Abstract: A method for operating at least one log-analytics detection platform for detecting security threats associated with a client network, comprising: obtaining, via a communication network, log files from a client network, each log file comprising a log record associated with a channel and including an outbound communications log; extracting a channel feature set for said channels from said log files, said channel feature set comprises data pertaining to an associated entity, at least one channel feature being behavior of communication over a channel; aggregating said channel associated features for each of the channels into a data repository; generating a risk factor characterized by an entity score for said least one entity associated with entities of said channels; and blocking of communication for said entity when said risk factory is indicative of said entity being a security threat.

Abstract: A method for operating at least one log-analytics detection platform for detecting security threats associated with a client network, comprising: obtaining, via a communication network, log files from a client network, each log file comprising a log record associated with a channel and including an outbound communications log; extracting a channel feature set for said channels from said log files, said channel feature set comprises data pertaining to an associated entity, at least one channel feature being behavior of communication over a channel; aggregating said channel associated features for each of the channels into a data repository; generating a risk factor characterized by an entity score for said least one entity associated with entities of said channels; and blocking of communication for said entity when said risk factory is indicative of said entity being a security threat.

Abstract: Log based analysis systems and methods for protecting computers and networks from malicious communications and malware attacks by analyzing log data obtained from client networks having network entities representing business units or customers. The system may further comprise a plurality of client asset machines, each operable to execute a security product associated with a security product vendor and log associated information of the network entities into at least one log file. The log files may be uploaded onto a log-analytics detection platform for analysis using learning algorithms operable to generate a risk factor attribute for at least one entity.

Abstract: A crowdsourcing log analysis system and methods for protecting computers and networks from malware attacks by analyzing data log information obtained from a plurality of client network. The client networks are associated with a set of network entities representing a plurality of business units or customers. The system may further comprise a plurality of server machines, each operable to execute a security product associated with a security product vendor and log associated information of at the network entities into at least one log file. The log files may be uploaded onto a breach detection platform for analysis based upon crowdsourcing principles and is operable to generate a risk factor attribute for at least one suspect entity.

Abstract: Systems and methods for protecting at least one client from becoming part of at least one botnet by monitoring and analyzing botnet communications to and from criminal servers and identifying at least one botnet attack on at least one client. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.

Abstract: Log based analysis systems and methods for protecting computers and networks from malicious communications and malware attacks by analyzing log data obtained from client networks having network entities representing business units or customers. The system may further comprise a plurality of client asset machines, each operable to execute a security product associated with a security product vendor and log associated information of the network entities into at least one log file. The log files may be uploaded onto a log-analytics detection platform for analysis using learning algorithms operable to generate a risk factor attribute for at least one entity.

Abstract: Systems and methods for protecting at least one client from becoming part of at least one botnet by monitoring and analyzing botnet communications to and from criminal servers and identifying at least one botnet attack on at least one client. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.

Abstract: Systems and methods for protecting at least one client from becoming part of at least one botnet. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.

Abstract: A crowdsourcing log analysis system and methods for protecting computers and networks from malware attacks by analyzing data log information obtained from a plurality of client network. The client networks are associated with a set of network entities representing a plurality of business units or customers. The system may further comprise a plurality of server machines, each operable to execute a security product associated with a security product vendor and log associated information of at the network entities into at least one log file. The log files may be uploaded onto a breach detection platform for analysis based upon crowdsourcing principles and is operable to generate a risk factor attribute for at least one suspect entity.

Abstract: Systems and methods for protecting at least one client from becoming part of at least one botnet. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.