| CPC H04L 63/1425 (2013.01) [G06F 8/61 (2013.01); G06F 9/44526 (2013.01); H04L 41/046 (2013.01); H04L 41/0893 (2013.01); H04L 41/16 (2013.01); H04L 63/08 (2013.01); H04L 63/102 (2013.01); H04L 63/104 (2013.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 63/205 (2013.01); H04L 67/10 (2013.01); H04L 67/34 (2013.01); H04L 41/12 (2013.01); H04L 41/145 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for protecting security of an elastic computer network, the elastic computer network comprising one or more endpoint devices and an enterprise network, the computer-implemented method comprising:
monitoring, by a central manager computing system, through each autonomous software agent of a plurality software agents operating on the one or more endpoint devices forming the elastic computer network, one or more network communications of a corresponding endpoint device to obtain endpoint data, wherein the one or more endpoint devices comprise one or more cellphones, servers, virtual machines, laptops, tablets, desktop computers, Internet of Things (IoT) devices, wearable devices, or smart home devices, wherein the one or more endpoint devices are organized into one or more logical groupings;
receiving, by the central manger computing system, the endpoint data transmitted by each software agent through an electronic communications network, wherein the endpoint data is configured to allow the central manager computing system to identify network access behaviors or processor behaviors of the one or more endpoint devices;
analyzing, by the central manager computing system, the endpoint data;
identifying, by the central manager computing system, one or more anomalous indicators on one or more endpoint devices based at least in part on the analyzed endpoint data;
transmitting, by the central manager computing system, one or more alerts through the electronic communications network, the one or more alerts based on the one or more anomalous indicators;
generating, by the central manager computing system, a visualization of one or more network characteristics related to security and network management functionalities, the generating the visualization based at least in part on the identification of the one or more anomalous indicators on the one or more endpoint devices, the visualization configured for display to a user via a dynamic user interface;
receiving, by the central manager computing system from a user via the dynamic user interface, one or more user inputs, the one or more user inputs comprising commands for responding to the one or more anomalous indicators on the one or more endpoint devices; and
responding, by the central manager computing system, to the one or more anomalous indicators based at least in part on the one or more user inputs comprising commands for responding to the one or more anomalous indicators, wherein the responding comprises limiting one or more operating system processes or network communications of the one or more endpoint devices,
wherein the one or more endpoint devices and the central manager computing system comprise one or more electronic processors and one or more electronic data stores.
|