Distributed digital security system
摘要
說明書
The pattern repository 112 can store behavior patterns 142 that define patterns of one or more events that can be detected and/or processed using the distributed security system 100, A behavior pattern 142 can identify a type of event, and/or a series of events of one or more types, that represent a behavior of interest. For instance, a behavior pattern 142 can identify a series of events that may be associated with malicious activity on a client device 104, such as when malware is executing on the client device 104, when the client device 104 is under attack by an adversary who is attempting to access or modify data on the client device 104 without authorization, or when the client device 104 is subject to any other security threat.
In some examples, a behavior pattern 142 may identify a pattern of events that may occur on more than one client device 104. For example, a malicious actor may attempt to avoid detection during a digital security breach by causing different client devices 104 to perform different events that may each be innocuous on their own, but that can cause malicious results in combination. Accordingly, a behavior pattern 142 can represent a series of events associated with behavior of interest that may occur on more than one client device 104 during the behavior of interest. In some examples, cloud instances of the compute engine 102 may be configured to identify when event data 122 from multiple client devices 104 collectively meets a behavior pattern 142, even if events occurring locally on any of those client devices 104 individually would not meet the behavior pattern 142.
