| CPC H04L 63/1416 (2013.01) [H04L 41/046 (2013.01); H04L 63/0263 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A system for providing an integrated security management framework for an enterprise having a plurality of endpoint devices, each endpoint device comprising a deployed endpoint agent configured to continuously monitor and record activity on the respective endpoint device and further execute one or more sets of detection and response logic rules for managing the detection of, and response to, any activity associated with the respective endpoint device that poses a potential security threat to the enterprise, the system comprising:
a server configured to communicate and exchange data with the one or more of the endpoint devices over a network, the server comprising a hardware processor coupled to non-transitory, computer-readable memory containing instructions executable by the processor to cause the server to:
provide a security management platform comprising an interface with which an authorized user can interact to monitor endpoint agent activity and manage functionality of at least one endpoint agent deployed on one of the one or more endpoint devices;
provide an integrated development environment (IDE) operably coupled to the interface;
receive, from the authorized user via the interface, input comprising custom, declarative programming language input to the IDE to write, develop, and/or modify, on-the-fly, one or more customized sets of detection and response logic rules to be executed by an endpoint agent; and
output, to the endpoint agent, a customized set of detection and response logic rules.
|