Adaptive data collection for root-cause analysis and intrusion detection
US8413247B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 14, 2007 |
| Grant date | Apr 2, 2013 |
| Priority date | — |
| Expiry date | May 19, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Endpoints in an enterprise security environment are configured to adaptively switch from their normal data collection mode to a long-term, detailed data collection mode where advanced analyses are applied to the collected detailed data. Such adaptive data collection and analysis is triggered upon the receipt of a security assessment of a particular type, where a security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information (i.e., data in some context) that is collected about an object of interest. A specialized endpoint is coupled to the security assessment channel and performs as a centralized audit point by subscribing to all security assessments, logging the security assessments, and also logging the local actions taken by endpoints in response to detected security incidents in the environment. The specialized endpoint is arranged to perform various analyses and processes on historical security assessments.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.