SYSTEMS AND METHODS FOR DETECTING AND INVESTIGATING INSIDER FRAUD
First Claim
1. A computer-implemented method for detecting and investigating insider fraud, comprising:
- identifying one or more insider threat detection rules for an enterprise, the enterprise associated with a plurality of enterprise insiders;
obtaining, from a plurality of behavioral data sources, behavioral data for a first enterprise insider of the plurality of enterprise insiders, the behavioral data for the first enterprise insider describing at least an action of the first enterprise insider;
determining a threat score for the first enterprise insider based on the behavioral data for the first enterprise insider and one or more of the insider threat detection rules; and
initiating, when the threat score satisfies a threat threshold, one or more protective actions.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus, including computer programs encoded on computer storage media, for detecting insider fraud. One method includes identifying one or more insider threat detection rules for an enterprise and obtaining behavioral data for an enterprise insider from multiple behavioral data sources. The enterprise is associated with a plurality of enterprise insiders, and the behavioral data describes at least one action of the first enterprise insider. The method further includes determining a threat score for the first enterprise insider based on the behavioral data for the first enterprise insider and one or more of the insider threat detection rules and initiating, when the threat score satisfies a threat threshold, one or more protective actions.
-
Citations
30 Claims
-
1. A computer-implemented method for detecting and investigating insider fraud, comprising:
-
identifying one or more insider threat detection rules for an enterprise, the enterprise associated with a plurality of enterprise insiders; obtaining, from a plurality of behavioral data sources, behavioral data for a first enterprise insider of the plurality of enterprise insiders, the behavioral data for the first enterprise insider describing at least an action of the first enterprise insider; determining a threat score for the first enterprise insider based on the behavioral data for the first enterprise insider and one or more of the insider threat detection rules; and initiating, when the threat score satisfies a threat threshold, one or more protective actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for detecting and investigating insider fraud, comprising:
-
at least one memory to store data and instructions; and at least one processor configured to access the at least one memory and, when executing the instructions, to; identify one or more insider threat detection rules for an enterprise, the enterprise associated with a plurality of enterprise insiders; obtain, from a plurality of behavioral data sources, behavioral data for a first enterprise insider, the behavioral data for the first enterprise insider describing at least an action of the first enterprise insider; determine a threat score for first enterprise insider based on the behavioral data for the first enterprise insider and one or more of the insider threat detection rules; and initiating, when the threat score satisfies a threat threshold, one or more protective actions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer storage medium encoded with a computer program, the computer program comprising instructions operable to cause data processing apparatus to perform operations for detecting and investigating insider fraud, comprising:
-
identifying one or more insider threat detection rules for an enterprise, the enterprise associated with a plurality of enterprise insiders; obtaining, from a plurality of behavioral data sources, behavioral data for a first enterprise insider of the plurality of enterprise insiders, the behavioral data for the first enterprise insider describing at least an action of the first enterprise insider; determining a threat score for the first enterprise insider based on the behavioral data for the first enterprise insider and one or more of the insider threat detection rules; and initiating, when the threat score satisfies a threat threshold, one or more protective actions. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification