Endpoint Detection and Response Utilizing Machine Learning
First Claim
1. A method for implementation by one or more data processors forming part of at least one computing device, the method comprising:
- monitoring, by at least one data processor, a plurality of events associated with each of a plurality of computing nodes forming part of a network topology, the network topology comprising antivirus tools to detect malicious software prior to it accessing one of the computing nodes;
determining, by a least one data processor using at least one machine learning model, that at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools; and
providing, by at least one data processor, data characterizing the determination.
1 Assignment
0 Petitions
Accused Products
Abstract
A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.
-
Citations
20 Claims
-
1. A method for implementation by one or more data processors forming part of at least one computing device, the method comprising:
-
monitoring, by at least one data processor, a plurality of events associated with each of a plurality of computing nodes forming part of a network topology, the network topology comprising antivirus tools to detect malicious software prior to it accessing one of the computing nodes; determining, by a least one data processor using at least one machine learning model, that at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools; and providing, by at least one data processor, data characterizing the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer program product storing instructions which, when executed by at least one data processor forming part of at least one computing device, implement operations comprising:
-
monitoring a plurality of events associated with each of a plurality of computing nodes forming part of a network topology, the network topology comprising antivirus tools to detect malicious software prior to it accessing one of the computing nodes; determining, using at least one machine learning model, that at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools; and providing data characterizing the determination.
-
-
19. A system comprising:
-
at least one data processor; and memory storing instructions which, when executed by the at least one data processor, implement operations comprising; monitoring a plurality of events associated with each of a plurality of computing nodes forming part of a network topology, the network topology comprising antivirus tools to detect malicious software prior to it accessing one of the computing nodes; determining, using at least one machine learning model, that at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools; and providing data characterizing the determination. - View Dependent Claims (20)
-
Specification