| 摘要 |
Protection against security attacks involves monitoring network traffic for a computing device security attack and determining whether there is a security event, using one or more network based security tools. Next, it is determined whether an event pattern involving two or more security events meets a predetermined criteria. Upon determining that there is a security attack, corrective action is tailored, based on the type of the computing device, the operating system of the computing device, the type of security attack, and/or the available protection tools. A course of action is performed depending on whether an account of the computing device includes a security protection service. If there is a security protection service, a message is sent over a secure link to the computing device. This message includes the corrective action to cure the computing device from the security attack. |
| 主权项 |
1. A method, comprising steps of:
monitoring, by one or more servers in a network, network traffic of the network for a security attack with respect to a computing device, the one or more servers including a malware detection element, a correlation engine, a logic engine and a device command and control service (DCCS) element, the monitoring comprising:
determining, by the malware detection element, from the monitored network traffic whether there is a security event with respect to the computing device, using one or more network based security event detection tools;determining, by the correlation engine, whether an event pattern of a plurality of security events identified by the one or more network based security event detection tools meets a predetermined criteria; anddetecting, by the logic engine, the security attack with respect to the computing device based on either a security event detection by the malware detection element or an event pattern detection by the correlation engine; responsive to the detected security attack, determining, by the logic engine, a corrective action to take for the computing device, the corrective action tailored based on at least one of:
(i) a type of the computing device;(ii) an operating system of the computing device;(iii) a type of the detected security attack; or(iv) available security attack protection tools; determining, by the logic engine, whether an account of the computing device includes a security attack protection service; and sending, by the DCCS element, a message over a secure communication link through the network to the computing device when the logic engine determines that the account includes the security attack protection service, the message including instructions that trigger an application program configured to cure malware on the computing device to automatically implement the tailored corrective action. |
