Patent attributes
The endpoint agent detects a cyber threat on an end-point computing device. The endpoint agent on the computing device has a communications module that communicates with a cyber defense appliance. A collections module monitors and collects pattern of life data on processes executing on the end-point computing-device and users of the end-point computing-device. The communications module sends the pattern of life data to the cyber defense appliance installed on a network. The cyber defense appliance at least contains one or more machine-learning models to analyze the pattern of life data for each endpoint agent connected to that cyber defense appliance. The endpoint agent and the cyber defense appliance may trigger one or more actions to be autonomously taken to contain a detected cyber threat when a cyber-threat risk score is indicative of a likelihood of a cyber-threat is equal to or above an actionable threshold.
