US20260156130
2026-06-04
Electricity
H04L63/1425
A system is designed to detect and remediate computing system breaches by monitoring network traffic. It identifies technology elements within a network and their interrelationships to determine a network topology. Using historical network traffic data, the system predicts potential entry points and pathways for security breaches. This allows it to implement remediation steps to address both current and future breaches, enhancing network security.
The system comprises a memory device with computer-readable code, a communication device, and a processing device. The processing device executes the code to map the network topology, retrieve historical traffic logs, and detect data transfers between upstream and downstream technology elements. It generates a ranked list of likelihood scores for these transfers, indicating potential lateral movement of threats, and implements remediation steps based on these scores.
Detection involves analyzing origin and destination network traffic logs. The system identifies outgoing data transfers from the upstream element and matches them with incoming transfers to the downstream element. It uses hash algorithms for validation, ensuring the integrity of the traffic logs by comparing computed hashes with stored validation hashes.
A graph database is generated to represent the network topology, linking nodes representing upstream and downstream elements through their data transfers. Likelihood scores for these transfers are computed based on parameters like vector intelligence data, data transfer type, and operating system version, which help in assessing the risk of lateral threat movement.
Remediation steps include applying software updates, implementing network segmentation, performing system wipes, and disabling software or hardware elements. These actions are automatically implemented based on the ranked likelihood scores, providing a proactive approach to network security management.