Controlling malicious activity detection using behavioral models
First Claim
Patent Images
1. A system to control malicious activity detection, comprising:
- one or more processors;
memory coupled to at least one of the one or more processors;
an interface module, implemented using at least one of the one or more processors, configured to display a first graphical interface element at a presentation device that enables a user to select a behavioral model to be associated with an information technology asset,the interface module further configured to display a second graphical interface element that enables the user to select a detection sensitivity to be associated with the information technology asset; and
an indicator distribution module, implemented using at least one of the one or more processors, configured to cause distribution of a behavioral model indicator indicating the selected behavioral model to a plurality of protection services deployed on one or more processing modules to cause the plurality of protection services to utilize a plurality of respective protection rule configurations corresponding to the selected behavioral model to generate respective malicious activity assessments with respect to the information technology asset,the indicator distribution module further configured to cause distribution of a detection sensitivity indicator indicating the selected detection sensitivity to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that further correspond to the selected detection sensitivity to generate the respective malicious activity assessments with respect to the information technology asset.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
-
Citations
20 Claims
-
1. A system to control malicious activity detection, comprising:
-
one or more processors; memory coupled to at least one of the one or more processors; an interface module, implemented using at least one of the one or more processors, configured to display a first graphical interface element at a presentation device that enables a user to select a behavioral model to be associated with an information technology asset, the interface module further configured to display a second graphical interface element that enables the user to select a detection sensitivity to be associated with the information technology asset; and an indicator distribution module, implemented using at least one of the one or more processors, configured to cause distribution of a behavioral model indicator indicating the selected behavioral model to a plurality of protection services deployed on one or more processing modules to cause the plurality of protection services to utilize a plurality of respective protection rule configurations corresponding to the selected behavioral model to generate respective malicious activity assessments with respect to the information technology asset, the indicator distribution module further configured to cause distribution of a detection sensitivity indicator indicating the selected detection sensitivity to the plurality of protection services to cause the plurality of protection services to utilize the plurality of respective protection rule configurations that further correspond to the selected detection sensitivity to generate the respective malicious activity assessments with respect to the information technology asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of generating a malicious activity assessment using one or more processors of a processor-based system, the method comprising:
-
receiving a behavioral model indicator associating an information technology asset with a first behavioral model of a plurality of behavioral models that correspond to a plurality of respective protection rule configurations, the first behavioral model corresponding to a first protection rule configuration of the plurality of protection rule configurations; receiving a disablement indicator indicating one or more individually disabled protection rules of the plurality of protection rule configurations; and responsive to receiving the behavioral model indicator, generating, using at least one of the one or more processors, the malicious activity assessment with respect to the information technology asset based on the first protection rule configuration, the generating the malicious activity assessment with respect to the information technology asset not taking into account the one or more individually disabled protection rules. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more processors; memory coupled to at least one of the one or more processors; a detection module, implemented using at least one of the one or more processors, configured to detect a behavioral model indicator that associates an information technology asset with a first behavioral model of a plurality of behavioral models that correspond to a plurality of respective protection rule configurations, the first behavioral model corresponding to a first protection rule configuration of the plurality of protection rule configurations, the first behavioral model configured to indicate which protection rules selected from a plurality of protection rules are to be applied by each of a plurality of protection services during a plurality of operations that are to be performed by the plurality of respective protection services, each protection rule indicating respective information to be collected with respect to the information technology asset for generation of the malicious activity assessment with respect to the information technology asset; and an assessment module, implemented using at least one of the one or more processors, configured to generate a malicious activity assessment with respect to the information technology asset based on the first protection rule configuration in response to the behavioral model indicator being detected. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification