NON-RULE BASED SECURITY RISK DETECTION
First Claim
1. A non-rule based security detection method comprising:
- identifying a plurality of data sources;
generating a baseline for each data source, wherein the baseline includes a plurality of data source outputs that are evaluated over a time period;
detecting a plurality of data source anomalies, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline;
identify a geolocation for each data source anomaly;
generating a plurality of correlations with the plurality of data source anomalies and the geolocation for each data source anomaly; and
associating at least one correlation with a security event.
1 Assignment
0 Petitions
Accused Products
Abstract
A non-rule based security detection system and method is described. The method includes identifying a plurality of data sources. The method then proceeds to generate a baseline for each data source. The baseline includes a plurality of data source outputs that are evaluated over a time period. A plurality of data source anomalies are detected, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline. A geolocation for each data source anomaly is then identified. A plurality of correlations between the plurality of data source anomalies and the geolocation for each data source anomaly are generated. At least one correlation is associated with a security event.
40 Citations
21 Claims
-
1. A non-rule based security detection method comprising:
-
identifying a plurality of data sources; generating a baseline for each data source, wherein the baseline includes a plurality of data source outputs that are evaluated over a time period; detecting a plurality of data source anomalies, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline; identify a geolocation for each data source anomaly; generating a plurality of correlations with the plurality of data source anomalies and the geolocation for each data source anomaly; and associating at least one correlation with a security event. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-rule based security detection system comprising:
-
a database that receives data from a plurality of data sources; a sub-system that generates a baseline for each data source, wherein the baseline includes a plurality of data source outputs that are evaluated over a time period; the sub-system configured to detect a plurality of data source anomalies, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline; the sub-system identifying a geolocation for each data source anomaly; the sub-system generating a plurality of correlations with the plurality of data source anomalies and the geolocation for each data source anomaly; and the sub-system associating at least one correlation with a security event. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-rule based security detection system comprising:
-
a database that receives data from a plurality of data sources; a timeline module that generates a baseline for each data source, wherein the baseline includes a plurality of data source outputs that are evaluated over a time period; the timeline module configured to detect a plurality of data source anomalies, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline; a geolocation module configured to identify a geolocation for each data source anomaly; a correlation module configured to generate a plurality of correlations with the plurality of data source anomalies and the geolocation for each data source anomaly; and the correlation module associating at least one correlation with a security event. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification