Systems and methods for providing network security monitoring

Assignee

• Blackpoint Holdings, LLC · US

Inventors

• Jon Murchison · Ellicott City, US
• Christopher Chiu · Pequest, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1491
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods are disclosed for detecting malicious lateral activity within a computer network. In an embodiment, an agent, implemented on one or more computing devices, subscribes to a plurality of privileged authentication events on a network node within the computer network, provides an alert to a network administrator in response to detection of one of the subscribed privileged authentication events, and initiates live collection of network metadata in response to the detection of the subscribed privileged authentication event. A security monitoring device, implemented on the one or more computing devices, includes an analyzer configured to detect when the network node has connected to the computer network and deploy the agent to the network node in response to the node connecting to the network. The agent may provide the collected network metadata to the analyzer.