Automated collection of forensic evidence associated with a network security incident
US8424094B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 30, 2007 |
| Grant date | Apr 16, 2013 |
| Priority date | — |
| Expiry date | Jul 9, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/308
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An automated collection of forensic evidence associated with a security incident is provided by an arrangement in which different security products called endpoints in an enterprise network are enabled for sharing security-related information over a common communication channel using an abstraction called a security assessment. A security assessment is generally configured to indicate an endpoint's understanding of a detected security incident that pertains to an object in the environment which may include users, computers, IP addresses, and website URIs (Universal Resource Identifiers). The security assessment is published by the endpoint into the channel and received by subscribing endpoints. The security assessment triggers the receiving endpoints to go into a more comprehensive or detailed mode of evidence collection. In addition, any forensic evidence having relevance to the security incident that may have already been collected prior to the detection will be marked for retention so that it is not otherwise deleted.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.