Recommending the Most Relevant and Urgent Vulnerabilities within a Security Management System
First Claim
1. A method, in a data processing system comprising at least one processor and at least one memory, wherein the at least one memory comprises instructions executed by the at least one processor to cause the at least one processor to implement a security management system for accessing security vulnerability issue information, the method comprising:
- monitoring, by the security management system, security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data;
generating, by the security management system, one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data;
generating, by the security management system, an analyst-issue model based on one or more security vulnerability issue models and the one or more security analyst models; and
outputting, by the security management system, an issue recommendation for a security analyst based on the analyst-issue model.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms are provided for accessing security vulnerability issue information. The mechanisms monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data, and generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data. The mechanisms generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models, and generate an issue recommendation for a security analyst based on the analyst-issue model.
11 Citations
21 Claims
-
1. A method, in a data processing system comprising at least one processor and at least one memory, wherein the at least one memory comprises instructions executed by the at least one processor to cause the at least one processor to implement a security management system for accessing security vulnerability issue information, the method comprising:
-
monitoring, by the security management system, security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data; generating, by the security management system, one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data; generating, by the security management system, an analyst-issue model based on one or more security vulnerability issue models and the one or more security analyst models; and outputting, by the security management system, an issue recommendation for a security analyst based on the analyst-issue model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to implement a security management system for accessing security vulnerability issue information, and causes the security management system to:
-
monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data; generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data; generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models; and output an issue recommendation for a security analyst based on the analyst-issue model. - View Dependent Claims (12, 13, 14, 15, 17, 18, 19, 20)
-
-
16. The computer program product of 15, wherein the computer readable program further causes the security management system to generate an analyst issue model at least by, for each analyst in a plurality of analysts:
-
identifying matching security vulnerability issues in the one or more security vulnerability issue models that have types corresponding to at least one of the first types or second types of security vulnerability issues stored in the analyst interaction log data for the analyst; and generating, in the analyst issue model, an analyst-issue link for the identified matching security vulnerability issues.
-
-
21. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to implement a security management system for accessing security vulnerability issue information, and causes the security management system to; monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data; generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data; generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models; and generate an issue recommendation for a security analyst based on the analyst-issue model.
-
Specification