Distributed digital security system
摘要
說明書
In some examples, security agents 108 on client devices 104 can include a bounding manager 128 that can control how much event data 122, and/or what types of event data 122, the security agents 108 ultimately send to the security network 106. The bounding manager 128 can accordingly prevent the security network 106 from being overloaded with event data 122 about every locally-occurring event from every client device 104, and/or can limit the types of event data 122 that are reported to the security network 106 to data that may be more likely to be relevant to cloud processing, as will be described further below. In some examples, a bounding manager 128 can also mark-up event data 122 to indicate one or more reasons why the event data 122 is being sent to the security network 106, and/or provide statistical information to the security network 106. The bounding manager 128, and operations of the bounding manager 128, are discussed further below with respect to
Cloud elements such as the compiler 114, the bounding service 118, and/or the experimentation engine 120 can generate configurations 132 for other elements of the distributed security system 100. Such configurations 132 can include configurations 132 for local and/or cloud instances of the compute engine 102, configurations 132 for local bounding managers 128, and/or configurations 132 for other elements. Configurations 132 can be channel files, executable instructions, and/or other types of configuration data.
