SYSTEM AND METHOD OF PROTECTING CLIENT COMPUTERS

• Main Authors: HORN, Michael, TOCK, Theron, D
• Format: Patent
• Language: English; French; German
• Published: 06.04.2022
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRIC DIGITAL DATA PROCESSING; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

Systems and methods for threat detection and response are provided. A threat response computer (220) receives from a threat detector (230) running on a client computer (210) in an enterprise computing network an event report. The event report identifies a suspicious network communication between the client computer (210) and a network device. The threat response computer (220) automatically remotely activates a data collector on the client computer (210). The data collector is configured to search potential indications of compromise, IOCs, on the client computer (210) and to send data identifying the potential IOCs to the threat response computer (220) for evaluation. The threat response computer (220) receives the data identifying the potential IOCs on the client computer (210). The threat response computer (220) compares the potential IOCs on the client computer (210) and IOCs in a database (250) local to the threat response computer (220). Based at least in part on the comparing, the threat response computer (220) determines whether the potential IOCs on the client computer (210) indicate evidence of malware on the client computer (210). Responsive to the evidence of malware on the client computer (210), the threat response computer (220) sends an instruction to configure a firewall (410) in the enterprise computing network.