首页>
外国专利>
Identifying and responding to security incidents based on preemptive forensics
Identifying and responding to security incidents based on preemptive forensics
展开▼
机译:基于先发取证的识别和响应安全事件
展开▼
页面导航
摘要
著录项
相似文献
摘要
A system is connected to a plurality of user devices coupled to an enterprise's network. The system continuously collects, stores, and analyzes forensic data related to the enterprise's network. Based on the analysis, the system is able to determine normal behavior of the network and portions thereof and thereby identify abnormal behaviors within the network. Upon identification of an abnormal behavior, the system determines whether the abnormal behavior relates to a security incident. Upon determining a security incident in any portion of the enterprise's network, the system extracts forensic data respective of the security incident and enables further assessment of the security incident as well as identification of the source of the security incident. The system provides real-time damage assessment respective of the security incident as well as the security incident's attributions.
展开▼