The present disclosure relates generally to threat detection, and more particularly, to techniques (e.g., systems, methods, computer program products storing code or instructions executable by one or more processors) for analyzing security events using dynamic policies and displaying a consolidated view of active threats and user activity including the dynamic policies being triggered by the active threats and user activity.
Computer networks have become important tools for modern business. Today a large amount of information is stored in and accessed across such networks by users throughout the world. Much of this information is, to some degree, private or confidential and protection of the information is required. Not surprisingly then, various network security monitor devices have been developed to help uncover attempts by unauthorized persons and/or devices to gain access to computer networks and the information stored therein.
Network security products largely include Intrusion Detection Systems (IDSs), which can be Network or Host based (NIDS and HIDS respectively). Other network security products include firewalls, router logs, and various other event reporting devices. Due to the size of their networks, many enterprises deploy hundreds or thousands of these products through-out their networks. Thus, network security personnel are bombarded with alarms representing possible security threats. Most enterprises do not have the resources or the qualified personnel to individually attend to all of the received alarms.
Therefore, techniques for analyzing security events and providing a threat visualization that presents real-time data analytics in a manner that is easily understandable to an end user is desired.