IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0041121
(2011-03-04)
|
등록번호 |
US-8607353
(2013-12-10)
|
발명자
/ 주소 |
- Rippert, Jr., Donald J.
- Negm, Walid
- Chahal, Taminder S.
- Checco, Christopher P.
|
출원인 / 주소 |
- Accenture Global Services GmbH
|
대리인 / 주소 |
Finnegan, Henderson, Farabow, Garrett Dunner, LLP
|
인용정보 |
피인용 횟수 :
16 인용 특허 :
24 |
초록
▼
Systems, methods, and computer program products are provided for performing threat assessments. In one exemplary embodiment, the method may include generating one or more patterns of behavior corresponding to a security breach at a first company, and storing the generated one or more patterns in a p
Systems, methods, and computer program products are provided for performing threat assessments. In one exemplary embodiment, the method may include generating one or more patterns of behavior corresponding to a security breach at a first company, and storing the generated one or more patterns in a pattern repository. In addition, the method may include comparing at least one of the one or more patterns with one or more standardized log files for the first company to identify one or more first log entries related to the behavior corresponding to the security breach. The method may also include processing at least one pattern of the one or more patterns with one or more standardized log files for a second company to identify log entries of the second company that indicate a possible security breach at the second company.
대표청구항
▼
1. A computer-implemented method, performed by at least one processor, for performing threat assessments, comprising: identifying, by the at least one processor, a first security breach at a first company;determining, by the at least one processor, after identifying the first security breach, one or
1. A computer-implemented method, performed by at least one processor, for performing threat assessments, comprising: identifying, by the at least one processor, a first security breach at a first company;determining, by the at least one processor, after identifying the first security breach, one or more first actions associated with the first security breach, the one or more first actions including actions taken following the first security breach and actions taken prior to the first security breach;identifying, by the at least one processor, a first possible security breach at the first company;determining, by the at least one processor, contemporaneously with the identification of the first possible security breach, one or more second actions associated with the first possible security breach;generating, by the at least one processor, one or more patterns of behavior associated with the first company and corresponding to the one or more first actions and the one or more second actions;storing, by the at least one processor, the one or more patterns of behavior in a pattern repository;comparing, by the at least one processor, at least one of the one or more patterns with one or more standardized log files for the first company to identify one or more first log entries related to the at least one of the one or more patterns of behavior and corresponding to the one or more first actions and the one or more second actions, the one or more first log entries being identified based on a threshold of similarity between the at least one of the one or more patterns of behavior and the one or more standardized log files for the first company;notifying, by the at least one processor and based on the one or more identified first log entries, the first company of the first possible security breach at the first company;performing, by the at least one processor and the first company and based on the notification, preventative action relating to the first possible security breach;receiving, by the at least one processor, feedback from the first company, the feedback including a measure of success relating to the at least one of the one or more patterns of behavior and the one or more identified first log entries;updating, by the at least one processor and based on the received feedback, the at least one of the one or more identified patterns of behavior;comparing, by the at least one processor, at least one of the updated patterns of behavior with one or more standardized log files for a second company to identify log entries of the second company relating to a second possible security breach at the second company; andnotifying, by the at least one processor and based on the one or more identified first log entries of the second company, the second company of a second possible security breach at the second company. 2. The computer-implemented method of claim 1, further including: notifying, when one or more log entries of the first company are identified, the first company of the results of the comparing of the at least one of the updated patterns of behavior with the one or more standardized log files for the second company. 3. The computer-implemented method of claim 1, further including: notifying, when one or more log entries of the second company are identified, the second company of the results of the comparing of the at least one of the updated patterns of behavior with the one or more standardized log files for the second company. 4. The computer-implemented method of claim 1, further including: processing, for the first company, log files of disparate devices of the first company to generate a standardized log file; andcombining the log files to generate a unified log file for the first company. 5. The computer-implemented method of claim 1, further including: processing, for the second company, log files from disparate device of the second company to generate company standardized log files; andcombining, for each of the one or more second companies, the company standardized log files to generate a company unified log file. 6. The computer-implemented method of claim 1, wherein generating the one or more patterns includes: identifying one or more actions or series of actions corresponding to the security breach, wherein the actions include at least one of downloading data, storing data, logging onto a computer network, entering a secured location, and using a device associated with the first company. 7. The computer-implemented method of claim 1, further including: collecting patterns of behavior from one or more third party sources; andstoring the collected patterns of behavior in the pattern repository. 8. A non-transitory computer-readable medium storing a computer-executable program which, when executed by at least one processor, performs a method for performing threat assessments, comprising: identifying, by the at least one processor, a first security breach at a first company;determining, by the at least one processor, after identifying the first security breach, one or more first actions associated with the first security breach, the one or more first actions including actions taken following the first security breach and actions taken prior to the first security breach;identifying, by the at least one processor, a first possible security breach at the first company;determining, by the at least one processor, contemporaneously with the identification of the first possible security breach, one or more second actions associated with the first possible security breach;generating, by the at least one processor, one or more patterns of behavior associated with the first company and corresponding to the one or more first actions and the one or more second actions;storing, by the at least one processor, the one or more patterns of behavior in a pattern repository;comparing, by the at least one processor, at least one of the one or more patterns with one or more standardized log files for the first company to identify one or more first log entries related to the at least one of the one or more patterns of behavior and corresponding to the one or more first actions and the one or more second actions, the one or more first log entries being identified based on a threshold of similarity between the at least one of the one or more patterns of behavior and the one or more standardized log files for the first company;notifying, by the at least one processor and based on the one or more identified first log entries, the first company of the first possible security breach at the first company;performing, by the at least one processor and the first company and based on the notification, preventative action relating to the first possible security breach;receiving, by the at least one processor, feedback from the first company, the feedback including a measure of success relating to the at least one of the one or more patterns of behavior and the one or more identified first log entries;updating, by the at least one processor and based on the received feedback, the at least one of the one or more identified patterns of behavior;comparing, by the at least one processor, at least one of the updated patterns of behavior with one or more standardized log files for a second company to identify log entries of the second company relating to a second possible security breach at the second company; andnotifying, by the at least one processor and based on the one or more identified first log entries of the second company, the second company of a second possible security breach at the second company. 9. The non-transitory computer-readable medium of claim 8, further including: notifying, when one or more log entries of the first company are identified, the first company of the results of the comparing of the at least one of the updated patterns of behavior with the one or more standardized log files for the second company. 10. The non-transitory computer-readable medium of claim 8, further including: notifying, when one or more log entries of the second company are identified, the second company of the results of the comparing of the at least one of the updated patterns of behavior with the one or more standardized log files for the second company. 11. The non-transitory computer-readable recording medium of claim 8, further including: processing, for the first company, log files of disparate devices of the first company to generate a standardized log file; andcombining the log files to generate a unified log file for the first company. 12. The non-transitory computer-readable recording medium of claim 8, further including: processing, for each of the one or more second companies, company log files to generate company standardized log files; andcombining, for each of the one or more second companies, the company standardized log files to generate a company unified log file. 13. The non-transitory computer-readable recording medium of claim 8, wherein generating the one or more patterns includes: identifying one or more actions or series of actions corresponding to the security breach, wherein the actions include at least one of downloading data, storing data, logging onto a computer network, entering a secured location, and using a device associated with the first company. 14. The non-transitory computer-readable recording medium of claim 8, further including: collecting patterns of behavior from one or more third party sources; andstoring the collected patterns of behavior in the pattern repository. 15. A system for identifying patterns of actions for performing threat assessments, the system comprising: at least one memory to store data and instructions; andat least one processor configured to access the at least one memory and, when executing the instructions to:identify, by the at least one processor, a first security breach at a first company;determine, by the at least one processor, after identifying the first security breach, one or more first actions associated with the first security breach, the one or more first actions including actions taken following the first security breach and actions taken prior to the first security breach;identify, by the at least one processor, a first possible security breach at a first company;determine, by the at least one processor, contemporaneously with the identification of the first possible security breach, one or more second actions associated with the first possible security breach;generate, by the at least one processor, one or more patterns of behavior associated with the first company and corresponding to the one or more first actions and the one or more second actions;store, by the at least one processor, the one or more patterns of behavior in a pattern repository;compare, by the at least one processor, at least one of the one or more patterns with one or more standardized log files for the first company to identify one or more first log entries related to the at least one of the one or more patterns of behavior and corresponding to the one or more first actions and the one or more second actions, the one or more first log entries being identified based on a threshold of similarity between the at least one of the one or more patterns and the one or more standardized log files for the first company;notify, by the at least one processor and based on the one or more identified first log entries, the first company of the first possible security breach at the first company;perform, by the at least one processor and the first company and based on the notification, preventative action relating to the first possible security breach;receive, by the at least one processor, feedback from the first company, the feedback including a measure of success relating to the at least one of the one or more patterns of behavior and the one or more identified first log entries;update, by the at least one processor and based on the received feedback, the at least one of the one or more identified patterns of behavior;compare, by the at least one processor, at least one of the updated patterns with one or more standardized log files for a second company to identify log entries of the second company relating to a second possible security breach at the second company; andnotify, by the at least one processor and based on the one or more identified first log entries of the second company, the second company of a second possible security breach at the second company. 16. The system of claim 15, wherein the at least one processor is further configured to: notify, when one or more log entries of the first company are identified, the first company of the results of the comparing of the at least one of the updated patterns of behavior with the one or more standardized log files for the second company. 17. The system of claim 15, wherein the at least one processor is further configured to: notify, when one or more log entries of the second company are identified, the second company of the results of the comparing of the at least one of the updated patterns of behavior with the one or more standardized log files for the second company. 18. The system of claim 15, wherein the at least one processor is further configured to: process, for the first company, log files of disparate devices of the first company to generate a standardized log file; andcombine the log files to generate a unified log file for the first company. 19. The system of claim 15, wherein the at least one processor is further configured to: process, for each of the one or more second companies, company log files to generate company standardized log files; andcombine, for each of the one or more second companies, the company standardized log files to generate a company unified log file. 20. The system of claim 15, wherein when the at least one processor is configured to generate the one or more patterns, the at least one processor is further configured to: identify one or more actions or series of actions corresponding to the security breach, wherein the actions include at least one of downloading data, storing data, logging onto a computer network, entering a secured location, and using a device associated with the first company. 21. The system of claim 15, wherein the at least one processor is further configured to: collect patterns of behavior from one or more third party sources; andstore the collected patterns of behavior in the pattern repository.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.