Pervasive, domain and situational-aware, adaptive, automated, and coordinated big data analysis, contextual learning and predictive control of business and operational risks and security
First Claim
1. A computer-implemented method for analyzing, learning, predicting, and controlling business and operational risk of an enterprise, comprising:
- conforming elemental processes in an enterprise-wide computer network to a processor-implemented self-similar structure comprising a plurality of data acquisition, analysis, learning, and inference applications, and business processes spread over a plurality of domains, said domains comprising any of operational processes and systems, information technology (IT) systems, and security systems;
representing elemental business and operational processes in each domain as a network supporting exchange of a transaction value that represents operational events or actions, wherein all elementary business processes in all of said domains are conceptually and logically interconnected and structurally similar to each other;
wherein the elemental processes in an enterprise are based on any of a physical or logical network, a conceptual network, and organizational structures;
wherein each element is represented by a node, and each of its relations or interactions with other elements is represented by an edge, the enterprise network having multiple types of nodes and multiple edges between nodes representing different types of relations and interactions between them, structural and functional; and
for all connected nodes, extending self-similarity to all layers in said network, wherein a smallest element is structurally any of a single data acquisition element, sensor, analysis, learning element, decision making element, actuator, and compute element, each element functionally supporting a single transaction between two elemental nodes;
acquiring data, organizing said data in tabular and networked graph data sets, and identifying statistically significant patterns and learning correlations in multiple dimensions and connected elements;
analyzing said organized data sets in different dimensions by correlating said data sets in a context of structural information concerning network, business processes, data sets, and other information comprising domain knowledge;
inferring normative and anomalous distribution of data in full enterprise systemic context across connected data sets of the enterprise network and multiple dimensions of transactional data representing operational events and business activities;
performing pervasive and persistent business risk and operational efficiency analysis to adapt to evolving situational knowledge and intelligence comprising any of normative and anomalous relationships and connections extracted from current and historical data, data values, distribution and patterns in data sets, and state information and activities in operational technology (OT) systems, IT systems, and security systems (ST);
providing autonomous and adaptive business and operational control capabilities, and enhanced business efficiency of target systems, subsystems, and elements at a plurality of hierarchical levels of said networks, wherein said hierarchical levels range from an entire enterprise-wide network and correlated data sets at a highest level to a single data transaction at a lowest level;
analyzing real-time transactions, incoming values in data sets, state information, and activities on said network elements, as well as elements of underlying enterprise business processes that are affected if and when security of an element is breached or business process efficiency is compromised and deviates from normative distribution; and
dynamically adapting said operational analysis and control capabilities, and efficiency at selected hierarchical levels and at selected time scales in response to enterprise data driven situational awareness and knowledge about domain specific normative models that is relevant to said OT, IT, and ST systems, as well as to subsystems and elements of said systems with regard to said underlying business processes.
1 Assignment
0 Petitions
Accused Products
Abstract
Real time security, integrity, and reliability postures of operational (OT), information (IT), and security (ST) systems, as well as slower changing security and operational blueprint, policies, processes, and rules governing the enterprise security and business risk management process, dynamically evolve and adapt to domain, context, and situational awareness, as well as the controls implemented across the operational and information systems that are controlled. Embodiments of the invention are systematized and pervasively applied across interconnected, interdependent, and diverse operational, information, and security systems to mitigate system-wide business risk, to improve efficiency and effectiveness of business processes and to enhance security control which conventional perimeter, network, or host based control and protection schemes cannot successfully perform.
88 Citations
24 Claims
-
1. A computer-implemented method for analyzing, learning, predicting, and controlling business and operational risk of an enterprise, comprising:
-
conforming elemental processes in an enterprise-wide computer network to a processor-implemented self-similar structure comprising a plurality of data acquisition, analysis, learning, and inference applications, and business processes spread over a plurality of domains, said domains comprising any of operational processes and systems, information technology (IT) systems, and security systems; representing elemental business and operational processes in each domain as a network supporting exchange of a transaction value that represents operational events or actions, wherein all elementary business processes in all of said domains are conceptually and logically interconnected and structurally similar to each other; wherein the elemental processes in an enterprise are based on any of a physical or logical network, a conceptual network, and organizational structures; wherein each element is represented by a node, and each of its relations or interactions with other elements is represented by an edge, the enterprise network having multiple types of nodes and multiple edges between nodes representing different types of relations and interactions between them, structural and functional; and for all connected nodes, extending self-similarity to all layers in said network, wherein a smallest element is structurally any of a single data acquisition element, sensor, analysis, learning element, decision making element, actuator, and compute element, each element functionally supporting a single transaction between two elemental nodes; acquiring data, organizing said data in tabular and networked graph data sets, and identifying statistically significant patterns and learning correlations in multiple dimensions and connected elements; analyzing said organized data sets in different dimensions by correlating said data sets in a context of structural information concerning network, business processes, data sets, and other information comprising domain knowledge; inferring normative and anomalous distribution of data in full enterprise systemic context across connected data sets of the enterprise network and multiple dimensions of transactional data representing operational events and business activities; performing pervasive and persistent business risk and operational efficiency analysis to adapt to evolving situational knowledge and intelligence comprising any of normative and anomalous relationships and connections extracted from current and historical data, data values, distribution and patterns in data sets, and state information and activities in operational technology (OT) systems, IT systems, and security systems (ST); providing autonomous and adaptive business and operational control capabilities, and enhanced business efficiency of target systems, subsystems, and elements at a plurality of hierarchical levels of said networks, wherein said hierarchical levels range from an entire enterprise-wide network and correlated data sets at a highest level to a single data transaction at a lowest level; analyzing real-time transactions, incoming values in data sets, state information, and activities on said network elements, as well as elements of underlying enterprise business processes that are affected if and when security of an element is breached or business process efficiency is compromised and deviates from normative distribution; and dynamically adapting said operational analysis and control capabilities, and efficiency at selected hierarchical levels and at selected time scales in response to enterprise data driven situational awareness and knowledge about domain specific normative models that is relevant to said OT, IT, and ST systems, as well as to subsystems and elements of said systems with regard to said underlying business processes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented operational risk and business security big data driven analysis, learning, predicting, and control decision inference method, comprising:
-
providing a processor-implemented self-similar structure comprising a plurality of monitored and controlled elements (MCE) for each of a plurality of networks comprising any of a supply chain, production planning, demand forecast, inventory management, hospital clinical flow, clinical claims paid, and hospital admission and discharge; deploying security and operation data and transaction monitoring, acquisition, analysis, learning, prediction, and inference pervasively around each MCE to monitor, analyze, and learn about said MCE'"'"'s structural connections and functional interactions with other MCEs, said security monitoring providing situational intelligence and computing short and long term business risk control decisions and security posture information from each producing MCE with other consuming MCEs; based upon said self-similar structure, monitoring, analyzing, learning, and predicting security and operational risk state, said operational risk state comprising any of supply chain starvation, decreasing customer pull, uncorrelated order placement, security breach at a production site server, and inferring and adjusting control postures of all MCEs corresponding to various topological and structural attributes comprising any of geographical, organizational, and temporal hierarchies within a distributed architecture; and pervasively monitoring security and operational data and patterns comprising any of intrusion events and data changes, statistically significant changes in states and functions, business outcomes comprising any of customer demand, inventory holding cost, product pricing, hospital resource utilization, and patient readmission rate and operational data comprising any of production level, operator attendance, raw material inventories, hospital resource availability and capacity, and lab tests ordered and medications prescribed and adaptively reconfiguring security and operation control capabilities, capacities, and operational parameters, ranges and thresholds at selected hierarchical levels and at selected time scales in response to enterprise situational knowledge that is relevant to networks of operational technology (OT) systems, information technology (IT) systems, and security systems (ST), as well as subsystems and elements of said networks with regard to underlying business processes, wherein said hierarchical levels range from an entire enterprise-wide network and business operation at a highest level to a single sensor, processor, or actuator, and information transaction at a lowest level; providing an operational security and business risk analysis engine algorithmically processing, learning, and correlating elemental, systemic, and cross-domain situational intelligence, and cross-correlating data sets to logically and mathematically predict, validate, rank, and order situational operation security and business risk in a context comprising historical situational knowledge and domain knowledge about physical and underlying operational, business and security processes and systems, both structurally and functionally; and inferring and producing a dynamic decision output based on the operational policies, process and rules, constraints, configurations, trigger parameters, and ranges for implemented rules and processes for reporting and controlling enterprise operation, business, and security risk management and for providing real-time and dynamic input back into coordinated learning and updating of said situational intelligence, situational knowledge, and domain knowledge. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented networked business risk and operational security big data driven analysis, learning, prediction and control method, comprising:
-
providing an enterprise-wide computer network; and providing a plurality of clusters of subsystems in said network, each subsystem comprising a plurality of lower level subsystems and individual computers and data analysis, learning, prediction and control applications, said individual computers and data analysis, learning, prediction and control applications, in turn, comprising a plurality of other smaller monitored and controlled elements (MCE) comprising any of computers, sensors, data acquisition, storage, analysis, learning, and business risk and operational security prediction and control systems at every level within the enterprise-wide computer network, and underlying business processes; wherein each cluster comprises one or more computers designated as a server or client, wherein said computers within each cluster communicate with each other through physical network configurations and logical messaging structures, wherein a computer comprises any of a real computer and a virtual computer; and providing a conceptual and computational model of situational knowledge, business risk and security control knowledge in a formal, machine-interpretable form comprising a combination of tabular data set and node-and-edge graphs; wherein columns in the table and nodes in the graphs represent any of monitored data, transaction values, message content and meta-data, operational events, and security activity comprising situational data as well as business risk and operational security control policy and rule related facts and data elements; wherein edges in the graph represent structural connection and functional interaction among situational data elements as discovered in the data, transaction, and exchanged messages as well as known structural connections and dependencies among facts and data elements representing risk control policies and security rules; wherein nodes have attributes and values representing properties of the elements representing the node as well as attributes and values comprising thresholds and ranges representing properties of elements comprising risk control policy and security rule nodes; wherein nodes comprise any of multiple types, said types comprising any of suppliers, raw materials, customers, finished products, production operators, manufacturing machines representing the situational knowledge about supply chain or physicians, patients, lab tests, diagnosed diseases, prescribed medications, all representing situational knowledge about clinical work flow or payment processing flow in a hospital business; wherein node attribute values are found or discovered in transactions, messages, data patterns, and statistical derivation; wherein edges have label attributes representing relations and interconnections between nodes as well as dependencies among risk control policy and security rule nodes, and values representing statistical probability, strength of relationships, threshold of dependency and frequency of interactions as discovered in data, transactions, and exchanged messages; and wherein multiple edges exist between a same pair of nodes representing different types of relations, dependencies and interactions between the nodes as discovered in the data, both structural and functional; providing a conceptual and computational model of domain knowledge comprising any of structural and correlational data patterns between any of goods and raw material, geo location and lead time of suppliers, lead time and inventory holding cost, machine failure and on-time delivery miss, and market factors and demand pull variance by customers for supply chain business risk analysis or between seasonality, patient age, and patient volume and admission causes in a hospital, between physician specialty, disease diagnosis accuracy, and clinical cost and outcome for clinical operation risk analysis. - View Dependent Claims (21, 22, 23, 24)
-
Specification