TARGETED ATTACKS DETECTION SYSTEM
Systems and methods for targeted attack detection. A protection system intercepts traffic destined for a protected system and only traffic identified as non-malicious is allowed to pass thereto. Data collection agents (DCAs) instantiated at protected systems report information concerning protected s...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Systems and methods for targeted attack detection. A protection system intercepts traffic destined for a protected system and only traffic identified as non-malicious is allowed to pass thereto. Data collection agents (DCAs) instantiated at protected systems report information concerning protected system resources to the protection system, which creates from that information a set of threat attack detection metrics (TADMs) by which it evaluates payloads of the intercepted traffic. In particular, the intercepted traffic is assessed using conventional threat detection approaches to identify suspect payloads. The suspect payloads are additionally evaluated against the TADMs to determine if they contain any references to specific resources of the protected system. For those of the suspect payloads for which the TADM evaluation reveals positive results, the protection system provides an alert that a targeted attack has been recognized. |
|---|