The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 02, 2014
Filed:
Jun. 30, 2011
Samir D. Saklikar, Karnataka, IN;
Aditya Kuppa, Karnataka, IN (US);
Dennis Ray Moreau, Providence, RI (US);
Riaz Zolfonoon, Concord, MA (US);
Samir D. Saklikar, Karnataka, IN;
Aditya Kuppa, Karnataka, IN (US);
Dennis Ray Moreau, Providence, RI (US);
Riaz Zolfonoon, Concord, MA (US);
EMC Corporation, Hopkinton, MA (US);
Abstract
Techniques are provided for detecting the source of an APT-based leaked document by iteratively or recursively evaluating a set of network security logs (e.g., SIEM logs and FPC logs) for events consistent with APT behavior according to a set of heuristics to generate a reduced set of security events for consideration by the CIRT. A method of detecting an APT attack on an enterprise system is provided. The method includes (a) receiving, in a computerized device, an indication that a document has been leaked outside the enterprise system, (b) evaluating a log of security events of the enterprise system using a set of heuristics to produce a reduced set of events potentially relevant to the APT attack, and (c) outputting the reduced set of events over a user interface for consideration by a security analysis team. A system and computer program product for performing this method are also provided.