US 11,916,945 B2
Method and apparatus for combining a firewall and a forensics agent to detect and prevent malicious software activity
Eyal Karni, Kochav Yair (IL); Sagi Sheinfeld, Tel Aviv (IL); and Yaron Zinar, Petah Tikva (IL)
Assigned to CrowdStrike, Inc., Sunnyvale, CA (US)
Filed by CrowdStrike, Inc., Sunnyvale, CA (US)
Filed on Jan. 28, 2022, as Appl. No. 17/587,487.
Application 17/587,487 is a continuation of application No. 16/689,702, filed on Nov. 20, 2019, granted, now 11,271,959.
Prior Publication US 2022/0159024 A1, May 19, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); H04L 41/16 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 41/16 (2013.01); H04L 63/0236 (2013.01); H04L 63/10 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A policy management computer system, comprising:
one or more hardware processors; and
memory storing computer-executable instructions that, when executed by the one or more hardware processors, cause the one or more hardware processors to perform operations comprising:
identifying, from among a plurality of machines connected to a network, an originating machine associated with a suspect network activity;
selecting, from among a plurality of pre-existing deployable forensics software agents associated with different types of suspect network activities, a particular forensics software agent configured to collect computer forensics data associated with a type of the suspect network activity, wherein the plurality of pre-existing deployable forensics software agents is stored at the policy management computer system;
deploying, by transmitting deployment data to the originating machine via the network, the selected particular forensics software agent to collect the computer forensics data on the originating machine;
receiving the computer forensics data from the particular deployed forensics software agent; and
determining a response action based on the received computer forensics data.