×

User activity modelling, monitoring, and reporting framework

  • US 9,600,659 B1
  • Filed: 12/16/2015
  • Issued: 03/21/2017
  • Est. Priority Date: 11/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for identifying risk within an information technology (IT) environment, comprising:

  • collecting data regarding user activities from a plurality of user activity data sources, the collecting data being provided to a user activity profiler from a security intelligence system via predefined user activity profile application program interfaces;

    storing the data regarding the user activities within a user activity data repository;

    analyzing characteristics of a user accessing a system within an IT environment, the characteristics of the user being related to the user activities and information relating to activity behavioral groups based upon the user activities;

    associating a risk profile with the user based upon the characteristics of the user;

    determining when the user accesses a system within the IT environment;

    maintaining a user risk profile record of all systems within the IT environment accessed by the user, the user risk profile record continuing to be associated with the system after access by the user ceases; and

    ,identifying a risk level for all systems within the IT environment based upon the user risk profile record; and

    whereinspecific suspicious user activity is identified based on external threat feeds and analysis; and

    ,information regarding the specific suspicious user activity is presented to an organization and to individual users with regard to risk assessments, observed suspicious activities and general education of what is affecting risk with respect to the organization and individual users.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×