Insider threat correlation tool
First Claim
1. A computer-implemented method comprising:
- calculating, by a computing device having a processor, a threat score for a plurality of user accounts having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, comprising, for each user account determining, by the computing device, an overall threat score (foverall), where
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for calculating threat scores for individuals within an organization or domain are provided. Aspects of the invention relate to computer-implemented methods that form a predictive threat rating for user accounts. In one implementation, a first threat score representing a first time period may be calculated. The first threat score may be compared with aspects of the same user accounts for a second time period. Weighting schemes may be applied to certain activities, controls, and/or user accounts. Further aspects relate to apparatuses configured to execute methods for ranking individual user accounts. Certain embodiments may not block transmissions that violate predefine rules, however, indications of such improper transmission may be considered when constructing a threat rating. Blocked transmissions enforced upon a user account may also be received. Certain activity, such as accessing the internet, may be monitored for the presence of a security threat and/or an ethics threat.
109 Citations
18 Claims
-
1. A computer-implemented method comprising:
calculating, by a computing device having a processor, a threat score for a plurality of user accounts having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, comprising, for each user account determining, by the computing device, an overall threat score (foverall), where - View Dependent Claims (2, 3, 4, 5, 6)
-
7. One or more non-transitory computer-readable media comprising computer-executable instructions that, when executed by a processor, cause the processor to:
calculate a threat score for a plurality of user accounts having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, comprising, for each user account determining an overall threat score (foverall), where - View Dependent Claims (8, 9, 10, 11, 12)
-
13. An apparatus, comprising:
-
a processor; memory storing computer-readable instructions that, when executed, cause the apparatus to; calculate a threat score for a plurality of user accounts having access to a first network and at least a portion of the user accounts having access to a second network that comprises a centralized store of electronic data, comprising, for each user account determining an overall threat score (foverall), where - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification