CLOUD BASED SYSTEMS AND METHODS FOR DETERMINING AND VISUALIZING SECURITY RISKS OF COMPANIES, USERS, AND GROUPS
First Claim
1. A method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies, the method comprising:
- obtaining log data from the distributed security system;
analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior;
performing one or more remedial actions for the entity; and
subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions.
-
Citations
20 Claims
-
1. A method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies, the method comprising:
-
obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A distributed security system configured to determine and address risk of users, groups of users, locations, and/or companies, the distributed security system comprising:
-
one or more cloud nodes configured to monitor for security threats and maintain logs of transactions; and one or more servers each comprising memory storing instructions that, when executed, cause a processor to obtain log data from the distributed security system; analyze the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; perform one or more remedial actions for the entity; and subsequently obtain updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A log node in a distributed system configured to determine and address risk of users, groups of users, locations, and/or companies, the log node comprising:
-
a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to obtain log data from the distributed security system; analyze the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; cause or suggest performance one or more remedial actions for the entity; and subsequently obtain updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions. - View Dependent Claims (20)
-
Specification