Adaptive remediation of multivariate risk

US 10,642,996 B2
Filed: 07/25/2018
Issued: 05/05/2020
Est. Priority Date: 07/26/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for adaptively remediating multivariate risk by performing a multivariate risk remediation operation, the multivariate risk remediation operation improving processor efficiency by adaptively remediating a risk, comprising:

providing a multivariate security policy, the multivariate security policy comprising a plurality of security policy elements, each of the plurality of security policy elements comprising an associated a variable such that the multivariate security policy comprises a plurality of variables;

processing each of the plurality of security policy elements to generate a plurality of risk score values, the respective risk score value of each of the plurality of security policy elements providing a multivariate risk score;

detecting a violation of the multivariate security policy, the violation of the multivariate security policy occurring when a respective risk score value of the multivariate risk score meets or exceeds a particular multivariate risk score;

identifying a variable from the plurality of variables associated with a cause of the violation;

associating an entity with the variable associated with the cause of the violation; and

,adaptively remediating a risk associated with the entity, the adaptively remediating the risk performing a remediation operation commensurate with a characteristic of the risk, the characteristic of the risk being represented by at least one respective scoring value, the remediation operation mitigating an effect of the risk.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.

56 Citations

View as Search Results

20 Claims

1. A computer-implementable method for adaptively remediating multivariate risk by performing a multivariate risk remediation operation, the multivariate risk remediation operation improving processor efficiency by adaptively remediating a risk, comprising:
- providing a multivariate security policy, the multivariate security policy comprising a plurality of security policy elements, each of the plurality of security policy elements comprising an associated a variable such that the multivariate security policy comprises a plurality of variables;
  
  processing each of the plurality of security policy elements to generate a plurality of risk score values, the respective risk score value of each of the plurality of security policy elements providing a multivariate risk score;
  
  detecting a violation of the multivariate security policy, the violation of the multivariate security policy occurring when a respective risk score value of the multivariate risk score meets or exceeds a particular multivariate risk score;
  
  identifying a variable from the plurality of variables associated with a cause of the violation;
  
  associating an entity with the variable associated with the cause of the violation; and
  
  ,adaptively remediating a risk associated with the entity, the adaptively remediating the risk performing a remediation operation commensurate with a characteristic of the risk, the characteristic of the risk being represented by at least one respective scoring value, the remediation operation mitigating an effect of the risk.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - configuring the multivariate security policy by setting parameters of the plurality of variables.
  - 3. The method of claim 1, wherein:
    - the multivariate security policy comprises a rule and an action associated with a particular user; and
      
      ,each of the plurality of variables is associated with the rule and the action of the multivariate security policy for the particular user.
  - 4. The method of claim 3, wherein:
    - at least some of the plurality of variables comprise risk-adaptive user behavior factors.
  - 5. The method of claim 1, wherein:
    - detecting the violation of a multivariate security policy comprises analyzing a plurality of combinations of variables and events.
  - 6. The method of claim 5, wherein:
    - analyzing the plurality of combinations of variables and events comprise at least one ofanalyzing two sets of variables associated with a single entity;
      
      analyzing two sets of variables associated with two entities; and
      
      ,analyzing one set of variables associated with two entities.

7. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code for adaptively remediating multivariate risk by performing a multivariate risk remediation operation, the multivariate risk remediation operation improving processor efficiency by adaptively remediating a risk, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  providing a multivariate security policy, the multivariate security policy comprising a plurality of security policy elements, each of the plurality of security policy elements comprising an associated a variable such that the multivariate security policy comprises a plurality of variables;
  
  processing each of the plurality of security policy elements to generate a plurality of risk score values, the respective risk score value of each of the plurality of security policy elements providing a multivariate risk score;
  
  detecting a violation of the multivariate security policy, the violation of the multivariate security policy occurring when a respective risk score value of the multivariate risk score meets or exceeds a particular multivariate risk score;
  
  identifying a variable from the plurality of variables associated with a cause of the violation;
  
  associating an entity with the variable associated with the cause of the violation; and
  
  ,adaptively remediating a risk associated with the entity, the adaptively remediating the risk performing a remediation operation commensurate with a characteristic of the risk, the characteristic of the risk being represented by at least one respective scoring value, the remediation operation mitigating an effect of the risk.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the instructions executable by the processor are further configured for:
    - configuring the multivariate security policy by setting parameters of the plurality of variables.
  - 9. The system of claim 7, wherein:
    - the multivariate security policy comprises a rule and an action associated with a particular user; and
      
      ,each of the plurality of variables is associated with the rule and the action of the multivariate security policy for the particular user.
  - 10. The system of claim 9, wherein:
    - at least some of the plurality of variables comprise risk-adaptive user behavior factors.
  - 11. The system of claim 7, wherein:
    - detecting the violation of a multivariate security policy comprises analyzing a plurality of combinations of variables and events.
  - 12. The system of claim 11, wherein:
    - analyzing the plurality of combinations of variables and events comprise at least one ofanalyzing two sets of variables associated with a single entity;
      
      analyzing two sets of variables associated with two entities; and
      
      ,analyzing one set of variables associated with two entities.

13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- providing a multivariate security policy, the multivariate security policy comprising a plurality of security policy elements, each of the plurality of security policy elements comprising an associated a variable such that the multivariate security policy comprises a plurality of variables;
  
  processing each of the plurality of security policy elements to generate a plurality of risk score values, the respective risk score value of each of the plurality of security policy elements providing a multivariate risk score;
  
  detecting a violation of the multivariate security policy, the violation of the multivariate security policy occurring when a respective risk score value of the multivariate risk score meets or exceeds a particular multivariate risk score;
  
  identifying a variable from the plurality of variables associated with a cause of the violation;
  
  associating an entity with the variable associated with the cause of the violation; and
  
  ,adaptively remediating a risk associated with the entity, the adaptively remediating the risk performing a remediation operation commensurate with a characteristic of the risk, the characteristic of the risk being represented by at least one respective scoring value, the remediation operation mitigating an effect of the risk.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are further configured for:
    - configuring the multivariate security policy by setting parameters of the plurality of variables.
  - 15. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the multivariate security policy comprises a rule and an action associated with a particular user; and
      
      ,each of the plurality of variables is associated with the rule and the action of the multivariate security policy for the particular user.
  - 16. The non-transitory, computer-readable storage medium of claim 15, wherein:
    - at least some of the plurality of variables comprise risk-adaptive user behavior factors.
  - 17. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - detecting the violation of a multivariate security policy comprises analyzing a plurality of combinations of variables and events.
  - 18. The non-transitory, computer-readable storage medium of claim 17, wherein:
    - analyzing the plurality of combinations of variables and events comprise at least one ofanalyzing two sets of variables associated with a single entity;
      
      analyzing two sets of variables associated with two entities; and
      
      ,analyzing one set of variables associated with two entities.
  - 19. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the computer executable instructions are deployable to a client system from a server system at a remote location.
  - 20. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the computer executable instructions are provided by a service provider to a user on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Ford, Richard A., Irvine, Ann, Reeve, Adam
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/045,295
Publication Number

US 20190036971A1
Time in Patent Office

650 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3072   where the reporting involve...

G06F 11/3438   monitoring of user actions ...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/84   output devices, e.g. displa...

G06F 2201/86   Event-based monitoring

G06F 2221/031   Protect user input by softw...

G06F 2221/032   Protect output to user by s...

G06F 2221/034   Test or assess a computer o...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/025   for remote control or remot...

H04L 67/141   Setup of application sessio...

H04L 67/146 : Markers for unambiguous ide...

H04L 67/289 : Intermediate processing fun...

H04L 67/306 : User profiles

H04L 67/535 : Tracking the activity of th...

View All

Adaptive remediation of multivariate risk

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive remediation of multivariate risk

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links