at least the one action. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for adaptively securing a protected entity against cyber-threats, comprising:
-
a processor; and a memory, the memory containing instructions that, when executed by the processor, configure the system to; select at least one security application from a plurality of security applications, wherein each security application is configured to handle a different type of cyber-threat, wherein the at least one security application executes a plurality of security services assigned to the selected at least one security application, and wherein each security service of the plurality of security services is configured to execute at least one engine; receive a plurality of signals related to the protected entity, wherein each of the least one application is configured with at least one workflow rule, wherein the at least one workflow rule applies a set of logical operators on events to generate at least one action; analyze the plurality of received signals to determine if the selected at least one security application is optimally configured to handle a potential cyber-threat that threatens the protected entity; and upon determining that the at least one security application is not optimally configured to handle the potential cyber-threat, reprogram the selected at least one security application.
-
Specification