Controlling Malicious Activity Detection Using Behavioral Models
First Claim
Patent Images
1. A method of controlling malicious activity detection, comprising:
- providing a first graphical interface element at a device that enables an administrative user to select a behavioral model to be associated with an information technology asset; and
distributing a behavioral model indicator indicating the selected behavioral model to each of a plurality of protection services deployed on one or more processing modules to cause the plurality of protection services to utilize a plurality of respective protection rule configurations corresponding to the behavioral model to generate respective malicious activity assessments with respect to the information technology asset, wherein each protection rule configuration includes a respective plurality of protection rules having respective rule sensitivities.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
55 Citations
20 Claims
-
1. A method of controlling malicious activity detection, comprising:
-
providing a first graphical interface element at a device that enables an administrative user to select a behavioral model to be associated with an information technology asset; and distributing a behavioral model indicator indicating the selected behavioral model to each of a plurality of protection services deployed on one or more processing modules to cause the plurality of protection services to utilize a plurality of respective protection rule configurations corresponding to the behavioral model to generate respective malicious activity assessments with respect to the information technology asset, wherein each protection rule configuration includes a respective plurality of protection rules having respective rule sensitivities. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of generating a malicious activity assessment, comprising:
-
storing a plurality of protection rule configurations corresponding to a plurality of respective behavioral models in a storage, each protection rule configuration including a plurality of protection rules having respective rule sensitivities; receiving a behavioral model indicator associating an information technology asset with a first behavioral model of the plurality of behavioral models, wherein the first behavioral model corresponds to a first protection rule configuration of the plurality of protection rule configurations; and responsive to receiving the behavioral model indicator, generating the malicious activity assessment with respect to the information technology asset using one or more processors based on the first protection rule configuration. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
storage to store a plurality of protection rule configurations corresponding to a plurality of respective behavioral models, each protection rule configuration including a plurality of protection rules having respective rule sensitivities; a detection module configured to detect a behavioral model indicator that associates an information technology asset with a first behavioral model of the plurality of behavioral models, wherein the first behavioral model corresponds to a first protection rule configuration of the plurality of protection rule configurations; and an assessment module configured to generate a malicious activity assessment with respect to the information technology asset based on the first protection rule configuration in response to the behavioral model indicator being detected. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification