| 发明名称 |
SYSTEM AND METHOD OF PROTECTING CLIENT COMPUTERS |
| 摘要 |
A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise. |
| 申请公布号 |
US2015135317(A1) |
申请公布日期 |
2015.05.14 |
| 申请号 |
US201314079565 |
申请日期 |
2013.11.13 |
| 申请人 |
NetCitadel Inc. |
发明人 |
Tock Theron D.;Horn Michael P. |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of providing security for a plurality of client computers, the method comprising:
receiving an event report identifying possible malware on a client computer; receiving a set of data from the client computer; automatically analyzing the set of data based on a set of known actual identifiers of compromise (IOCs) related to the possible malware; updating the set of known actual identifiers of compromise; and automatically re-analyzing the set of data based on the update. |
| 地址 |
Mountain View CA US |
