×

CORRELATION BASED SECURITY RISK IDENTIFICATION

  • US 20160294863A1
  • Filed: 06/09/2016
  • Published: 10/06/2016
  • Est. Priority Date: 11/28/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for identifying security risks, comprising:

  • using at least one computer system having a processor and connected to a computer network to perform the following actions;

    retrieving a plurality of account credentials of a plurality of accounts from a storage of each member of a first group of machines in said computer network, said storage comprising at least one member of a group consisting of a registry, a Security Account Manager (SAM), a Local Security Authority Subsystem Service (LSASS), a memory, a persistent storage and a non-persistent storage;

    collecting a plurality of account access rights, each one of said plurality of account access rights grants to one of said plurality of accounts an access to at least one member of a second group of machines in said computer network;

    identifying correlated account credentials from said plurality of account credentials, wherein said correlated account credentials are for an account of said plurality of accounts that is granted access to a certain machine of said second group of machines according to at least one account access right of said collected plurality of account access rightsusing said correlated account credentials to request access to said certain machine, andidentifying automatically at least one security risk according to an outcome of said request;

    wherein said certain machine is from said second group of machines, said correlated account credentials is from said plurality of retrieved account credentials, said certain account is from said plurality of accounts, and said correlated account access rights is from said plurality of account access rights.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×