Abstract: A method of detecting coordinated attacks on computer and computer networks via the internet. The method includes using a web crawler to crawl the world wide web to identify domains and subdomains and their associated IP addresses, and to identify links between domains and subdomains, and storing the results in a database. When an IP address is identified as malicious or suspicious, the IP address is used as a lookup in the database to identify the associated domain and subdomain, and linked domains and subdomains. Those linked domains and subdomains are then identified as malicious or suspicious.

Abstract: There are provided measures for enabling advanced local-network threat response. Such measures could exemplarily comprise receiving, at a local-network honeypot entity, a username/password related authentication data in relation to a login attempt to the honeypot entity, triggering a threat response operation at a local-network backend entity upon detection of the username/password related authentication data, the threat response operation comprising testing validity of the username/password related authentication data in one or more local accounts of the local-network, and in case the username/password related authentication data is detected to be valid for any account in the local-network, determining that said account is compromised and locking the compromised account.

Abstract: There are provided measures for enabling advanced local-network threat response. Such measures could exemplarily comprise receiving, at a local-network honeypot entity, a username/password related authentication data in relation to a login attempt to the honeypot entity, triggering a threat response operation at a local-network backend entity upon detection of the username/password related authentication data, the threat response operation comprising testing validity of the username/password related authentication data in one or more local accounts of the local-network, and in case the username/password related authentication data is detected to be valid for any account in the local-network, determining that said account is compromised and locking the compromised account.

Abstract: A method of detecting coordinated attacks on computer and computer networks via the internet. The method includes using a web crawler to crawl the world wide web to identify domains and subdomains and their associated IP addresses, and to identify links between domains and subdomains, and storing the results in a database. When an IP address is identified as malicious or suspicious, the IP address is used as a lookup in the database to identify the associated domain and subdomain, and linked domains and subdomains. Those linked domains and subdomains are then identified as malicious or suspicious.

Abstract: There are provided measures for enabling evasive intrusion detection in a private network. Such measures could exemplarily include a system for intrusion detection in a private network, said private network including a plurality of endpoints and an endpoint security system for monitoring security of the plurality of endpoints, said system including an intrusion scanning entity for scanning the plurality of endpoints in the private network for indications of an intrusion from outside of the private network, and an intrusion notifying entity for collecting intrusion scanning information for the plurality of endpoints in the private network from the intrusion scanning entity, wherein the intrusion scanning entity and the intrusion notifying entity are set up uniquely for the private network on the basis of intrusion suspicion information from the endpoint security system.

Abstract: There are provided measures for enabling advanced local-network threat response. Such measures could exemplarily include detecting a security threat initiated by a local-network host at a local-network honeypot entity, triggering a threat response operation at a local-network backend entity upon detection of the security threat by the local-network honeypot entity, and executing the threat response operation by the local-network backend entity, said threat response operation including an operation of one of an endpoint threat management system and a local-network vulnerability management system.