Cyber Defense Systems And Methods
First Claim
1. A cyber defense method for protecting an enterprise system having a plurality of networked components, comprising:
- collecting connectivity and relationship information indicative of connectivity and behavior of the components;
creating a relationship graph based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships;
storing at least part of the relationship graph to form a chronology;
analyzing the relationship graph and the chronology to predict connectivity and relationship changes within the enterprise system; and
identifying a first anomaly when the current connectivity and relationships do not match the prediction.
0 Assignments
0 Petitions
Accused Products
Abstract
Cyber defense systems and methods protect an enterprise system formed of a plurality of networked components. Connectivity and relationship information indicative of connectivity and behavior of the components are collected. A relationship graph is created based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships. At least part of the relationship graph is stored to form a chronology. The relationship graph and the chronology are analyzed to predict connectivity and relationship changes within the enterprise system, and a first anomaly is identified when the current connectivity and relationships do not match the prediction
-
Citations
16 Claims
-
1. A cyber defense method for protecting an enterprise system having a plurality of networked components, comprising:
-
collecting connectivity and relationship information indicative of connectivity and behavior of the components; creating a relationship graph based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships; storing at least part of the relationship graph to form a chronology; analyzing the relationship graph and the chronology to predict connectivity and relationship changes within the enterprise system; and identifying a first anomaly when the current connectivity and relationships do not match the prediction. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A cyber defense method for protecting an enterprise system having a plurality of networked components, comprising:
-
receiving information from at least one agent configured to collect the information from the enterprise system; calculating normative baseline values and abnormal statistical thresholds based upon the information; generate relationship graph T based upon updates and changes within the information; calculate uncertainty based upon the information and an age of the information; compare a previously generated predicted relationship graph T and relationship graph T and generate anomaly list; filter anomaly list based upon uncertainty; and generating alerts based upon the filtered anomaly list. - View Dependent Claims (8, 9, 10)
-
-
11. A software product comprising instructions, stored on non-transitory computer-readable media, wherein the instructions, when executed by a computer, perform steps for protecting an enterprise system having a plurality of networked components, comprising:
-
instructions for collecting connectivity and relationship information indicative of connectivity and behavior of the components; instructions for creating a relationship graph based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships; instructions for storing at least part of the relationship graph to form a chronology; instructions for analyzing the relationship graph and the chronology to predict connectivity and relationship changes within the enterprise system; and instructions for identifying a first anomaly when the current connectivity and relationships do not match the prediction. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification