Systems and methods for insult rate testing and reconfiguring an automated decisioning workflow computer for improving a machine learning-based digital fraud and digital abuse mitigation platform
US-2021224826-A1 · Jul 22, 2021 · US
Systems and methods for intelligent cyber security threat detection and intelligent verification-informed handling of cyber security events through automated verification workflows
US11809554B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11809554-B2 |
| Application number | US-202218074186-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 2, 2022 |
| Priority date | Mar 11, 2021 |
| Publication date | Nov 7, 2023 |
| Grant date | Nov 7, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for automated verification of a cybersecurity event includes identifying a cybersecurity event of a subscriber; automatically constructing a response-enabled verification communication based on one or more features of the cybersecurity event satisfying verification-initiating criteria of an automated verification-initiation workflow, and transmitting the response-enabled verification communication to the subscriber associated with the cybersecurity event, wherein the response-enabled verification communication includes: one or more pieces of event-descriptive content; a first selectable interface object that, when selected by the subscriber, automatically increases a threat severity level of the cybersecurity event; and a second selectable interface object that, when selected by the subscriber, automatically de-escalates the threat severity level of the cybersecurity event causing a disposal of the cybersecurity event; and automatically routing the cybersecurity event to one of a cybersecurity threat escalation route and a cybersecurity threat de-escalation route based on subscriber input.
First claim
Opening claim text (preview).
We claim: 1. A method for verification-informed handling of cybersecurity activity, the method comprising: at a cybersecurity event detection and response service: attributing, by one or more computers, a service-computed threat severity level to a target cybersecurity event; constructing, by the one or more computers, a cybersecurity threat verification communication based at least on the service-computed threat severity level, wherein the cybersecurity threat verification communication includes: (a) one or more pieces of threat-informative content based on data associated with the target cybersecurity event; (b) a first selectable interface object that, when selected, provides an indication that the target cybersecurity event relates to a cybersecurity incident; and (c) a second selectable interface object that, when selected, provides an indication that the target cybersecurity event relates to a valid cybersecurity event; selectively identifying a communication transmission destination for the cybersecurity threat verification communication from a plurality of distinct communication transmission destinations based on a subscriber-defined cybersecurity policy and the threat severity level, wherein the subscriber-defined cybersecurity policy defines a distinct communication transmission destination of the plurality of distinct transmission destinations for each of distinct threat severity level of a plurality of distinct service-computed threat severity levels; transmitting, by the one or more computers, the cybersecurity threat verification communication based on the construction of the cybersecurity threat verification communication and the identification of the communication transmission destination; updating, by the one or more computers, a threat severity level of the target cybersecurity event based on identifying an input selecting the first selectable interface object or the second selectable interface object of the cybersecurity threat verification communication; and routing the target cybersecurity event to one of: a cybersecurity threat escalation route of the cybersecurity event detection and response service based on identifying the input selecting the first selectable interface object, the cybersecurity threat escalation route comprising a cybersecurity incident queue; and a cybersecurity threat de-escalation route of the cybersecurity event detection and response service based on identifying the input selecting the second selectable interface object, the cybersecurity threat de-escalation route comprising a cybersecurity event disposal queue. 2. The method according to claim 1 , further comprising: based on a time span between the transmitting of the cybersecurity threat verification communication and the identifying the input exceeding a temporal threshold: executing an automated cybersecurity investigation workflow that derives cybersecurity threat intelligence data associated with the target cybersecurity event based on a probable cybersecurity threat type of the target cybersecurity event. 3. The method according to claim 1 , wherein: the transmitting the cybersecurity threat verification communication includes: electronically transmitting the cybersecurity threat verification communication to a digital verification queue of the cybersecurity event detection and response service; and displaying, via a web-based user interface of the cybersecurity event detection and response service, the cybersecurity threat verification communication. 4. The method according to claim 3 , further comprising: while displaying the cybersecurity threat verification communication: obtaining the input selecting the first selectable interface object of the cybersecurity threat verification communication. 5. The method according to claim 1 , wherein: the transmitting the cybersecurity threat verification communication includes: transmitting the cybersecurity threat verification communication via a bi-directional third-party messaging channel; and at the bi-directional third-party messaging channel identifying the input selecting the first selectable interface object or the second selectable interface object. 6. The method according to claim 1 , wherein the constructing the cybersecurity threat verification communication is further based on receiving a verification-triggering input selecting a user interface element displayed on a graphical user interface of the cybersecurity event detection and response service, wherein the user interface element, when selected, causes an execution of an automated verification workflow that automatically constructs the cybersecurity threat verification communication. 7. The method according to claim 1 , wherein: the cybersecurity threat verification communication further includes a text box data field that is configured to receive, as input, one or more text strings of cybersecurity event handling instructions from a subscriber associated with the target cybersecurity event. 8. The method according to claim 7 , further comprising: implementing, based on receiving the one or more text strings of cybersecurity event handling instructions, one or more programmable security heuristics that tunes an event detection and response mode of the cybersecurity event detection and response service for future inbound cybersecurity events of the subscriber. 9. The method according to claim 1 , further comprising: mitigating, via executing one or more cybersecurity threat mitigation actions, a cybersecurity threat associated with the target cybersecurity event based on identifying the input directed to the first selectable interface object of the cybersecurity threat verification communication. 10. A method for verification-informed handling of cybersecurity activity, the method comprising: associating a service-computed threat severity level to a target cybersecurity event; configuring a cybersecurity threat verification communication at a cybersecurity event detection and response service based on the target cybersecurity event, wherein the cybersecurity threat verification communication includes: (a) a first selectable interface object that, when selected, provides an indication to the cybersecurity event detection and response service that the target cybersecurity event relates to a cybersecurity incident; and (b) a second selectable interface object that, when selected, provides an indication to the cybersecurity event detection and response service that the target cybersecurity event relates to a valid cybersecurity event; selectively identifying a communication transmission destination for the cybersecurity threat verification communication from a plurality of distinct communication transmission destinations based on a subscriber-defined cybersecurity policy and the threat severity level; transmitting the cybersecurity threat verification communication to a subscriber based on the construction of the cybersecurity threat verification communication and the identification of the communication transmission destination; and routing the target cybersecurity event to one of (1) a cybersecurity threat escalation route of the cybersecurity event detection and response service the cybersecurity threat escalation route comprising a cybersecurity incident queue of the cybersecurity event detection and response service, and (2) a cybersecurity threat de-escalation route of the cybersecurity event detection and response service the cybersecurity threat de-escalation route comprising a cybersecurity event disposal queue of the cybersecurity event detection and response service, based on receiving a subscriber response to the cybersecurity threat verification com
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
Test or assess a computer or a system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11809554B2 cover?
- A system and method for automated verification of a cybersecurity event includes identifying a cybersecurity event of a subscriber; automatically constructing a response-enabled verification communication based on one or more features of the cybersecurity event satisfying verification-initiating criteria of an automated verification-initiation workflow, and transmitting the response-enabled ver…
- Who is the assignee on this patent?
- Expel Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).