MECHANISMS FOR ANOMALY DETECTION AND ACCESS MANAGEMENT
First Claim
1. A method for access management of a target resource comprising:
- receiving, at a computing system from a client application executing at a computing device, data associated with an access request, the access request requesting access to the target resource on a target system, by a user;
analyzing, by the computing system, the data associated with the access request against data collected concerning interactions between the user and one or more enforcement policies to obtain a rule or policy based risk for the user;
analyzing, by the computing system, the data associated with the access request against a behavior model associated with the user to obtain a behavior based risk for the user;
determining, by the computing system, a threat perception for the user based on the rule or policy based risk for the user and the behavior based risk; and
transmitting, by the computing system, the threat perception score to at least one of;
the target system, the target resource, a visualization server, and an access manager such that the at least one of;
the target system, the target resource, the visualization server, and the access manager allow, challenge, or deny access to the target resource based on the threat perception score for the user.
2 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.
232 Citations
20 Claims
-
1. A method for access management of a target resource comprising:
-
receiving, at a computing system from a client application executing at a computing device, data associated with an access request, the access request requesting access to the target resource on a target system, by a user; analyzing, by the computing system, the data associated with the access request against data collected concerning interactions between the user and one or more enforcement policies to obtain a rule or policy based risk for the user; analyzing, by the computing system, the data associated with the access request against a behavior model associated with the user to obtain a behavior based risk for the user; determining, by the computing system, a threat perception for the user based on the rule or policy based risk for the user and the behavior based risk; and transmitting, by the computing system, the threat perception score to at least one of;
the target system, the target resource, a visualization server, and an access manager such that the at least one of;
the target system, the target resource, the visualization server, and the access manager allow, challenge, or deny access to the target resource based on the threat perception score for the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
one or more processors and non-transitory machine readable storage medium; a distributed environment that includes a user device, a plurality of agents, an access management and threat detection system, an information management system, and target system having a target resource; and program instructions configured to; receive, at the information management system from the user device, data associated with an access request, the access request requesting access to the target resource, by a user; analyze, by the information management system, the data associated with the access request against data collected concerning interactions between the user and one or more enforcement policies deployed within the access management and threat detection system to obtain a rule or policy based risk for the user; analyze, by the information management system, the data associated with the access request against a behavior model associated with the user to obtain a behavior based risk for the user; determine, by the information management system, a threat perception for the user based on the rule or policy based risk for the user and the behavior based risk; and transmit, by the information management system, the threat perception score to the access management and threat detection system such that the access management and threat detection system allows, challenges, or denies access to the target resource based on the threat perception score for the user, wherein the program instructions are stored on the non-transitory machine readable storage medium for execution by the one or more processors. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory machine readable storage medium having instructions stored thereon that when executed by one or more processors cause the one or more processors to perform a method comprising:
-
receiving, at an information management system from a user device, data associated with an access request, the access request requesting access to a target resource on a target system, by a user; analyzing, by the information management system, the data associated with the access request against data collected concerning interactions between the user and one or more enforcement policies deployed within an access management and threat detection system to obtain a rule or policy based risk for the user; analyzing, by the information management system, the data associated with the access request against a behavior model associated with the user to obtain a behavior based risk for the user; determining, by the information management system, a threat perception for the user based on the rule or policy based risk for the user and the behavior based risk; and transmitting, by the information management system, the threat perception score to the access management and threat detection system such that the access management and threat detection system allows, challenges, or denies access to the target resource based on the threat perception score for the user. - View Dependent Claims (18, 19, 20)
-
Specification