| 发明名称 |
SYSTEM FOR DETECTING THREATS USING SCENARIO-BASED TRACKING OF INTERNAL AND EXTERNAL NETWORK TRAFFIC |
| 摘要 |
Disclosed is an improved approach to implement a system and method for detecting insider threats, where models are constructed that is capable of defining what constitutes the normal behavior for any given hosts and quickly find anomalous behaviors that could constitute a potential threat to an organization. The disclosed approach provides a way to identify abnormal data transfers within and external to an organization without the need for individual monitoring software on each host, by leveraging metadata that describe the data exchange patterns observed in the network. |
| 申请公布号 |
US2016191563(A1) |
申请公布日期 |
2016.06.30 |
| 申请号 |
US201514930618 |
申请日期 |
2015.11.02 |
| 申请人 |
Vectra Networks, Inc. |
发明人 |
Beauchesne Nicolas;Pegna David Lopes |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for performing threat detection in a network comprising:
monitoring communications traffic in the network; performing a first threat detection phase by identifying a data exchange pattern involving an internal host and an external host; performing a second threat detection phase by analyzing the data exchange pattern determine whether it is indicative of an insider threat; and reporting a threat if abnormal behavior is identified. |
| 地址 |
San Jose CA US |
