| 发明名称 | Systems and methods for network flow remediation based on risk correlation | ||
| 摘要 | Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for network flow and device/platform remediation in response to reconnaissance-based intelligence correlation based on network monitoring, to accomplish network flow remediation and device/platform remediation. In an embodiment, a system receives system warnings and endpoint threat intelligence. The system correlates risk based on inputs from sensory inputs that monitor network activity, system configuration, resource utilization, and device integrity. The system then performs a calculus of risk on a global security context including endpoint assessment reports and sends system warnings based upon the endpoint threat intelligence. The system includes a remediation engine for receiving real time directives to control the device. | ||
| 申请公布号 | US9027125(B2) | 申请公布日期 | 2015.05.05 |
| 申请号 | US201213559732 | 申请日期 | 2012.07.27 |
| 申请人 | Taasera, Inc. | 发明人 | Kumar Srinivas;Pollutro Dennis |
| 分类号 | G06F7/04;G06F12/00;G06F12/14;G06F13/00;G06F17/30;G06F21/56;H04L29/06;G06F21/51 | 主分类号 | G06F7/04 |
| 代理机构 | Buchanan Ingersoll & Rooney PC | 代理人 | Buchanan Ingersoll & Rooney PC |
| 主权项 | 1. A system for providing network flow level remediation at a network element based upon a runtime risk correlation for an infected computing device or an application that is not operating with integrity and executing on a computing device, the system comprising: a network trust agent configured to subscribe to and receive system warnings regarding reputation of the computing device; an endpoint trust agent, on the computing device, configured to monitor local device activities at runtime and receive endpoint threat intelligence; an event and behavior correlation engine configured to correlate risk based on inputs received from a plurality of sensory inputs configured to monitor network activity of the computing device and applications executing thereon, system configuration for the computing device and applications executing thereon, resource utilization by the computing device and applications running thereon, and integrity of the computing device and applications running thereon; a trust orchestration server configured to: perform a calculus of risk on a global security context including endpoint assessment reports received from collaboration services, andsend system warnings based upon the endpoint threat intelligence to the network trust agent; and a remediation engine configured to receive real time directives for control of the infected computing device or the application that is not operating with integrity running on the computing device and provide said system warnings regarding reputation of the computing device to orchestration or policy enforcement point services. | ||
| 地址 | Erie PA US | ||