Applying security policy based on behaviorally-derived user risk profiles
First Claim
1. A computer-implemented method of establishing a security policy for a user based on risk information for that user, the method comprising:
- receiving information about user behaviors for the user across a plurality of clients with which the user interacts;
receiving one or more user attributes identified for the user;
generating a user risk profile for the user based on the received information about the user behaviors and the received user attributes;
assigning the user a user risk score based on an evaluation of the user risk profile for the user;
identifying a plurality of user groups to which the user belongs based on the user attributes;
assigning the user a group risk score for each of the identified user groups to which the user belongs, each group risk score calculated based on the risk scores of the users in the user group, and each group risk score indicating a likelihood of engaging in risky behaviors by the users of the user group;
calculating a combined user risk score for the user based on the user risk score and at least one of the group risk scores; and
automatically establishing a security policy requiring a plurality of remediative actions for the user based on the combined user risk score.
2 Assignments
0 Petitions
Accused Products
Abstract
Security policy changes can be implemented for a user or a user group based on behaviorally-derived risk information. A behavior-receiving module receives information about user behaviors for the user across various clients with which the user interacts. An attribute-receiving module receives one or more user attributes identified for a user. A profile-generating module generates a user risk profile for the user based on the received information about the user behaviors and the received user attributes. A user scoring module assigns the user a user risk score based on an evaluation of the user risk profile for the user. Similarly, groups of users can be given group risk scores, or users can have combined group/user scores. Finally, a remediation module automatically establishes a security policy requiring remediative actions for the user (or user group) based on the user risk score or combined score (or group score).
231 Citations
19 Claims
-
1. A computer-implemented method of establishing a security policy for a user based on risk information for that user, the method comprising:
-
receiving information about user behaviors for the user across a plurality of clients with which the user interacts; receiving one or more user attributes identified for the user; generating a user risk profile for the user based on the received information about the user behaviors and the received user attributes; assigning the user a user risk score based on an evaluation of the user risk profile for the user; identifying a plurality of user groups to which the user belongs based on the user attributes; assigning the user a group risk score for each of the identified user groups to which the user belongs, each group risk score calculated based on the risk scores of the users in the user group, and each group risk score indicating a likelihood of engaging in risky behaviors by the users of the user group; calculating a combined user risk score for the user based on the user risk score and at least one of the group risk scores; and automatically establishing a security policy requiring a plurality of remediative actions for the user based on the combined user risk score. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing executable computer program instructions for establishing a security policy for a user based on risk information for that user, the computer program instructions comprising instructions for performing the steps comprising:
-
receiving information about user behaviors for the user across a plurality of clients with which the user interacts; receiving one or more user attributes identified for the user; generating a user risk profile for the user based on the received information about the user behaviors and the received user attributes; assigning the user a user risk score based on an evaluation of the user risk profile for the user; identifying a plurality of user groups to which the user belongs based on the user attributes; assigning the user a group risk score for each of the identified user groups to which the user belongs, each group risk score calculated based on the risk scores of the users in the user group, and each group risk score indicating a likelihood of engaging in risky behaviors by the users of the user group; calculating a combined user risk score for the user based on the user risk score and at least one of the group risk scores; and automatically establishing a security policy requiring a plurality of remediative actions for the user based on the combined user risk score. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer system for establishing a security policy for a user based on risk information for that user, the system comprising:
-
a non-transitory computer-readable storage medium storing executable software modules, comprising; a behavior-receiving module for receiving information about user behaviors for the user across a plurality of clients with which the user interacts; an attribute-receiving module for receiving one or more user attributes identified for the user; a profile-generating module for generating a user risk profile for the user based on the received information about the user behaviors and the received user attributes;
a user scoring module for assigning the user a user risk score based on an evaluation of the user risk profile for the user;a grouping module for identifying a plurality of user groups to which the user belongs based on the user attributes; a group scoring module for assigning the user a group risk score for each of the identified user groups to which the user belongs, each group risk score calculated based on the risk scores of the users in the user group, and each group risk score indicating a likelihood of engaging in risky behaviors by the users of the user group; a combined scoring module for calculating a combined user risk score for the user based on the user risk score and at least one of the group risk scores; a remediation module for automatically establishing a security policy requiring a plurality of remediative actions for the user based on the user risk score; and a processor configured to execute the software modules stored by the computer-readable storage medium. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification