Abstract: System and methods are provided for implementing an intrusion prevention system in which data collected at one or more remote computing assets is analyzed against a plurality of workflow templates. Each template corresponding to a different threat vector and comprises: (i) a trigger definition, (ii) an authorization token, and (iii) an enumerated countermeasure responsive to the corresponding threat vector. When a match between the data collected at the one or more remote computing assets and a trigger definition of a corresponding workflow template is identified, an active threat is deemed to be identified. When this occurs the authorization token of the corresponding workflow template is enacted by obtaining authorization from at least two authorization contacts across established trust channels for the at least two authorization contacts. Responsive to obtaining this authorization, the enumerated countermeasure of the corresponding workflow template is executed.

Abstract: System and methods are provided for implementing an intrusion prevention system in which data collected at one or more remote computing assets is analyzed against a plurality of workflow templates. Each template corresponding to a different threat vector and comprises: (i) a trigger definition, (ii) an authorization token, and (iii) an enumerated countermeasure responsive to the corresponding threat vector. When a match between the data collected at the one or more remote computing assets and a trigger definition of a corresponding workflow template is identified, an active threat is deemed to be identified. When this occurs the authorization token of the corresponding workflow template is enacted by obtaining authorization from at least two authorization contacts across established trust channels for the at least two authorization contacts. Responsive to obtaining this authorization, the enumerated countermeasure of the corresponding workflow template is executed.