Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise.

Abstract: A system, apparatus and method are provided for dynamically updating a configuration of a network device when relevant sources and destinations of network traffic are added, removed or migrated in a network. A configuration of a network device is associated with a set of network addresses representing a set of relevant sources and destinations of network traffic. The set is dynamic in that the membership of the set can change over time to include different network addresses as the set of relevant sources and destinations of network traffic changes over time. One or more data sources are monitored to obtain the network addresses for the set of relevant sources and destinations and to determine if the membership of the set has changed. When a change is detected, the configuration of the network device is updated on the network device to reflect the network addresses that are currently in the set.