Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.
Type:
Grant
Filed:
September 16, 2022
Date of Patent:
June 6, 2023
Assignee:
PROOFPOINT ISRAEL LTD
Inventors:
Doron Elgressy, Yair Grindlinger, Boris Gorin
Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.
Type:
Grant
Filed:
January 17, 2020
Date of Patent:
November 1, 2022
Assignee:
PROOFPOINT ISRAEL LTD
Inventors:
Doron Elgressy, Yair Grindlinger, Boris Gorin
Abstract: An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.
Type:
Grant
Filed:
October 5, 2016
Date of Patent:
March 3, 2020
Assignee:
PROOFPOINT ISRAEL LTD
Inventors:
Doron Elgressy, Yair Grindlinger, Boris Gorin