Abstract: A stream of events is received at a local security agent running on an endpoint at an enterprise network. The local security agent may detect an event of a first event type and may generate an aggregate event with subsequent events of the first event type in the stream. The local security agent may then transmit the aggregate event to a security resource for detecting security threats.

Abstract: Various aspects related to methods, systems, and computer readable media for detection and blocking of security threats for network-accessible devices. Methods may include receiving an indication of a security threat to the user device, the indication of security threat associated with a device threat type, determining that the device threat type is a threat type that requires elevated security measures, responsive to the determining that the device threat type requires elevated security measures, restricting execution of a subset of software available on the user device for a first time period, and, after the elevating, automatically remediating the security threat on the user device within the first time period.

Abstract: Various aspects related to methods, systems, and computer readable media for detection and blocking of security threats for network-accessible devices. Methods may include receiving an indication of a security threat to a user device of the plurality of user devices, the indication of security threat associated with a device threat type, determining that the device threat type is a threat type that requires elevated security measures, responsive to the determining that the device threat type requires elevated security measures, elevating security measures associated with the user device for a first time period, and, after the elevating, automatically remediating the security threat on the user device within the first time period.

Abstract: Various aspects related to methods, systems, and computer readable media for detection and blocking of security threats for network-accessible devices. Methods can include monitoring network traffic on a computer network, detecting an indication of a security threat to at least one endpoint, determining that the device threat type is a threat type that requires elevated security measures, responsive to the determining that the device threat type requires elevated security measures, updating a network-access policy for the plurality of endpoints with the threat type, and after the updating, automatically remediating the security threat on the at least one endpoint within a first time period.

Abstract: Various aspects related to methods, systems, and computer readable media for detection and blocking of security threats for network-accessible devices. Methods may include monitoring a plurality of processes executing on the user device to identify a pre-execution flag associated with at least one process of the plurality of processes, and, responsive to identifying the pre-execution flag: receiving an indication of a security threat to the user device, the indication of security threat associated with the at least one process and a device threat type, responsive to the receiving the indication of the security threat, elevating security measures associated with the user device for a first time period, and after the elevating, automatically remediating the security threat on the user device within the first time period.

Abstract: A stream of events is received at a local security agent running on an endpoint at an enterprise network. The local security agent may detect an event of a first event type and may generate an aggregate event with subsequent events of the first event type in the stream. The local security agent may then transmit the aggregate event to a security resource for detecting security threats.

Abstract: A stream of events is received at a local security agent running on an endpoint at an enterprise network. The local security agent may detect an event of a first event type and may generate an aggregate event with subsequent events of the first event type in the stream. The local security agent may then transmit the aggregate event to a security resource for detecting security threats.