摘要 |
A system, method, and computer program operable in a coordinator device is disclosed. The system comprises: a coordinator device connected to a network; a program database coupled to the coordinator device for storing programs; and a threat response database coupled to the coordinator device for storing threat responses associated with devices connected to the network. The coordinator device comprises a coordinator module configured to: issue a communication associated with one or more programs to one or more devices in a network, the one or more programs for probing the one or more devices for vulnerability to cyber threats; detect a response to the communication from at least one of the one or more devices; detect an event logger message from an event logger when one of the devices sends an event logger event message to the event logger in response to the communication; analyze the detected response and the event logger message; identify a threat response when the detected response, which represents one of an unexpected response, or a response time-out indicating a lack of response from the one or more devices, and the event logger message reports an event occurs; sending a follow-up communication to the at least one device sending the detected response; detecting a follow-up response from the at least one device returning the detected response; and analyzing the follow-up response to determine a network threat condition.
|