THREAT INTELLIGENCE MANAGEMENT IN SECURITY AND COMPLIANCE ENVIRONMENT
First Claim
1. A method to provide threat intelligence for hosted services, the method comprising:
- analyzing a tenant'"'"'s service environment to determine received and potential threats based on an analysis of correlated and multi-stage evaluated data, wherein the correlated and multi-stage evaluated data includes communications, stored content metadata, and activities;
determining a potential impact for a received threat based on analysis results;
presenting received and potential threats and the potential impact through one or more interactive visualizations, wherein at least one element of each visualization is actionable; and
one or more of presenting and automatically implementing a remediation action associated with the received threat.
1 Assignment
0 Petitions
Accused Products
Abstract
Threat intelligence management is provided in a security and compliance environment. A threat explorer platform or module of a security and compliance service may detect, investigate, manage, and provide actionable insights for threats at an organizational level. Working with a data insights platform that collects different types of signals (metadata, documents, activities, etc.) and correlates in a multi-stage evaluation, the threat intelligence module may provide actionable visual information on potential threats, affected areas, and actionable insights derived from internal threat data and external information using contextual correlation of data within the data insight platform. User experience may be dynamically adjusted at multiple levels based on context and allow users to drill down arbitrarily deep.
27 Citations
20 Claims
-
1. A method to provide threat intelligence for hosted services, the method comprising:
-
analyzing a tenant'"'"'s service environment to determine received and potential threats based on an analysis of correlated and multi-stage evaluated data, wherein the correlated and multi-stage evaluated data includes communications, stored content metadata, and activities; determining a potential impact for a received threat based on analysis results; presenting received and potential threats and the potential impact through one or more interactive visualizations, wherein at least one element of each visualization is actionable; and one or more of presenting and automatically implementing a remediation action associated with the received threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A server configured to provide threat intelligence for hosted services, the server comprising:
-
a communication interface configured to facilitate communication between another server hosting a security and compliance service, one or more client devices, and the server; a memory configured to store instructions; and one or more processors coupled to the communication interface and the memory and configured to execute a threat intelligence module, wherein the threat intelligence module is configured to; analyze a tenant'"'"'s service environment to determine received and potential threats based on an analysis of correlated and multi-stage evaluated data, wherein the correlated and multi-stage evaluated data includes communications, stored content, metadata, and activities; determine a potential impact and a remediation action associated with a received threat based on analysis results; present a dashboard that includes one or more interactive visualizations representing one or more of threat trends, received and potential threats, and the potential impact, wherein a portion of the one or more visualizations is actionable; and automatically implement the remediation action associated with the received threat. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable memory device with instructions stored thereon to provide threat intelligence for hosted services, the instructions, when executed, configured to cause one or more computing devices to perform actions comprising:
-
analyze a tenant'"'"'s service environment to determine received and potential threats based on an analysis of correlated and multi-stage evaluated data, wherein the correlated and multi-stage evaluated data includes communications, stored content, metadata, and activities; determine a potential impact and a remediation action associated with a received threat based on analysis results; present a dashboard that includes one or more interactive visualizations representing one or more of threat trends, received and potential threats, and the potential impact, wherein a portion of the one or more visualizations is actionable; customize the dashboard based on one or more of detected threat types, a tenant profile, and a platform; and automatically implement the remediation action associated with the received threat. - View Dependent Claims (20)
-
Specification