Mandiant, Inc.
Analytic-based security monitoring system and method

Abstract:

An analytics-based security monitoring system adapted to detect a plurality of behavioral characteristics from behavioral data, each representing an action conducted in a computing environment. Furthermore, the system determines, in accordance with a correlation profile, one or more behavioral fragments, each comprising a plurality of the behavioral characteristics. In accordance with the correlation profile, the one or more determined behavioral fragments are correlated against an attack profile comprising a plurality of sets of behavioral fragments where each set of behavioral fragments forms a malicious behavior pattern of a known attack. Thereafter, an attack based on the correlated one or more determined behavioral fragments may be identified, and the correlation profile is updated after an analysis of the identified attack.