REMEDIAL ACTIONS BASED ON USER RISK ASSESSMENTS

US 20180191770A1
Filed: 03/08/2017
Published: 07/05/2018
Est. Priority Date: 12/30/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a data processing apparatus and for each of a plurality of users, user activity data describing a plurality of actions taken by the user by use of a user device over a period of time;

determining, by the data processing apparatus, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device; and

determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, a method includes receiving, for each of multiple users, user activity data describing actions taken by the user by use of a user device over a period of time, determining, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device, and determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.

Citations

20 Claims

1. A method comprising:
- receiving, at a data processing apparatus and for each of a plurality of users, user activity data describing a plurality of actions taken by the user by use of a user device over a period of time;
  
  determining, by the data processing apparatus, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device; and
  
  determining, by the data processing apparatus, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the risk assessment comprises one or more security hygiene scores.
  - 3. The method of claim 1, wherein the risk assessment comprises one or more security hygiene scores, and determining for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation comprises determining, based on a user action taken by a user taken by use of the user device, and the one or more security hygiene scores, whether to implement the user-specific remedial action.
  - 4. The method of claim 1, wherein determining, by the data processing apparatus, for each user and based on the actions taken by the user by use of the user device over the period of time, a risk assessment representative of a security risk resulting from the actions taken by the user comprises:
    - generating, by the data processing apparatus and using at least one of;
      
      machine learning, a rule set, or user input, the risk assessment of the security risk resulting from the actions taken by the user.
  - 5. The method of claim 1, wherein the user-specific remedial action includes presenting a message to the user, prompting the user not to take a current user device action.
  - 6. The method of claim 1, wherein the user-specific remedial action includes presenting a message to the user, requesting that the user provide additional input before executing a current user device action being attempted by the user.
  - 7. The method of claim 1, wherein the user-specific remedial action includes presenting a message to the user, informing the user that a current user device action being attempted by the user will not be executed.
  - 8. The method of claim 1, wherein the user-specific remedial action includes blocking one of:
    - a current user device action being attempted by the user, an activity related to the current user device action, or an activity related to the user'"'"'s risk assessment.
  - 9. The method of claim 1, wherein the user-specific remedial action includes presenting a report including the user'"'"'s risk assessment to the user.
  - 10. The method of claim 1, wherein the user is one of a set of users that belong to a group within an organization.
  - 11. The method of claim 10, further comprising:
    - receiving, at the data processing apparatus and for each of a plurality of users, user responsibility data describing responsibilities of the user within the organization; and
      
      wherein determining, by the data processing apparatus, for each user and based on the actions taken by the user by use of the user device over the period of time, a risk assessment representative of a security risk resulting from the actions taken by the user comprises;
      
      determining, by the data processing apparatus, for each user and based on the actions taken by the user and the user responsibility data, a risk assessment for the user.
  - 12. The method of claim 10, wherein the user responsibility data describing responsibilities of the user within the organization includes a sensitivity assessment representative of a security risk associated with data to which the user has access.
  - 13. The method of claim 10, further comprising:
    - for a particular user;
      
      comparing, by the data processing apparatus, the user'"'"'s risk assessment to risk assessments of other users of the set of users that belong to the group within the organization;
      
      determining, by the data processing apparatus and based on the comparing, a rank of the user among the set of users that belong to the group within the organization; and
      
      providing, by the data processing apparatus and to the user, a message including the rank of the user.
  - 14. The method of claim 1, wherein the user-specific remedial action comprises restricting the user'"'"'s access to a set of resources.
  - 15. The method of claim 1, wherein the user-specific remedial action includes presenting a message including a prescriptive recommendation to the user.
  - 16. The method of claim 15, wherein the prescriptive recommendation includes a suggested next user device action for the user to take.

17. A system comprising:
- one or more user devices; and
  
  a remote server, comprising one or more computing devices and connected to the one or more user devices over a network, that performs operations comprising;
  
  receiving, at the remote server and for each of a plurality of users from the one or more user devices, user activity data describing a plurality of actions taken by the user by use of a user device over a period of time;
  
  determining, by the remote server, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device; and
  
  determining, by the remote server, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.
- View Dependent Claims (18, 20)
- - 18. The system of claim 17, wherein the risk assessment comprises one or more security hygiene scores.
  - 20. The non-transitory computer readable medium of claim 17, wherein the risk assessment comprises one or more security hygiene scores.

19. A non-transitory computer readable medium storing instructions that when executed by one or more computing devices, cause the one or more computing devices to perform operations comprising:
- receiving, at the one or more computing devices and for each of a plurality of users, user activity data describing a plurality of actions taken by the user by use of a user device over a period of time;
  
  determining, by the one or more computing devices, for each user and based on the actions taken by the user over the period of time and user responsibility data that describe responsibilities of the user, a risk assessment representative of a security risk resulting from the actions taken by the user by use of the user device; and
  
  determining, by the one or more computing devices, for each user and based on the risk assessment determined for the user, whether to implement a user-specific remedial action directed to risk mitigation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chronicle LLC (Alphabet Inc.)
Original Assignee
X Development LLC (Alphabet Inc.)
Inventors

Granted Patent

US 10,581,896 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/50   Monitoring users, programs ...

G06F 21/554   involving event detection a...

G06N 20/00   Machine learning

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

REMEDIAL ACTIONS BASED ON USER RISK ASSESSMENTS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

REMEDIAL ACTIONS BASED ON USER RISK ASSESSMENTS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links