Security threat monitoring for network-accessible devices

Various aspects related to threat management are disclosed. An example method includes monitoring network traffic on a computer network that includes a plurality of endpoints, identifying a software application executing on at least one endpoint from one or more of the sent data or the received data...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Ackerman, Karl
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Various aspects related to threat management are disclosed. An example method includes monitoring network traffic on a computer network that includes a plurality of endpoints, identifying a software application executing on at least one endpoint from one or more of the sent data or the received data, where execution of the software application is associated with a startup time window and a post-startup time window, determining a security status score for the at least one endpoint based on a comparison of the sent data and the received data with a known pattern of network activity associated with the software application, wherein the known pattern of network activity is based upon the startup time window of the software application, determining a threat status for the at least one endpoint based on the security status score, and, generating an indication of the threat status for the at least one endpoint.