Automated Mitigation of Electronic Message Based Security Threats

An example embodiment may include a security enforcement point device disposed within a managed network and a security decision point device disposed within a computational instance of a remote network management platform. The security decision point device may be configured to: receive a message by...

Full description

Saved in:
Bibliographic Details
Main Authors Watson, Eun-Sook, DiCorpo, Phillip, Bernal, Jose
Format Patent
LanguageEnglish
Published 04.04.2019
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:An example embodiment may include a security enforcement point device disposed within a managed network and a security decision point device disposed within a computational instance of a remote network management platform. The security decision point device may be configured to: receive a message by way of the managed network; parse the message to identify observable indicators of one or more of the security threats, where the observable indicators include at least one of a network addresses, a hyperlink, or a representation of an attached file; remotely query a security threat database for the observable indicators; receive, from the security threat database, an indication that the observable indicators are associated with a particular security threat, and transmit, to the security enforcement point device, a command to update its associated security policy such that the particular security threat is mitigated.
Bibliography:Application Number: US201715722966