1. Field of the Invention
The present invention relates to systems, computer programs, and methods of providing computer and network security. More particularly, the present invention relates to a system, computer program, and method of providing an automatic cooperative response ability to substantially all of a plurality of members of a domain in light of a detected threat or other suspicious activity.
2. Description of the Prior Art
It is often desirable in a host or network-based domain comprising a plurality members to provide security mechanisms operable to identify and respond to detected threats or other suspicious activity that indicate an attempt to compromise the domain's integrity. Threatening activity may include, for example, activity indicative of either a denial of service attack or brute force password testing and probing in an attempt to gain unauthorized access.
A variety of systems, computer programs, and methods of providing such security are known in the art. Host-based intrusion detection systems (IDSs), are known, for example, that attempt to identify threatening activity and generate a corresponding alert. Unfortunately, a separate instance of the IDS must reside on each member of the domain, which substantially negatively impacts each member's available processing, storage, and other computing resources. Furthermore, IDSs only communicate threatening activity without centrally logging it. Savvy attackers will delete or modify these logs after successfully gaining access to the member, thereby erasing and eliminating any record of the attack and the attacker's presence.
Additionally, when the IDS detects threatening activity, it merely communicates an alert to an administrator. The administrator must then determine and implement an appropriate response, possibly requiring that all IDS probes be separately reconfigured in order to increase security. If the network includes devices having different natures, values, or risk tolerances or members that are administratively or otherwise isolated, then valuable time may be lost while assessments are made, appropriate personnel contacted, and responses implemented.
Due to the above-identified and other problems and disadvantages in the art, a need exists for an improved system, computer program, or method for providing host-based or network-based domain security.