Abstract: A method of probing and responding to a security breach in a computer network security system includes defining first and second rules and defining a model to output a probability that a security breach has occurred based on an input and to generate commands. Data is collected at first nodes according to the first rules and a first portion of the collected data is selected and sent from the first nodes to a second node. The selected first portion is input into the model to obtain an output probability that a security breach has occurred and the following steps are performed: determining signs of a security breach, generating a first command with the model to cause a second portion of the collected data to be selected, and generating a second command with the model to cause a change in settings at one or more of the first nodes.

Abstract: A method of probing and responding to a security breach in a computer network security system includes defining first and second rules and defining a model to output a probability that a security breach has occurred based on an input and to generate commands. Data is collected at first nodes according to the first rules and a first portion of the collected data is selected and sent from the first nodes to a second node. The selected first portion is input into the model to obtain an output probability that a security breach has occurred and the following steps are performed: determining signs of a security breach, generating a first command with the model to cause a second portion of the collected data to be selected, and generating a second command with the model to cause a change in settings at one or more of the first nodes.

Abstract: A method of detecting malware on a client computer, the method including generating a hash of an entity at the client computer, whereby the entity is suspected to be malware, sending the hash to a network server, considering the reputation of the hash at the network server by comparing the hash to a database of hashes of known reputation, returning the results of said considering to the client computer, and, if the reputation is not known at the server, sending instructions to the client computer for obtaining further information about the entity at the client computer, wherein said further information is obtained by executing code at the client computer sent by the server to the client computer after said considering the reputation if said code is not stored at the client computer before said generating a hash.

Abstract: A method of detecting malware on a client computer, the method including generating a hash of an entity at the client computer, whereby the entity is suspected to be malware, sending the hash to a network server, considering the reputation of the hash at the network server by comparing the hash to a database of hashes of known reputation, returning the results of said considering to the client computer, and, if the reputation is not known at the server, sending instructions to the client computer for obtaining further information about the entity at the client computer, wherein said further information is obtained by executing code at the client computer sent by the server to the client computer after said considering the reputation if said code is not stored at the client computer before said generating a hash.