CPC H04L 63/145 (2013.01) [H04L 63/0227 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A system for threat detection, the system comprising:
a gateway in a computer network of an enterprise, the gateway configured to detect a request for network traffic from an endpoint in the enterprise, the request including a destination address and the request containing a violation of a network policy for the enterprise, the gateway further configured to identify the endpoint that originated the request, and to query the endpoint to determine a first instance of a source of the request on the endpoint; and
a threat management facility for managing the enterprise, the threat management facility coupled in a communicating relationship with the gateway, and the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain a second instance of the source of the request, and to cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints.
|