Gracefully handling endpoint feedback when starting to monitor
First Claim
1. A computer-implementable method for adaptively assessing risk associated with an endpoint, comprising:
- determining a risk level corresponding to an entity associated with an endpoint;
selecting a frequency of when to perform an endpoint monitoring interval and a duration of the endpoint monitoring interval;
collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint;
processing the user behavior to generate a current risk score for the entity;
comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed;
changing the risk score of the user to the current risk score when the risk score of the user has changed; and
,decreasing the frequency of the endpoint monitoring interval when the current risk scores of the user remain substantially the same over a plurality of endpoint monitoring intervals, the current risk scores remaining substantially the same being when the current risk scores are within +/−
10% of the historical risk scores.
7 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer-usable medium for adaptively assessing risk associated with an endpoint, comprising: determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior to collect user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed.
-
Citations
17 Claims
-
1. A computer-implementable method for adaptively assessing risk associated with an endpoint, comprising:
-
determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency of when to perform an endpoint monitoring interval and a duration of the endpoint monitoring interval; collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; changing the risk score of the user to the current risk score when the risk score of the user has changed; and
,decreasing the frequency of the endpoint monitoring interval when the current risk scores of the user remain substantially the same over a plurality of endpoint monitoring intervals, the current risk scores remaining substantially the same being when the current risk scores are within +/−
10% of the historical risk scores. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for; determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency of when to perform an endpoint monitoring interval and a duration of the endpoint monitoring interval; collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; changing the risk score of the user to the current risk score when the risk score of the user has changed; and
,decreasing the frequency of the endpoint monitoring interval when the current risk scores of the user remain substantially the same over a plurality of endpoint monitoring intervals, the current risk scores remaining substantially the same being when the current risk scores are within +/−
10% of the historical risk scores. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
-
determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency of when to perform an endpoint monitoring interval and a duration of the endpoint monitoring interval; collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; changing the risk score of the user to the current risk score when the risk score of the user has changed; and
,decreasing the frequency of the endpoint monitoring interval when the current risk scores of the user remain substantially the same over a plurality of endpoint monitoring intervals, the current risk scores remaining substantially the same being when the current risk scores are within +/−
10% of the historical risk scores. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification