Dynamically adjusting a model for a security operations center
First Claim
1. A method for dynamically adjusting a model for a security operations center (SOC), the method being implemented in a computer system composing a physical processor, the method comprising:
- constructing a customer storage model over a set of time periods for a customer based on a set of resources of the SOC, a storage distribution model receiver from the customer related to expected usage of the set of resources, and a threat landscape for the customer;
revising the customer storage model for a second time period of the set of time periods based on actual storage use of the customer during a first time period of the set of time periods, and a projection of an amount of data to be consumed in the second time period based on the threat landscape; and
revising allocation of the resources in the SOC before the second time period based on the revision to the customer storage model.
2 Assignments
0 Petitions
Accused Products
Abstract
Examples relate to dynamically adjusting a model for a security operations center (“SOC”). As such, the examples disclosed herein enable constructing a customer storage model over a set of time periods for a customer based on a set of resources of the SOC, a storage distribution model received from the customer related to expected usage of the set of resources, and a threat landscape for the customer. The customer storage model may be revised for a second time period based on actual storage use of the customer during a first time period, and a projection of an amount of data to be consumed in the second time period based on the threat landscape. Allocation of the resources in the SOC may be revised for the second time period based on the revision to the customer storage model.
17 Citations
15 Claims
-
1. A method for dynamically adjusting a model for a security operations center (SOC), the method being implemented in a computer system composing a physical processor, the method comprising:
-
constructing a customer storage model over a set of time periods for a customer based on a set of resources of the SOC, a storage distribution model receiver from the customer related to expected usage of the set of resources, and a threat landscape for the customer; revising the customer storage model for a second time period of the set of time periods based on actual storage use of the customer during a first time period of the set of time periods, and a projection of an amount of data to be consumed in the second time period based on the threat landscape; and revising allocation of the resources in the SOC before the second time period based on the revision to the customer storage model. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for dynamically adjusting a model for a security operations center (SOC), system comprising:
a physical processor implementing machine readable instructions that cause the system to; manage a first customer storage model over a set of time periods for a first customer based on a set of resources of the SOC, a first storage distribution model received from the first customer related to expected usage of the set of resources, and a first threat landscape for the first customer; manage a second customer storage model over the set of time periods for a second customer based on the set of resources of the SOC, a second storage distribution model received from the second customer related to expected usage of the set of resources, and a second threat landscape for the second customer; revise the first customer storage model for a second time period of the set of time periods based on first actual storage use of the first customer, and a first projection of data to be consumed in the second predetermined time period based on the first threat landscape; and revise allocation of the resources in the SOC at the second time period based on the revision to the first customer storage model. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A non-transitory machine-readable storage medium comprising instructions for dynamically adjusting a model for a security operations canter (SOC), the instructions executable by a processor of a computing device to:
-
receive, from a first customer, a first storage distribution model that comprises information related to expected usage of a set of resources of the SOC over a set of time periods for the customer, wherein the expected usage of the set of resources composes an average amount of usage, a maximum amount of usage and a minimum amount of usage for each of the set of time periods; manage a first customer storage model over the sot of time periods for the first customer based on the set of resources of the SOC, the received first storage distribution model and a first threat landscape for the first customer; revise the first customer storage model for a second predetermined time period of the set of time periods based on first actual storage use of the first customer, and a first projection of data to be consumed in the second predetermined time period based on the first threat landscape; and determine whether to revise allocation of the resources in the SOC at the second time period based on the revision to the first customer storage model and a first customer storage policy of the first customer. - View Dependent Claims (15)
-
Specification