DATA INSIGHTS PLATFORM FOR A SECURITY AND COMPLIANCE ENVIRONMENT

US 20180191781A1
Filed: 03/30/2017
Published: 07/05/2018
Est. Priority Date: 12/30/2016
Status: Abandoned Application

First Claim

Patent Images

1. A method to provide a data insights platform for a security and compliance environment, the method comprising:

collecting a plurality of signals from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and context;

receiving a query associated with the collected plurality of signals;

focusing and filtering the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; and

replying to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-purpose platform may collect different types of signals such as metadata, documents, activities, etc. and correlate in a multi-stage evaluation framework in order to allow simple queries from components and clients of a compliance and security environment to be converted into rich analyses on available data. Various signals may be collected from tenant environment and correlated at multiple levels based on their content and context. Queries from components such as a threat intelligence manager, a data explorer module, or even clients of the system may be executed on the correlated data by focusing and/or filtering the queries based on the context, effectively converting a simple query to a comprehensive analysis. The platform may have intelligence to decide which type of data to run a query on based on the request and allow data investigations performing a chain-linked investigation that can go multiple levels deep.

18 Citations

View as Search Results

20 Claims

1. A method to provide a data insights platform for a security and compliance environment, the method comprising:
- collecting a plurality of signals from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and context;
  
  receiving a query associated with the collected plurality of signals;
  
  focusing and filtering the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; and
  
  replying to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - aggregating the plurality of signals in real time.
  - 3. The method of claim 2, further comprising:
    - receiving the query from and replying to one or more of a data explorer module configured to identify and categorize the aggregated plurality of signals and a threat intelligence module configured to manage threats to the tenant'"'"'s hosted environment.
  - 4. The method of claim 3, further comprising:
    - providing one or more of raw signals, filtered signals at one or more correlation levels, and signals generated during the aggregation of the collected plurality of signals to one or more of the data explorer module and the threat intelligence module.
  - 5. The method of claim 1, further comprising:
    - detecting a pattern associated with and a usage of the collected plurality of signals;
      
      deriving an insight based on the pattern; and
      
      presenting the derived insight.
  - 6. The method of claim 1, further comprising:
    - receiving pre-correlated signals from a graph-based data correlation service.
  - 7. The method of claim 1, wherein the collected plurality of signals comprise one or more of documents, non-document content, communications, metadata, activities, organizational relationships, and configurations.
  - 8. The method of claim 1, further comprising:
    - determining which type of collected signals to execute a received query on based on a request for the query.
  - 9. The method of claim 8, further comprising:
    - determining how to augment the query based on a context of the request.
  - 10. The method of claim 1, further comprising:
    - aggregating query results based on a type requesting module of a security and compliance service.
  - 11. The method of claim 10, wherein the type of the requesting module includes one of a data classification module, a threat management module, a policy management module, and an alert management module.

12. A server configured to provide a data insights platform for a security and compliance environment, the server comprising:
- a communication interface configured to facilitate communication between another server hosting a security and compliance service, one or more client devices, and the server;
  
  a memory configured to store instructions; and
  
  one or more processors coupled to the communication interface and the memory and configured to execute the data insights platform, wherein the data insights platform is configured to;
  
  collect a plurality of signals from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and context;
  
  receive a query associated with the collected plurality of signals;
  
  focus and filter the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals;
  
  reply to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals; and
  
  provide one or more of raw signals, filtered signals at one or more correlation levels, and signals generated during an aggregation of the collected plurality of signals to one or more of a data explorer module, an alert management module, and a threat intelligence module within the security and compliance service.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The server of claim 12, wherein the data insights platform includes a reporting framework to manage replies to queries, an aggregation store to store aggregated signals, and a data insights application programming interface (API) to communicate with the data explorer module, the alert management module, and the threat intelligence module.
  - 14. The server of claim 12, further comprising a background job framework configured to manage aggregation tasks associated with the data insights platform.
  - 15. The server of claim 14, wherein the aggregation tasks include one or more of alert aggregation, policy aggregation, threat intelligence aggregation, default aggregation, system policy aggregation, reporting aggregation, and user experience data aggregation.
  - 16. The server of claim 15, wherein the user experience data aggregation includes customization insights and tenant usage insights.
  - 17. The server of claim 12, wherein the plurality of signals include documents, non-document content, communications, and activities and metadata associated with the documents, the non-document content, and the communications.
  - 18. The server of claim 17, wherein the data insights platform is configured to correlate and evaluate the documents, the non-document content, and the communications in context of corresponding activities and metadata associated with the documents, the non-document content, and the communications.

19. A computer-readable memory device with instructions stored thereon to provide a data insights platform for a security and compliance environment, the instructions, when executed, configured to cause one or more computing devices to perform actions comprising:
- collect a plurality of signals comprising documents, non-document content, communications, and activities and metadata associated with the documents, the non-document content, and the communications from a plurality of resources within a tenant'"'"'s hosted environment, wherein the collected plurality of signals are correlated at one or more levels based their content and a context of corresponding activities and metadata associated with the documents, the non-document content, and the communications;
  
  receive a query associated with the collected plurality of signals;
  
  focus and filter the query on a portion of the collected plurality of signals based on a context of the query in relation to the collected plurality of signals; and
  
  reply to the query with a comprehensive analysis report based on the focused and filtered execution of the query on the portion of the collected plurality of signals.
- View Dependent Claims (20)
- - 20. The computer-readable storage medium of claim 19, wherein the correlation is based on one or more of a label of a sensitive content within, a type of, an age of, a storage location of, a location of a user accessing, and an identity of a user or an entity accessing the documents, the non-document content, and the communications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors

Application Number

US15/474,042
Publication Number

US 20180191781A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

DATA INSIGHTS PLATFORM FOR A SECURITY AND COMPLIANCE ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA INSIGHTS PLATFORM FOR A SECURITY AND COMPLIANCE ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links