Cloud based systems and methods for determining and visualizing security risks of companies, users, and groups
First Claim
1. A method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies, the method comprising:
- obtaining log data from the distributed security system, wherein the log data includes, for a plurality of users, threat types and block reasons by the distributed security system;
aggregating the log data to determine threats based on the threat types and block reasons for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company;
categorizing the threats for the entity to map behavior of the entity to pre-infection behavior, post-infection behavior, and suspicious behavior;
analyzing the threats to obtain a risk score for the entity, wherein the risk score is a weighted combination of the pre-infection behavior, the post-infection behavior, and the suspicious behavior;
performing one or more remedial actions for the entity; and
subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
-
Citations
17 Claims
-
1. A method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies, the method comprising:
-
obtaining log data from the distributed security system, wherein the log data includes, for a plurality of users, threat types and block reasons by the distributed security system; aggregating the log data to determine threats based on the threat types and block reasons for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company; categorizing the threats for the entity to map behavior of the entity to pre-infection behavior, post-infection behavior, and suspicious behavior; analyzing the threats to obtain a risk score for the entity, wherein the risk score is a weighted combination of the pre-infection behavior, the post-infection behavior, and the suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A distributed security system configured to determine and address risk of users, groups of users, locations, and/or companies, the distributed security system comprising:
-
one or more cloud nodes configured to monitor for security threats and maintain logs of transactions; and one or more servers each comprising memory storing instructions that, when executed, cause a processor to obtain log data from the distributed security system, wherein the log data includes, for a plurality of users, threat types and block reasons by the distributed security system; aggregate the log data to determine threats based on the threat types and block reason for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company; categorize the threats for the entity to map behavior of the entity to pre-infection behavior, post-infection behavior, and suspicious behavior; analyze the threats to obtain a risk score for the entity, wherein the risk score is a weighted combination of the pre-infection behavior, the post-infection behavior, and the suspicious behavior; perform one or more remedial actions for the entity; and subsequently obtain updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A log node in a distributed system configured to determine and address risk of users, groups of users, locations, and/or companies, the log node comprising:
-
a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to obtain log data from the distributed security system, wherein the log data includes, for a plurality of users, threat types and block reasons by the distributed security system; aggregate the log data to determine threats based on the threat types and block reason for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company; categorize the threats for the entity to map behavior of the entity to pre-infection behavior, post-infection behavior, and suspicious behavior; analyze the threats to obtain a risk score for the entity, wherein the risk score is a weighted combination of the pre-infection behavior, the post-infection behavior, and the suspicious behavior; cause or suggest performance one or more remedial actions for the entity; and subsequently obtain updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
-
Specification