COMPUTER-IMPLEMENTED METHOD FOR DETERMINING COMPUTER SYSTEM SECURITY THREATS, SECURITY OPERATIONS CENTER SYSTEM AND COMPUTER PROGRAM PRODUCT
First Claim
1. A computer-implemented method for determining computer system security threats, the computer system including user accounts established on the computer system, the method including the steps of:
- (i) for a plurality of user accounts, assigning a risk level to each account;
(ii) in a time interval, for a plurality of events, wherein each event is linked to a respective user account, assigning an event score relating to deviation from normal behavior of each event with respect to the respective user account;
(iii) in the time interval, for the plurality of events, calculating an event importance which is a function of the respective event score and the respective user account risk level;
(iv) prioritizing the plurality of events by event importance, and(v) providing a record of the plurality of events, prioritized by event importance.
0 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for determining computer system security threats, the computer system including user accounts established on the computer system, the method including the steps of: (i) for a plurality of user accounts, assigning a risk level to each account; (ii) in a time interval, for a plurality of events, wherein each event is linked to a respective user account, assigning an event score relating to deviation from normal behavior of each event with respect to the respective user account; (iii) in the time interval, for the plurality of events, calculating an event importance which is a function of the respective event score and the respective user account risk level; (iv) prioritizing the plurality of events by event importance, and (v) providing a record of the plurality of events, prioritized by event importance.
104 Citations
93 Claims
-
1. A computer-implemented method for determining computer system security threats, the computer system including user accounts established on the computer system, the method including the steps of:
-
(i) for a plurality of user accounts, assigning a risk level to each account; (ii) in a time interval, for a plurality of events, wherein each event is linked to a respective user account, assigning an event score relating to deviation from normal behavior of each event with respect to the respective user account; (iii) in the time interval, for the plurality of events, calculating an event importance which is a function of the respective event score and the respective user account risk level; (iv) prioritizing the plurality of events by event importance, and (v) providing a record of the plurality of events, prioritized by event importance. - View Dependent Claims (16, 25, 26, 28, 29, 31, 32, 39, 40, 52, 53)
-
-
2-15. -15. (canceled)
-
17-24. -24. (canceled)
-
27. (canceled)
-
30. (canceled)
-
33-38. -38. (canceled)
-
41-51. -51. (canceled)
-
54-81. -81. (canceled)
-
82. A security operations center system including a processor, the processor programmed to execute a computer-implemented method for determining computer system security threats, the computer system including user accounts established on the computer system, wherein data relating to the user accounts is accessible to the processor, the processor programmed to:
-
(i) for a plurality of user accounts, assign a risk level to each account; (ii) in a time interval, for a plurality of events, wherein each event is linked to a respective user account, assign an event score relating to deviation from normal behavior of each event with respect to the respective user account; (iii) in the time interval, for the plurality of events, calculate an event importance which is a function of the respective event score and the respective user account risk level; (iv) prioritize the plurality of events by event importance, and (v) provide a record of the plurality of events, prioritized by event importance. - View Dependent Claims (83, 84, 85, 86, 87, 88, 89, 90)
-
-
91. (canceled)
-
92. A computer program product executable on a processor to perform a computer-implemented method for determining computer system security threats, the computer system including user accounts established on the computer system, wherein data relating to the user accounts is accessible to the processor, the computer program product executable to:
-
(i) for a plurality of user accounts, assign a risk level to each account; (ii) in a time interval, for a plurality of events, wherein each event is linked to a respective user account, assign an event score relating to deviation from normal behavior of each event with respect to the respective user account; (iii) in the time interval, for the plurality of events, calculate an event importance which is a function of the respective event score and the respective user account risk level; (iv) prioritize the plurality of events by event importance, and (v) provide a record of the plurality of events, prioritized by event importance.
-
-
93-151. -151. (canceled)
Specification