Automated intelligence graph construction and countermeasure deployment
First Claim
Patent Images
1. A method comprising:
- obtaining, by one or more devices and via a computer network, computer-readable data that includes fundamental data and document data;
preparing, by the one or more devices, a plurality of nodes and a plurality of edges, between the plurality of nodes, by extracting information from the computer-readable data;
storing, by the one or more devices and in a memory, the plurality of nodes and the plurality of edges as a graph;
identifying, by the one or more devices, a subgraph, of the graph, that includes a match to a pattern of attack,identifying the subgraph comprising;
identifying the subgraph after a traversal of at least a portion of the graph is triggered due to data being added to the graph, andthe plurality of nodes including a node associated with common vulnerability and exposure information;
obtaining, by the one or more devices and based on identifying the subgraph, a countermeasure corresponding to the subgraph; and
performing, by the one or more devices and based on the countermeasure, one or more actions for one or more computers impacted by the attack.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing information security threat assessment and amelioration are disclosed. The techniques may include obtaining fundamental data, obtaining document data, preparing fundamental instance nodes from the fundamental data, preparing document nodes from the document data, preparing edges between at least some of the nodes, storing the nodes and the edges in a manner that reflects a graph structure, and causing to be displayed at least a portion of a graph defined by at least one node and at least one edge.
143 Citations
20 Claims
-
1. A method comprising:
-
obtaining, by one or more devices and via a computer network, computer-readable data that includes fundamental data and document data; preparing, by the one or more devices, a plurality of nodes and a plurality of edges, between the plurality of nodes, by extracting information from the computer-readable data; storing, by the one or more devices and in a memory, the plurality of nodes and the plurality of edges as a graph; identifying, by the one or more devices, a subgraph, of the graph, that includes a match to a pattern of attack, identifying the subgraph comprising; identifying the subgraph after a traversal of at least a portion of the graph is triggered due to data being added to the graph, and the plurality of nodes including a node associated with common vulnerability and exposure information; obtaining, by the one or more devices and based on identifying the subgraph, a countermeasure corresponding to the subgraph; and performing, by the one or more devices and based on the countermeasure, one or more actions for one or more computers impacted by the attack. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory; and one or more processors to; obtain, via a computer network, computer-readable data that includes fundamental data and document data; prepare a plurality of nodes and a plurality of edges, between the plurality of nodes, by extracting information from the computer-readable data; store the plurality of nodes and the plurality of edges as a graph; identify a subgraph, of the graph, that includes a match to a pattern of attack, when identifying the subgraph, the one or more processors are to; identify the subgraph after a traversal of at least a portion of the graph is triggered due to data being added to the graph; obtain, based on identifying the subgraph, a countermeasure corresponding to the subgraph; and perform, based on the countermeasure, one or more actions for one or more computers impacted by the attack. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by at least one processor, cause the at least one processor to; obtain, via a computer network, computer-readable data that includes fundamental data and document data; prepare a plurality of nodes and a plurality of edges, between the plurality of nodes, by extracting information from the computer-readable data; store the plurality of nodes and the plurality of edges as a graph; identify, after a traversal of at least a portion of the graph is triggered due to data being added to the graph, a subgraph, of the graph, that includes a match to a pattern of attack; obtain, based on identifying the subgraph, a countermeasure corresponding to the subgraph; and perform, based on the countermeasure, one or more actions for one or more computers impacted by the attack. - View Dependent Claims (15, 16, 17, 18, 19, 20)
Specification