US 11,736,442 B2
Handling security events based on remediation actions and recovery actions
Balasubrahmanyam Gattu, San Ramon, CA (US); Sreedhar Annamalai, Weston, MA (US); Sean Michael Quinlan, Duvall, WA (US); and David Murray Schmidt, Sarnia (CA)
Assigned to BlackBerry Limited, Waterloo (CA)
Filed by BlackBerry Limited, Waterloo (CA)
Filed on Apr. 14, 2021, as Appl. No. 17/230,617.
Prior Publication US 2022/0337554 A1, Oct. 20, 2022
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0263 (2013.01) 6 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, by a security gateway, a security event notification associated with a device;
determining, by the security gateway and based on the security event notification, a risk level of the device;
determining, by the security gateway and based on the risk level, a set of remediation actions and recovery actions, wherein the determining the set of remediation actions and recovery actions comprises:
determining a plurality of remediation actions corresponding to the risk level based on a first mapping relationship between multiple risk levels and multiple remediation actions:
determining, a plurality of recovery actions based on a second mapping relationship, wherein each of the determined plurality of recovery actions corresponds to at least one of the determined plurality of remediation actions according to the second mapping relationship, and wherein each of the determined plurality of recovery actions recovers the at least one of the determined plurality of remediation actions applied to the device; and
generating an action plan, wherein the action plan includes the determined plurality of remediation actions and the determined plurality of recovery actions; and
sending, by the security gateway, the action plan including the determined plurality of remediation actions and the determined plurality of recovery actions, wherein the action plan provides a restoration operation of the device based on the determined plurality of recovery actions.