Detecting local user security-related anomalies using active scans

Detecting local user security-related anomalies using active scans

Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote adm...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Simakov, Marina, Be'ery, Tal, Maor, Tal Joseph, Ashkenazy, Itai Grady, Hoch, Chaim Menachem
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote admin interface, defenders gain visibility to local users' logons, group membership, password changes, and other parameters. Security applications enabled by this visibility include, but are not limited to, abnormal logons detection, abnormal group addition and removal detection, and abnormal password changes detection.