SYSTEM AND METHODS FOR MALWARE DETECTION USING LOG ANALYTICS FOR CHANNELS AND SUPER CHANNELS

摘要

Log based analysis systems and methods for protecting computers and networks from malicious communications and malware attacks by analyzing log data obtained from client networks having network entities representing business units or customers. The system may further comprise a plurality of client asset machines, each operable to execute a security product associated with a security product vendor and log associated information of the network entities into at least one log file. The log files may be uploaded onto a log-analytics detection platform for analysis using learning algorithms operable to generate a risk factor attribute for at least one entity.

主权项

1. A log-analytic system for identifying outbound communications to detect at least one security threat in at least one client network, said system comprising:
at least one log-analytic detection platform operable to receive a plurality of log files from said at least one client network via a communication network; at least one asset associated with said at least one client network and operable to communicate with at least one host via said communication network; and at least one network entity associated with said at least one client network operable to enable outbound communication and further log assessment attributes associated with at least one channel into at least one log file of said plurality of log files; wherein said at least one channel connects said at least one asset with at least one host and said log-analytic detection system is operable to identify said at least one channel and generate a risk factor for at least one entity associated with entities of said at least one channel.