Security risk aggregation, analysis, and adaptive control
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/14
H04L-029/06
출원번호
US-0629062
(2015-02-23)
등록번호
US-9166999
(2015-10-20)
발명자
/ 주소
Kulkarni, Rajandra Laxman
Peddada, Chalam
출원인 / 주소
FMR LLC
대리인 / 주소
Proskauer Rose LLP
인용정보
피인용 횟수 :
12인용 특허 :
3
초록▼
Methods and apparatuses, including computer program products, are described for transaction-based security risk aggregation and analysis. A server computing device receives security risk data elements from a plurality of data sources, the data elements corresponding to a transaction submitted by a r
Methods and apparatuses, including computer program products, are described for transaction-based security risk aggregation and analysis. A server computing device receives security risk data elements from a plurality of data sources, the data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution. The server computing device aggregates the security risk data elements into a weighted risk matrix. The server computing device generates a risk score for the submitted transaction based upon the weighted risk matrix. The server computing device determines an internal environment risk factor and an external environment risk factor based upon environmental risk data received from the plurality of data sources. The server computing device adjusts the risk score for the submitted transaction based upon the internal environment risk factor and the external environment risk factor, and determines a disposition for the transaction based upon the adjusted risk score.
대표청구항▼
1. A computerized method for transaction-based security risk aggregation and analysis, the method comprising: receiving, by a server computing device, security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote co
1. A computerized method for transaction-based security risk aggregation and analysis, the method comprising: receiving, by a server computing device, security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution;aggregating, by the server computing device, the security risk data elements into a weighted risk matrix;generating, by the server computing device, a risk score for the submitted transaction based upon the weighted risk matrix;determining, by the server computing device, an internal environment risk factor comprising analyzing a first set of other transactions submitted within a first enterprise computing system in which the server computing device is located to determine whether the first set of other transactions comprise one or more of abnormal communications from or to computing devices in the enterprise computing system or execution of unauthorized software within the first enterprise computing system;determining, by the server computing device, an external environment risk factor comprising analyzing a second set of other transactions submitted from a second enterprise computing system that is external to the first enterprise computing system to determine whether the second set of other transactions comprise one or more of cyber attacks against the second enterprise computing system, fraudulent transactions submitted to the second enterprise computing system, or data breaches experienced by the second enterprise computing system;adjusting, by the server computing device, the risk score for the submitted transaction based upon the internal environment risk factor and the external environment risk factor;determining, by the server computing device, a disposition for the transaction based upon the adjusted risk score;storing, by the server computing device, the security risk data elements, the internal environment factor, the external environment factor, and the adjusted risk score in a database; andusing, by the server computing device, the stored security risk data elements, the internal environment factor, the external environment factor, and the adjusted risk score to determine a disposition for a future transaction. 2. The method of claim 1, wherein the disposition for the transaction includes transferring the transaction to a secondary authentication system. 3. The method of claim 2, wherein the secondary authentication system requests authentication credentials from the remote computing device that submitted the transaction. 4. The method of claim 1, wherein the disposition for the transaction includes holding the transaction in a queue and transmitting a notification to another computing device requesting authorization for the transaction. 5. The method of claim 1, further comprising comparing, by the server computing device, the adjusted risk score against a predefined risk threshold; anddetermining, by the server computing device, a disposition for the transaction based upon the comparison. 6. The method of claim 5, further comprising analyzing, by the server computing device, historical risk data associated with the transaction if the adjusted risk score exceeds the predefined risk threshold; andadjusting, by the server computing device, the predefined risk threshold based upon the historical risk data so that the adjusted risk score falls below the predefined risk threshold. 7. The method of claim 5, further comprising requesting, by the server computing device, authorization to override the predefined risk threshold from another computing device; andadjusting, by the server computing device, the predefined risk threshold based upon the requested authorization so that the adjusted risk score falls below the predefined risk threshold. 8. A system for transaction-based security risk aggregation and analysis, the system comprising a server computing device configured to: receive security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution;aggregate the security risk data elements into a weighted risk matrix;generate a risk score for the submitted transaction based upon the weighted risk matrix;determine an internal environment risk factor comprising analyzing a first set of other transactions submitted within a first enterprise computing system in which the server computing device is located to determine whether the first set of other transactions comprise one or more of abnormal communications from or to computing devices in the enterprise computing system or execution of unauthorized software within the first enterprise computing system;determine an external environment risk factor comprising analyzing a second set of other transactions submitted from a second enterprise computing system that is external to the first enterprise computing system to determine whether the second set of other transactions comprise one or more of cyber attacks against the second enterprise computing system, fraudulent transactions submitted to the second enterprise computing system, or data breaches experienced by the second enterprise computing system;adjust the risk score for the submitted transaction based upon the internal environment risk factor and the external environment risk factor;determine a disposition for the transaction based upon the adjusted risk score;store the security risk data elements, the internal environment factor, the external environment factor, and the adjusted risk score in a database; anduse the stored security risk data elements, the internal environment factor, the external environment factor, and the adjusted risk score to determine a disposition for a future transaction. 9. The system of claim 8, wherein the disposition for the transaction includes transferring the transaction to a secondary authentication system. 10. The system of claim 9, wherein the secondary authentication system requests authentication credentials from the remote computing device that submitted the transaction. 11. The system of claim 8, wherein the disposition for the transaction includes holding the transaction in a queue and transmitting a notification to another computing device requesting authorization for the transaction. 12. The system of claim 8, further comprising comparing, by the server computing device, the adjusted risk score against a predefined risk threshold; anddetermining, by the server computing device, a disposition for the transaction based upon the comparison. 13. The system of claim 12, further comprising analyzing, by the server computing device, historical risk data associated with the transaction if the adjusted risk score exceeds the predefined risk threshold; andadjusting, by the server computing device, the predefined risk threshold based upon the historical risk data so that the adjusted risk score falls below the predefined risk threshold. 14. The system of claim 12, further comprising requesting, by the server computing device, authorization to override the predefined risk threshold from another computing device; andadjusting, by the server computing device, the predefined risk threshold based upon the requested authorization so that the adjusted risk score falls below the predefined risk threshold. 15. A computer program product, tangibly embodied in a non-transitory computer readable storage device, for transaction-based security risk aggregation and analysis, the computer program product including instructions operable to cause a server computing device to: receive security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution;aggregate the security risk data elements into a weighted risk matrix;generate a risk score for the submitted transaction based upon the weighted risk matrix;determine an internal environment risk factor comprising analyzing a first set of other transactions submitted within a first enterprise computing system in which the server computing device is located to determine whether the first set of other transactions comprise one or more of abnormal communications from or to computing devices in the enterprise computing system or execution of unauthorized software within the first enterprise computing system;determine an external environment risk factor comprising analyzing a second set of other transactions submitted from a second enterprise computing system that is external to the first enterprise computing system to determine whether the second set of other transactions comprise one or more of cyber attacks against the second enterprise computing system, fraudulent transactions submitted to the second enterprise computing system, or data breaches experienced by the second enterprise computing system;adjust the risk score for the submitted transaction based upon the internal environment risk factor and the external environment risk factor;determine a disposition for the transaction based upon the adjusted risk score;store the security risk data elements, the internal environment factor, the external environment factor, and the adjusted risk score in a database; anduse the stored security risk data elements, the internal environment factor, the external environment factor, and the adjusted risk score to determine a disposition for a future transaction.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (3)
Peddada, Chalam; Kulkarni, Rajandra Laxman, Security risk aggregation and analysis.
Andres, Steven G.; Cole, David M.; Cummings, Thomas Gregory; Garcia, Roberto Ramon; Kenyon, Brian Michael; Kurtz, George R.; McClure, Stuart Cartier; Moore, Christopher William; O'Dea, Michael J.; Saruwatari, Ken D., System and method of managing network security risks.
Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
Doubleday, Jeffrey De Wayne; Ramos, Alberto; Sansbury, Darryl Alan; Spalding, Michael Werner Eagen; Younger, Steven, Detecting and analyzing operational risk in a network environment.
Talamanchi, Venkata Srinivasulu Reddy; Dietrich, Kenneth W.; Boice, Eric T.; Kowalczyk, Andrew W.; Gadhe, Ganesh P., Infrastructure monitoring tool for collecting industrial process control and automation system risk data.
Boice, Eric T.; Kaakani, Ziad M.; Carpenter, Seth G., Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications.
Seiver, Miles; Rosenblum, Charles, Systems for network risk assessment including processing of user access rights associated with a network of devices.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.