An enterprise computer network is monitored to detect and neutralize security breaches. In a first case failed login attempts to multiple target machines (608) are noted (400, 402) and if they come from one machine or a small number of originating machines (606), a password spraying attack from the originating machines is indicated (404), resulting in the originating machines (606) being segregated from the system (406). In another case, multiple indicators of compromise are used to determine (504) whether an enterprise machine (606, 608) is infected with malware and only if multiple indicators are present is the machine segregated (508) from the system.
展开▼
