Entity Group Behavior Profiling
First Claim
Patent Images
1. A method, comprising:
- creating an entity group that includes a plurality of entities, wherein each one of the plurality of entities represents one of a user, a machine, and a service;
creating a behavior profile for each one of the plurality of entities of the entity group;
monitoring behavior of each one of the plurality of entities of the entity group to detect behavior change; and
detecting an indicator of compromise based on multiple ones of the plurality of entities experiencing substantially a same behavior change.
3 Assignments
0 Petitions
Accused Products
Abstract
Entity group behavior profiling. An entity group is created that includes multiple entities, where each entity represents one of a user, a machine, and a service. A behavior profile is created for each one of the entities of the entity group. The behavior of each of one of the entities of the entity group is monitored to detect behavior change. An indicator of compromise is detected based on multiple ones of the entities experiencing substantially a same behavior change.
203 Citations
24 Claims
-
1. A method, comprising:
-
creating an entity group that includes a plurality of entities, wherein each one of the plurality of entities represents one of a user, a machine, and a service; creating a behavior profile for each one of the plurality of entities of the entity group; monitoring behavior of each one of the plurality of entities of the entity group to detect behavior change; and detecting an indicator of compromise based on multiple ones of the plurality of entities experiencing substantially a same behavior change. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory machine-readable storage medium that provides instructions that, if executed by a processor, will cause said processor to perform operations comprising:
-
creating an entity group that includes a plurality of entities, wherein each one of the plurality of entities represents one of a user, a machine, and a service; creating a behavior profile for each one of the plurality of entities of the entity group; monitoring behavior of each one of the plurality of entities of the entity group to detect behavior change; and detecting an indicator of compromise based on multiple ones of the plurality of entities experiencing substantially a same behavior change. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for collaborative and adaptive threat intelligence, comprising:
-
a processor; and a non-transitory machine-readable storage medium containing instructions executable by said processor whereby said apparatus is operative to; create an entity group that includes a plurality of entities, wherein each one of the plurality of entities represents one of a user, a machine, and a service; create a behavior profile for each one of the plurality of entities of the entity group; monitor behavior of each one of the plurality of entities of the entity group to detect behavior change; and detect an indicator of compromise based on multiple ones of the plurality of entities experiencing substantially a same behavior change. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification