Systems and methods for managing computer security of client computing machines

Assignee

• Symantec Corporation · US

Inventors

• Matteo Dell'Amico · Valbonne, FR
• Kevin Roundy · El Segundo, US
• Chris Gates · Santa Monica, US
• Michael Hart · Farmington, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for managing computer security of client computing machines may include (i) monitoring a set of client computing devices, (ii) receiving security data on sets of security-related events from each client computing device in the set of client computing devices, (iii) clustering the sets of security-related events by calculating a dissimilarity value, for each set of security-related events, that indicates a uniqueness of the set of security-related events in relation to other sets of security-related events using a dissimilarity function and adjusting the dissimilarity function based on a homogeneity of clusters of sets of security-related events, (iv) determining, based on clustering the sets of security-related events by the dissimilarity value, that a set of security-related events comprises an anomaly, and (v) performing a security action in response to determining that the set of security-related events comprises the anomaly. Various other methods, systems, and computer-readable media are also disclosed.