Methods of preserving and protecting user data from modification or loss due to malware
US-10303877-B2 · May 28, 2019 · US
Automated identification of security issues
US11418543B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11418543-B2 |
| Application number | US-201916431821-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 5, 2019 |
| Priority date | Jun 5, 2019 |
| Publication date | Aug 16, 2022 |
| Grant date | Aug 16, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various approaches for automating the detection and identification of security issues. A plurality of signals received from a plurality of security devices are analyzed to identify a predicted security incident, each of the plurality of signals indicating a potential security issue. A confidence score is then calculated for the predicted security incident. At least one compliance policy is then evaluated to determine whether to perform a remedial action specified in the compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score. Finally, the remedial action is performed in response to an evaluation of the at least one compliance policy.
First claim
Opening claim text (preview).
Therefor, we claim: 1. A system, comprising: a computing device comprising a processor device and a memory; and machine-readable instructions stored in the memory that, when executed by the processor device, cause the computing device to at least: analyze a plurality of signals received from a plurality of security devices to identify a predicted network security incident associated with a network based on a machine learning model identifying a pattern among the plurality of signals that corresponds to a previous network security incident, each of the plurality of signals indicating a potential network security issue, the plurality of security devices generating the plurality of signals based on monitoring network traffic on the network; calculate a confidence score for the predicted network security incident, the confidence score representing an accuracy of a precision of the predicted network security incident; evaluate at lease one compliance policy to determine whether to perform a remedial action specified in the at least one compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score exceeding a confidence threshold specified by the at least one compliance policy; and direct the plurality of security devices to perform the remedial action in response to an evaluation of the at least one compliance policy. 2. The system of claim 1 , wherein the machine-readable instructions that cause the computing device to direct the plurality of security devices to perform the remedial action further cause the computing device to at least send a message to a client device associated with an administrative user, the message comprising a summary of the predicted network security incident, the confidence score, and the remedial action. 3. The system of claim 2 , wherein the machine-readable instructions that cause the computing device to direct the plurality of security devices to perform the remedial action further cause the computing device to at least direct the plurality of security devices to perform the remedial action in response to a reply received from the client device associated with the administrative user. 4. The system of claim 2 , wherein the machine-readable instructions that cause the computing device to direct the plurality of security devices to perform the remedial action further cause the computing device to at least direct the plurality of security devices to perform the remedial action in response to a failure to receive a reply from the client device associated with the administrative user within a predefined period of time. 5. The system of claim 1 , wherein the machine-readable instructions that analyze the plurality of signals to identify the predicted network security incident implement a Bayesian network to identify the predicted network security incident. 6. The system of claim 1 , wherein the remedial action specified in the at least one compliance policy indicates that at least one client device is to be blocked from accessing the network. 7. The system of claim 1 , wherein the plurality of signals are stored in a data store accessible to the computing device. 8. A method, comprising: analyzing a plurality of signals received from a plurality of security devices to identify a predicted network security incident associated with a network based on a machine learning model identifying a pattern among the plurality of signals that corresponds to a previous network security incident, each of the plurality of signals indicating a potential network security issue, the plurality of security devices generating the plurality of signals based on monitoring network traffic on the network; calculating a confidence score for the predicted network security incident, the confidence score represented an accuracy of a prediction of the predicted network security incident; evaluating at lease one compliance policy to determine whether to perform a remedial action specified in the at least one compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score exceeding a confidence threshold specified by the at least one compliance policy; and directing the plurality of security devices to perform the remedial action in response to an evaluation of the at least one compliance policy. 9. The method of claim 8 , wherein directing the plurality of security devices to perform the remedial action further comprises sending a message to a client device associated with an administrative user, the message comprising a summary of the predicted network security incident, the confidence score, and the remedial action. 10. The method of claim 9 , wherein directing the plurality of security devices to perform the remedial action occurs in response to a reply received from the client device associated with the administrative user. 11. The method of claim 9 , wherein directing the plurality of security devices to perform the remedial action occurs in response to a failure to receive a reply from the client device associated with the administrative user within a predefined period of time. 12. The method of claim 8 , wherein the predicted network security incident is identified using a Bayesian network. 13. The method of claim 8 , wherein the remedial action specified in the at least one compliance policy indicates that at least one client device is to be blocked from accessing the network. 14. The method of claim 8 , wherein the plurality of signals are stored in a data store. 15. A non-transitory, computer-readable medium comprising machine-readable instructions that, when executed by a processor device, cause a computing device to at least: analyze a plurality of signals received from a plurality of security devices to identify a predicted network security incident associated with a network based on a machine learning model identifying a pattern among the plurality of signals that corresponds to a previous network security incident, each of the plurality of signals indicating a potential network security issue, the plurality of security devices generating the plurality of signals based on monitoring network traffic on the network; calculate a confidence score for the predicted network security incident, the confidence score represented an accuracy of a prediction of the predicted network security incident; evaluate at lease one compliance policy to determine whether to perform a remedial action specified in the at least one compliance policy, wherein a determination to perform the remedial action is based at least in part on the confidence score exceeding a confidence threshold specified by the at least one compliance policy; and direct the plurality of security devices to perform the remedial action in response to an evaluation of the at least one compliance policy. 16. The non-transitory, computer-readable medium of claim 15 , wherein the machine-readable instructions that cause the computing device to direct the plurality of security devices to perform the remedial action further cause the computing device to at least send a message to a client device associated with an administrative user, the message comprising a summary of the predicted network security incident, the confidence score, and the remedial action. 17. The non-transitory, computer-readable medium of claim 16 , wherein the machine-readable instructions that cause the computing device to direct the plurality of security devices to perform the remedial action further cause the computing device to at least di
Assignees
Inventors
Classifications
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Supervised learning · CPC title
for controlling access to devices or network resources · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
Learning methods · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11418543B2 cover?
- Disclosed are various approaches for automating the detection and identification of security issues. A plurality of signals received from a plurality of security devices are analyzed to identify a predicted security incident, each of the plurality of signals indicating a potential security issue. A confidence score is then calculated for the predicted security incident. At least one compliance …
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 16 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).