User profile definition and management
First Claim
1. A computer-implementable method for performing a security analysis operation within a security environment, comprising:
- monitoring electronically-observable user behavior about a particular entity;
maintaining a state about the particular entity, the state representing a context of a particular event;
converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior;
generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior, the user behavior profile comprising a collection of information that describes the particular entity, the collection of information comprising at least one of a user profile attribute, a user behavior factor and a user mindset factor;
generating a mindset profile for the particular entity, the mindset profile representing aspects of the particular entity that are inferred based upon the electronically-observable user behavior, the mindset profile being generated using a combination of the user behavior profile and the state;
performing a security analysis operation via a security analytics system, the security analysis operation analyzing the event using the state of the entity, the mindset profile and the user behavior profile, the analyzing determining whether the electronically-observable user behavior about the particular entity does not correspond to known good behavior, the security analysis operation determining that the particular entity represents a security threat to an organization associated with the security analytics system when the electronically-observable user behavior about the particular entity does not correspond to known good behavior; and
,performing an enforcement operation when the electronically-observable user behavior about the particular entity does not correspond to known good behavior.
8 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer-usable medium for performing a security analysis operation within a security environment, comprising: monitoring electronically-observable user behavior about a particular entity; maintaining a state about the particular entity, the state representing a context of a particular event; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior; and, analyzing the event using the state of the entity and the user behavior profile.
149 Citations
20 Claims
-
1. A computer-implementable method for performing a security analysis operation within a security environment, comprising:
-
monitoring electronically-observable user behavior about a particular entity; maintaining a state about the particular entity, the state representing a context of a particular event; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior, the user behavior profile comprising a collection of information that describes the particular entity, the collection of information comprising at least one of a user profile attribute, a user behavior factor and a user mindset factor; generating a mindset profile for the particular entity, the mindset profile representing aspects of the particular entity that are inferred based upon the electronically-observable user behavior, the mindset profile being generated using a combination of the user behavior profile and the state; performing a security analysis operation via a security analytics system, the security analysis operation analyzing the event using the state of the entity, the mindset profile and the user behavior profile, the analyzing determining whether the electronically-observable user behavior about the particular entity does not correspond to known good behavior, the security analysis operation determining that the particular entity represents a security threat to an organization associated with the security analytics system when the electronically-observable user behavior about the particular entity does not correspond to known good behavior; and
,performing an enforcement operation when the electronically-observable user behavior about the particular entity does not correspond to known good behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code for generating a user behavior profile, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for; monitoring electronically-observable user behavior about a particular entity; maintaining a state about the particular entity, the state representing a context of a particular event; converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior; generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior, the user behavior profile comprising a collection of information that describes the particular entity, the collection of information comprising at least one of a user profile attribute, a user behavior factor and a user mindset factor; generating a mindset profile for the particular entity, the mindset profile representing aspects of the particular entity that are inferred based upon the electronically-observable user behavior, the mindset profile being generated using a combination of the user behavior profile and the state; performing a security analysis operation via a security analytics system, the security analysis operation analyzing the event using the state of the entity, the mindset profile and the user behavior profile, the analyzing determining whether the electronically-observable user behavior about the particular entity does not correspond to known good behavior, the security analysis operation determining that the particular entity represents a security threat to an organization associated with the security analytics system when the electronically-observable user behavior about the particular entity does not correspond to known good behavior; and
,performing an enforcement operation when the electronically-observable user behavior about the particular entity does not correspond to known good behavior. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification