INSIDER THREAT CORRELATION TOOL
First Claim
1. A computer-implemented method comprising:
- calculating a first threat score corresponding to a first time period for a plurality of user accounts, each user account having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, the calculations of the first threat score for each user account comprising;
receiving at least one of an indication of activity through the first network for the presence of a security threat, an ethics threat, or combinations thereof;
receiving an indication indicative of any blocked transmissions and non-blocked transmissions through a targeted communication application associated with the user account that meet a predefined criterion; and
determining if a transmission through the first network is transmitted or received through an unauthorized protocol; and
comparing the first threat score with a second threat score corresponding to a second time period to create an overall threat score.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for calculating threat scores for individuals within an organization or domain are provided. Aspects of the invention relate to computer-implemented methods that form a predictive threat rating for user accounts. In one implementation, a first threat score representing a first time period may be calculated. The first threat score may be compared with aspects of the same user accounts for a second time period. Weighting schemes may be applied to certain activities, controls, and/or user accounts. Further aspects relate to apparatuses configured to execute methods for ranking individual user accounts. Certain embodiments may not block transmissions that violate predefine rules, however, indications of such improper transmission may be considered when constructing a threat rating. Blocked transmissions enforced upon a user account may also be received. Certain activity, such as accessing the internet, may be monitored for the presence of a security threat and/or an ethics threat.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
calculating a first threat score corresponding to a first time period for a plurality of user accounts, each user account having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, the calculations of the first threat score for each user account comprising; receiving at least one of an indication of activity through the first network for the presence of a security threat, an ethics threat, or combinations thereof; receiving an indication indicative of any blocked transmissions and non-blocked transmissions through a targeted communication application associated with the user account that meet a predefined criterion; and determining if a transmission through the first network is transmitted or received through an unauthorized protocol; and comparing the first threat score with a second threat score corresponding to a second time period to create an overall threat score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method comprising:
calculating a threat score for a plurality of user accounts having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, comprising, for each user account determining an overall threat score (foverall), wherein - View Dependent Claims (16, 17, 18, 19, 20)
Specification