| CPC H04L 63/1425 (2013.01) [G06F 21/64 (2013.01); G06N 20/00 (2019.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 21 Claims |
|
1. A system comprising:
a memory; and
at least one processor to:
continuously store, as machine learning training data, metadata results associated with a previous cyber-attack, a previous inspection class policy definition at a time of the previous cyber-attack, and a result of a previous data protection operation taken upon indication of the previous cyber-attack;
continuously monitor for a new security condition or event;
detect the new security condition or event;
determine an appropriate inspection class policy from a plurality of inspection class policies based on the new security condition or event, each inspection class policy of the plurality of inspection class policies comprising a data structure specifying:
a specific event or condition that triggers a particular class of inspection operation;
a specific class of inspection tool to be used for the particular class of inspection operation;
a specific type of data on which the particular class of inspection operation is to be performed; and
a specific level of inspection to be performed with the specific class of inspection tool;
based on the determined inspection class policy and the machine learning training data, determine the specific class of inspection tool from a plurality of classes of inspection tools and the specific level of inspection from a plurality of different levels of inspection for the new security condition or event; and
execute the specific class of inspection tool with the specific level of inspection on a particular data object of the specific type of data to be inspected.
|