| 发明名称 |
System and method employing structured intelligence to verify and contain threats at endpoints |
| 摘要 |
A system and method to detect and contain threatening executable code by employing a threat monitor, verifier, endpoint agent, and a security information and event management module. The system and method are a departure from and an improvement over conventional systems in that, among other things, the system and method allow an investigator to determine whether a threat has persisted or executed, and allow that information to be communicated back to the detection mechanism (or other system) such that a user (or machine) may make a decision to take further action such as to contain the threat quickly and/or permit the system to do so automatically. |
| 申请公布号 |
US9413781(B2) |
申请公布日期 |
2016.08.09 |
| 申请号 |
US201414216453 |
申请日期 |
2014.03.17 |
| 申请人 |
FireEye, Inc. |
发明人 |
Cunningham Sean;Dana Robert;Nardone Joseph;Faber Joseph;Arunski Kevin |
| 分类号 |
G06F11/00;H04L29/06;G06F21/55 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computerized method to identify potentially malicious code at an endpoint in a network, the method comprising the steps of:
via a threat monitor:
monitoring network data,extracting at least one set of network data, andprocessing the at least one set of network data to generate a report; via a verifier including an agent coordinator, issuing at least one of (i) instructions, and (ii) indicators to an endpoint agent based on the report; and processing, via the endpoint agent, the at least one of (i) instructions, and (ii) indicators to generate verification information, wherein the verification information is processed via the verifier by comparing the verification information to at least one of (a) data obtained from another endpoint, and (b) data obtained from a security information and event management module (SIEM). |
| 地址 |
Milpitas CA US |
