×

Systems and methods for anomaly-based detection of compromised IT administration accounts

  • US 9,485,271 B1
  • Filed: 03/11/2014
  • Issued: 11/01/2016
  • Est. Priority Date: 03/11/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for anomaly-based detection of compromised information technology (IT) administration accounts, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • establishing a set of permissible IT administration tasks for an IT administration account by statically establishing a predefined white list of tasks that are not indicative of suspicious activities on an IT administration account, wherein establishing the predefined white list of tasks comprises defining, for one or more permissible IT administration tasks in the set of permissible IT administration tasks, at least one of;

    a time of day the task is permissible;

    a location where the task is permissible; and

    a first type of computing device permitted to perform the task;

    monitoring the IT administration account for activities outside the set of permissible IT administration tasks;

    detecting a suspicious activity by identifying an activity that is outside the set of permissible IT administration tasks and therefore indicative of the IT administration account being compromised; and

    in response to detecting the suspicious activity, performing, by a security action module on the computing device that is programmed to respond to the suspicious activity, a security action that comprises locking out the IT administration account at a second type of computing device while still granting access to the IT administration account on the first type of computing device.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×