Field
Exemplary embodiments generally relate to data security, and more specifically, to a system, a computer readable medium, an apparatus and a method for detecting and preventing security incidents in a computerized environment.
Related Art
Nowadays, as organizations and enterprises get bigger, they are more and more exposed to malicious attacks. Kaspersky® reports detections of over 300,000 different malware variants in a single day. The United Kingdom government reports over 100,000 cyber-attacks on British companies every day.
In order to identify such attacks, a number of different anti-virus applications are currently available. Such anti-virus applications force security teams of large enterprises to manage thousands of new alerts every day, when responding to a single alert may take days, weeks and sometimes months.
These applications must be deployed into a computerized environment and attempt to identify malicious activity within the network. Other solutions may also be known. For example, anti-virus solutions that detect and remove known viruses by identifying “signatures” of such viruses may be available. The majority of these solutions rely upon a basic engine that searches suspect files for the presence of predetermined virus signatures. However, these related art solutions for identifying security incidents are not effective enough and malicious activity may go undetected.
In the view of the shortcoming of related art, it would be advantageous to provide an efficient solution for detecting security incidents in a computerized environment by automatically validating security alerts. It would further be advantageous if such solution shall further enable a real-time assessment of damages resulted from a security incident.