-
公开(公告)号:US09888031B2
公开(公告)日:2018-02-06
申请号:US14944773
申请日:2015-11-18
Applicant: SEC.DO TECHNOLOGIES LTD.
Inventor: Gil Barak , Shai Morag
IPC: H04L29/06
CPC classification number: H04L63/145 , H04L63/1416
Abstract: A system is connected to a plurality of user devices coupled to an enterprise's network. The system continuously collects, stores, and analyzes forensic data related to the enterprise's network. Based on the analysis, the system is able to determine normal behavior of the network and portions thereof and thereby identify abnormal behaviors within the network. Upon identification of an abnormal behavior, the system determines whether the abnormal behavior relates to a security incident. Upon determining a security incident in any portion of the enterprise's network, the system extracts forensic data respective of the security incident and enables further assessment of the security incident as well as identification of the source of the security incident. The system provides real-time damage assessment respective of the security incident as well as the security incident's attributions.
-
2.发明申请SYSTEM AND METHOD THEREOF FOR IDENTIFYING AND RESPONDING TO SECURITY INCIDENTS BASED ON PREEMPTIVE FORENSICS 有权用于识别和应对基于预防威胁的安全事故的系统及方法公开(公告)号:US20160142424A1
公开(公告)日:2016-05-19
申请号:US14944773
申请日:2015-11-18
Applicant: SEC.DO TECHNOLOGIES LTD.
Inventor: Gil BARAK , Shai MORAG
IPC: H04L29/06
CPC classification number: H04L63/145 , H04L63/1416
Abstract: A system is connected to a plurality of user devices coupled to an enterprise's network. The system continuously collects, stores, and analyzes forensic data related to the enterprise's network. Based on the analysis, the system is able to determine normal behavior of the network and portions thereof and thereby identify abnormal behaviors within the network. Upon identification of an abnormal behavior, the system determines whether the abnormal behavior relates to a security incident. Upon determining a security incident in any portion of the enterprise's network, the system extracts forensic data respective of the security incident and enables further assessment of the security incident as well as identification of the source of the security incident. The system provides real-time damage assessment respective of the security incident as well as the security incident's attributions.
Abstract translation: 系统连接到耦合到企业网络的多个用户设备。 系统不断收集,存储和分析与企业网络相关的法医数据。 基于分析,系统能够确定网络及其部分的正常行为,从而识别网络内的异常行为。 在识别异常行为时,系统确定异常行为是否与安全事件有关。 在确定企业网络任何部分的安全事件后,系统将提取安全事件相应的法医数据,并进一步评估安全事件以及确定安全事件的来源。 系统提供有关安全事件以及安全事件属性的实时损害评估。
-
Search Results
2
records
(took 0.009 seconds)
