Managing application security vulnerabilities
US-2023004650-A1 · Jan 5, 2023 · US
Systems and methods for intelligently generating cybersecurity contextual intelligence and generating a cybersecurity intelligence interface
US11936672B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11936672-B2 |
| Application number | US-202318369936-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 19, 2023 |
| Priority date | Jan 11, 2022 |
| Publication date | Mar 19, 2024 |
| Grant date | Mar 19, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for adapting one or more cybersecurity microservices to accelerate cybersecurity threat mitigation includes constructing a subscriber-specific data corpus comprising a plurality of distinct pieces of computing environment-informative data of a target subscriber; adapting a subscriber-agnostic microservice of the cybersecurity service to a subscriber-specific microservice, wherein: the subscriber-agnostic microservice includes a plurality of subscriber-agnostic cybersecurity event handling instructions, and adapting the subscriber-agnostic microservice to the subscriber-specific microservice includes generating a plurality of context-informed cybersecurity event handling instructions; augmenting the subscriber-agnostic microservice to include the plurality of context-informed cybersecurity event handling instructions; computing for a target cybersecurity event a subscriber-specific threat severity level based on one or more of the plurality of context-informed cybersecurity event handling instructions; executing, by one or more computers, a threat mitigation action or threat disposal action based on the computing of the subscriber-specific threat severity level for the target cybersecurity event.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: obtaining, via one or more processors, a security event comprising a plurality of distinct pieces of event data; assessing, via the one or more processors, the security event against (a) one or more context-informed event handling instructions and (b) a corpus of computing environment-informative data of a subscriber associated with the security event; based on the assessing, attributing one of: (i) a context-informed threat severity to the security event using at least one of the one or more context-informed event handling instructions when at least one piece of event data of the plurality of distinct pieces of event data of the security event is equivalent to one piece of computing environment-informative data included within the corpus of computing environment-informative data, and (ii) a subscriber-agnostic threat severity to the security event when each piece of event data of the plurality of distinct pieces of event data of the security event is excluded from the corpus of computing environment-informative data; and routing, via the one or more processors, the security event to a security event escalation queue or a security event disposal queue based on the attributing of the context-informed threat severity or the subscriber-agnostic threat severity to the security event. 2. The method according to claim 1 , wherein: a subset of the corpus of computing environment-informative data includes one or more critical entities of the subscriber; the one or more context-informed event handling instructions includes an event escalation handling instruction that, when executed, causes an automatic escalation of a threat severity of a suspect security event that involves any one of the one or more critical entities of the subscriber; the method further comprising: identifying, via the one or more processors, that the at least one piece of event data of the plurality of distinct pieces of event data of the security event corresponds to one of the one or more critical entities of the subscriber based on the assessing; and generating the context-informed threat severity using the event escalation handling instruction. 3. The method according to claim 1 , wherein: a subset of the corpus of computing environment-informative data includes one or more non-critical entities of the subscriber; the one or more context-informed event handling instructions includes an event de-escalation handling instruction that, when executed, causes an automatic de-escalation of a threat severity of a suspect security event that involves any one of the one or more non-critical entities of the subscriber; the method further comprising: identifying, via the one or more processors, that the at least one piece of event data of the plurality of distinct pieces of event data of the security event corresponds to one of the one or more non-critical entities of the subscriber based on the assessing; and generating the context-informed threat severity using the event de-escalation handling instruction. 4. The method according to claim 1 , wherein: a subset of the corpus of computing environment-informative data includes one or more temporary user location adjustments associated with one or more entities of the subscriber; the one or more context-informed event handling instructions includes an ephemeral event handling instruction that, when executed, causes an automatic escalation or de-escalation of a threat severity of a suspect security event associated with the one or more entities; the method further comprising: identifying, via the one or more processors, that the at least one piece of event data of the plurality of distinct pieces of event data of the security event is associated with one of the one or more temporary user location adjustments of the one or more entities based on the assessing; and generating the context-informed threat severity using the ephemeral event handling instruction. 5. The method according to claim 1 , wherein: a subset of the corpus of computing environment-informative data includes one or more critical digital assets of the subscriber; the one or more context-informed event handling instructions includes an automated remediation instruction that, when executed, causes an automated remediation of a suspect cybersecurity event that involves any one of the one or more critical digital assets of the subscriber; the method further comprising: identifying, via the one or more processors, that the at least one piece of event data of the plurality of distinct pieces of event data of the security event corresponds to one of the one or more critical digital assets of the subscriber based on the assessing; and automatically remediating a likely threat associated with the security event using the automated remediation instruction. 6. The method according to claim 1 , wherein: a subset of the corpus of computing environment-informative data includes one or more non-critical computing assets of the subscriber; the one or more context-informed event handling instructions includes an event suppression instruction that, when executed, causes an automated suppression of a suspect cybersecurity event that involves any one of the one or more non-critical computing assets of the subscriber; the method further comprising: identifying, via the one or more processors, that the at least one piece of event data of the plurality of distinct pieces of event data of the security event corresponds to one of the one or more non-critical computing assets of the subscriber based on the assessing; and automatically suppressing the security event using the event suppression instruction. 7. A computer-implemented method comprising: obtaining, via one or more computers, a security event associated with a subscribing entity, wherein the security event includes a plurality of distinct pieces of event data; identifying, via the one or more computers, a corpus of computing environment-informative data that corresponds to the subscribing entity, wherein the corpus of computing environment-informative data includes a plurality of distinct pieces of computing environment-informative data associated with one or more computing environments of the subscribing entity; automatically assessing at least a subset of the plurality of distinct pieces of event data of the security event against (i) one or more context-informed event handling instructions and (ii) the corpus of computing environment-informative data; and automatically executing, based on the assessment, at least one of the one or more context-informed event handling instructions that causes an escalation or de-escalation of a degree of threat severity associated with the security event. 8. The computer-implemented method according to claim 7 , further comprising: constructing the corpus of computing environment-informative data during an enrollment of the subscribing entity, wherein the constructing includes: (a) obtaining the plurality of distinct pieces of computing environment-informative data via one or more graphical user interfaces; (b) associating a data context type to each distinct piece of computing environment-informative data obtained from the one or more graphical user interfaces; and (c) associating one or more subscriber-informed environment context attributes of a plurality of subscriber-informed environment context attributes to each distinct piece of computing environment-informative data obtained from the one or more graphical user interfaces. 9. The computer-implemented method according to claim 7 , further comprising: augmenting the corpus of computing environment-informative data to include an additional piece of com
Assignees
Inventors
Classifications
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
comprising specially adapted graphical user interfaces [GUI] · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Vulnerability analysis · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11936672B2 cover?
- A system and method for adapting one or more cybersecurity microservices to accelerate cybersecurity threat mitigation includes constructing a subscriber-specific data corpus comprising a plurality of distinct pieces of computing environment-informative data of a target subscriber; adapting a subscriber-agnostic microservice of the cybersecurity service to a subscriber-specific microservice, wh…
- Who is the assignee on this patent?
- Expel Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 19 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).