System and Method for Predicting Impending Cyber Security Events Using Multi Channel Behavioral Analysis in a Distributed Computing Environment
First Claim
1. A software architecture for predicting the likelihood future security threats in distributed computing environment, comprising:
- a registration entity or registry residing within a main server entity;
a communication engine to communicate with said main server and authorized 3rd parties;
a plurality of decision engines and entities communicating with said main server;
a plurality of correlation engines and entities communicating with said main server and decision engines;
a plurality of semantic graph build engines communicating with said correlation entities;
a plurality of distributed networked agents providing a mechanism for collecting event and attribute data for said main server entity, correlation server entity, and decision entity; and
a defined protocol for initiating and maintaining secure communication between the main server, agents, correlation engines, decision engines and communication server over said network.
0 Assignments
0 Petitions
Accused Products
Abstract
Multi channel distributed behavioral analysis architecture provides a software solution to the major operational challenges faced with providing an early warning system for impending cyber security events. Most cyber security events are premeditated. However, many current cyber security defense technologies only address the real-time detection of a software vulnerability, the presence of malware (known or unknown “zero day”), anomalies from pre-established data points, or the signature of an active security event. The system and method of the multi channel distributed behavioral analysis architecture introduces a technique which provides the data collection, assessment, and alerting ability prior to the occurrence of an event based on threat actor behavior.
-
Citations
5 Claims
-
1. A software architecture for predicting the likelihood future security threats in distributed computing environment, comprising:
-
a registration entity or registry residing within a main server entity; a communication engine to communicate with said main server and authorized 3rd parties; a plurality of decision engines and entities communicating with said main server; a plurality of correlation engines and entities communicating with said main server and decision engines; a plurality of semantic graph build engines communicating with said correlation entities; a plurality of distributed networked agents providing a mechanism for collecting event and attribute data for said main server entity, correlation server entity, and decision entity; and a defined protocol for initiating and maintaining secure communication between the main server, agents, correlation engines, decision engines and communication server over said network. - View Dependent Claims (2, 3, 4, 5)
-
Specification