CPC G06F 21/577 (2013.01) [G06F 21/554 (2013.01); G06F 21/566 (2013.01); G06F 21/568 (2013.01)] | 19 Claims |
1. A computing system comprising:
a malicious activity detection system configured to detect malicious activity representing an unauthorized user access in an execution environment;
a remediation action execution system configured to execute an intrusion remediation action in the execution environment in response to detection of the malicious activity; and
a remediation validation system configured to:
automatically generate, based on a scheduling criterion, an isolated computing environment that
includes at least one machine selected from a plurality of machines in the execution environment based on a selection criterion, and
is isolated from the execution environment in which the malicious activity detection system is configured to detect the malicious activity,
set a test condition in the isolated computing environment, the test condition representing the malicious activity,
execute the intrusion remediation action in the isolated computing environment,
generate an efficacy indicator that indicates a remediation action efficacy based on execution of the intrusion remediation action in the isolated computing environment, and
generate an indication of a remediation action validation based on the efficacy indicator.
|