Gracefully Handling Endpoint Feedback When Starting to Monitor
First Claim
1. A computer-implementable method for adaptively assessing risk associated with an endpoint, comprising:
- determining a risk level corresponding to an entity associated with an endpoint;
selecting a frequency and a duration of an endpoint monitoring interval;
collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint;
processing the user behavior to generate a current risk score for the entity;
comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and
changing the risk score of the user to the current risk score when the risk score of the user has changed.
7 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer-usable medium for adaptively assessing risk associated with an endpoint, comprising: determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior to collect user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed.
-
Citations
20 Claims
-
1. A computer-implementable method for adaptively assessing risk associated with an endpoint, comprising:
-
determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for; determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
-
determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification