×

Identifying security risks via analysis of multi-level analytical records

  • US 10,592,837 B2
  • Filed: 04/21/2017
  • Issued: 03/17/2020
  • Est. Priority Date: 04/21/2017
  • Status: Active Grant
First Claim
Patent Images

1. One or more devices, comprising:

  • one or more memories,one or more processors, communicatively coupled to the one or more memories, to;

    receive data associated with a plurality of data objects from a plurality of computing resources,the plurality of computing resources being connected via a computer network,the plurality of computing resources including one or more applications,the plurality of data objects identifying values relating to a plurality of entities for which a security risk indicator is to be determined,the plurality of data objects being associated with user generated content including one or more of;

    a document,a webpage,a weblog post,a social media account post,an email,an image file,an audio file, ora video file,the plurality of entities being associated with one or more computing resources, of the plurality of computing resources;

    process the plurality of data objects to generate a multi-level analytical record,the multi-level analytical record identifying relationships between respective values of different data objects of the plurality of data objects, andthe multi-level analytical record being based on one or more types of entities associated with the plurality of entities, the plurality of data objects, and one or more hierarchical relationships between the plurality of entities;

    determine the security risk indicator based on the multi-level analytical record,the security risk indicator corresponding to one or more entities of the plurality of entities, andthe security risk indicator being determined based on one or more tests including at least one of;

    a comparison between the multi-level analytical record and a data structure that identifies expected values of one or more data objects of the plurality of data objects,an identification of a group of entities, of the plurality of entities, and an outlier from the group of entities based on the multi-level analytical record, oran identification of a change in behavior of the one or more entities based on the multi-level analytical record;

    identify a security risk contribution score for a particular entity, of the plurality of entities, based on the security risk indicator and frequency of interactions with related entities,the security risk contribution score indicating that the particular entity is a central entity in a risky behavior pattern associated with the related entities,the central entity being associated with a highest security vulnerability compared to other entities, of the plurality of entities; and

    automatically perform, based on identifying the security risk contribution score, a remediation action,the remediation action including at least one of;

    deactivating the particular entity,performing a security process with regard to the particular entity,reconfiguring the particular entity, orblocking the other entities from interacting with the particular entity.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×