A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; defining a plurality of subsystem-specific queries on a unified platform concerning the plurality of security-relevant subsystems, wherein one or more of the plurality of subsystem-specific queries has a defined execution schedule; and providing the plurality of subsystem-specific queries to the plurality of security-relevant subsystems.
A computer-implemented method, computer program product and computing system for: a computer-implemented method is executed on a computing device and includes: obtaining object information concerning one or more initial objects within a computing platform in response to a security event; identifying an event type for the security event; and executing a response script based, at least in part, upon the event type.
A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; defining a specific task to be executed on one or more of the plurality of security-relevant subsystems, thus defining one or more target security-relevant subsystems; commissioning a container-based job within which the specific task will be executed; and executing the specific task within the container-based job.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; defining a unified query on a unified platform concerning the plurality of security-relevant subsystems; denormalizing the unified query to define a subsystem-specific query for each of the plurality of security-relevant subsystems, thus defining a plurality of subsystem-specific queries; and providing the plurality of subsystem-specific queries to the plurality of security-relevant subsystems.
A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; and mapping one or more data fields of a unified platform to one or more data fields of each of the plurality of security-relevant subsystems.
A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining possible security-relevant capabilities for the computing platform; and rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A computer-implemented method, computer program product and computing system for: detecting one or more security events within a computing platform of a client; notifying the client of the one or more security events within the computing platform; determining how long it took the client to resolve the one or more security events within the computing platform; and providing a resolution report to the client that quantifies client resolution performance based, at least in part, upon how long it took the client to resolve the one or more security events within the computing platform.
A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; identifying coverage gaps in the current security-relevant capabilities; and providing one or more recommendations concerning how to mitigate the coverage gaps.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A computer-implemented method, computer program product and computing system for: defining a threat mitigation platform for a client, wherein the threat mitigation platform includes a plurality of threat detection capability modules; defining a rollout schedule for at least a portion of the plurality of threat detection capability modules; and presenting the rollout schedule to the client.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A computer-implemented method, computer program product and computing system for: detecting one or more security events within a computing platform of a client; notifying the client of the one or more security events within the computing platform; determining if the client responded to the one or more security events within the computing platform; and providing a response report to the client that quantifies client response performance based, at least in part, upon if the client responded to the one or more security events within the computing platform.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; receiving a unified query from a third-party concerning the plurality of security-relevant subsystems; distributing at least a portion of the unified query to the plurality of security-relevant subsystems; and effectuating the at least a portion of the unified query on each of the plurality of security-relevant subsystems to generate a plurality of result sets.
A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining comparative platform information that identifies security-relevant capabilities for a comparative platform; and generating comparison information that compares the current security-relevant capabilities of the computing platform to the comparative platform information of the comparative platform to identify a threat context indicator.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
A computer-implemented method, computer program product and computing system for: defining a training routine for a specific attack of a computing platform; and generating a simulation of the specific attack by executing the training routine within a controlled test environment.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
A computer-implemented method, computer program product and computing system for: obtaining system-defined consolidated platform information for a computing platform from an independent information source; obtaining client-defined consolidated platform information for the computing platform from a client information source; and presenting differential consolidated platform information for the computing platform to the third-party.
A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; obtaining at least one security-relevant information set from each of the plurality of security-relevant subsystems, thus defining a plurality of security-relevant information sets; and combining the plurality of security-relevant information sets to form an aggregated security-relevant information set for the computing platform
A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining possible security-relevant capabilities for the computing platform; and generating comparison information that compares the current security-relevant capabilities of the computing platform to the possible security-relevant capabilities of the computing platform to identify security-relevant deficiencies
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
A computer-implemented method, computer program product and computing system for: receiving platform information from a plurality of security-relevant subsystems; processing the platform information to generate processed platform information; identifying more threat-pertinent content included within the processed content; and routing the more threat-pertinent content to a threat analysis engine.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/55 - Detecting local intrusion or implementing counter-measures
A computer-implemented method, computer program product and computing system for associating a unique identifier with an entity. Network traffic directed toward the unique identifier is intercepted and routed to a computing device.
A computer-implemented method, computer program product and computing system for importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions. The plurality of raw threat data definitions are processed, thus generating a plurality of processed threat data definitions. The plurality of processed threat data definitions are processed to form a master threat data definition. The master threat data definition is provided to one or more client electronic devices.
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
patents
