CPC H04L 63/1441 (2013.01) [G06F 16/285 (2019.01); G06F 21/554 (2013.01); H04L 63/0236 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); H04L 47/2425 (2013.01)] | 22 Claims |
1. A computer-implemented method, comprising:
receiving, by an advisement computing system, an indication of a security incident involving a computing device in a first information technology (IT) environment, wherein the first IT environment is associated with a first organization and includes a plurality of computing devices, wherein the advisement computing system provides action recommendations to a plurality of IT environments associated with a plurality of organizations including the first organization, and wherein the security incident indicates a virus present in the first IT environment;
identifying a plurality of action recommendations for responding to the security incident in the first IT environment;
identifying, for each action recommendation of the plurality of action recommendations, an effectiveness measurement indicating an effectiveness of the action recommendation against past occurrences of security incidents involving the virus, wherein the effectiveness measurement for an action recommendation of the plurality of action recommendations based on measuring, by the advisement computing system, whether the virus remained active in a second IT environment of the plurality of IT environments after execution of the action recommendation in the at least one second IT environment, and wherein the effectiveness measurement for the action recommendation of the plurality of action recommendations is further generated at least in part by measuring an effectiveness of the action recommendation against security incidents associated with a same internet protocol (IP) address;
identifying a subset of action recommendations from the plurality of action recommendations based on a respective effectiveness measurement of each action recommendation of the plurality of action recommendations, wherein the subset of action recommendations is less than the plurality of action recommendations;
receiving input selecting an action recommendation from the subset of action recommendations; and
implementing the action recommendation in the IT environment.
|