Threat mitigation system and method

What is claimed is: 1 . A computer-implemented method, executed on a computing device, comprising: receiving a plurality of detection events concerning a plurality of security events occurring on multiple security-relevant subsystems within one or more computing platforms; normalizing the plurality of detection events into a common ontology, including translating a syntax of each of the plurality of detection events into a common syntax; processing the plurality of detection events to make them compatible with a graph database, thus defining processed detection events; storing the processed detection events within a graph content repository; defining a probabilistic model to assign a threat level to one or more of the plurality of security events; processing the graph content repository using a machine learning model to identify attack patterns defined within the processed detection events stored within the graph content repository, thus defining one or more identified attack patterns; defining a universal detection rule in a common language based on the one or more identified attack patterns; translating the universal detection rule into a plurality of technology-specific rules executable on a plurality of discrete pieces of customer technology; analyzing the one or more identified attack patterns to identify a plurality of steps associated with at least one of the one or more identified attack patterns; identifying current platform activity within the one or more computing platforms including a portion of the plurality of steps associated with the at least one of the one or more identified attack patterns; initiating an investigation the of current activity within the one or more computing platforms; and grouping the current activity with one or more prior detection events to define a security incident based upon, at least in part, common artifacts associated with the current activity and with the one or more prior detection events. 2 . The computer-implemented method of claim 1 wherein the plurality of security events includes one or more of: Denial of Service (DOS) events; Distributed Denial of Service DDOS events; Man-in-the-Middle (MitM) events; phishing events; Password Attack events; SQL Injection events; Cross-Site Scripting (XSS) events; Insider Threat events; spamming events; malware events; web attacks; and exploitation events. 3 . The computer-implemented method of claim 1 wherein the security-relevant subsystems include one or more of: CDN (i.e., Content Delivery Network) systems; DAM (i.e., Database Activity Monitoring) systems; UBA (i.e., User Behavior Analytics) systems; MDM (i.e., Mobile Device Management) systems; IAM (i.e., Identity and Access Management) systems; DNS (i.e., Domain Name Server) systems; Antivirus systems; operating systems; data lakes; data logs; security-relevant software applications; security-relevant hardware systems; and resources external to the computing platform. 4 . The computer-implemented method of claim 1 wherein processing the plurality of detection events to make them compatible with a graph database, thus defining processed detection events include identifying nodes and edges within the plurality of detection events to make them compatible with the graph database. 5 . The computer-implemented method of claim 1 wherein the one or more computing platforms includes: a first computing platform of a first client; and at least a second computer platform of at least a second client. 6 . The computer-implemented method of claim 1 further comprising: soliciting human feedback concerning the one or more identified attack patterns; and utilizing the human feedback to train the machine learning model. 7 . The computer-implemented method of claim 1 further comprising: defining a new detection rule based, at least in part, upon the one or more identified attack patterns. 8 . The computer-implemented method of claim 1 further comprising: modifying an existing detection rule based, at least in part, upon the one or more identified attack patterns. 9 . A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising: receiving a plurality of detection events concerning a plurality of security events occurring on multiple security-relevant subsystems within one or more computing platforms; normalizing the plurality of detection events into a common ontology, including translating a syntax of each of the plurality of detection events into a common syntax; processing the plurality of detection events to make them compatible with a graph database, thus defining processed detection events; storing the processed detection events within a graph content repository; defining a probabilistic model to assign a threat level to one or more of the plurality of security events; processing the graph content repository using a machine learning model to identify attack patterns defined within the processed detection events stored within the graph content repository, thus defining one or more identified attack patterns; defining a universal detection rule in a common language based on the one or more identified attack patterns; translating the universal detection rule into a plurality of technology-specific rules executable on a plurality of discrete pieces of customer technology; analyzing the one or more identified attack patterns to identify a plurality of steps associated with at least one of the one or more identified attack patterns; identifying current platform activity within the one or more computing platforms including a portion of the plurality of steps associated with the at least one of the one or more identified attack patterns; initiating an investigation the of current activity within the one or more computing platforms; and grouping the current activity with one or more prior detection events to define a security incident based upon, at least in part, common artifacts associated with the current activity and with the one or more prior detection events. 10 . The computer program product of claim 9 wherein the plurality of security events includes one or more of: Denial of Service (DOS) events; Distributed Denial of Service DDOS events; Man-in-the-Middle (MitM) events; phishing events; Password Attack events; SQL Injection events; Cross-Site Scripting (XSS) events; Insider Threat events; spamming events; malware events; web attacks; and exploitation events. 11 . The computer program product of claim 9 wherein the security-relevant subsystems include one or more of: CDN (i.e., Content Delivery Network) systems; DAM (i.e., Database Activity Monitoring) systems; UBA (i.e., User Behavior Analytics) systems; MDM (i.e., Mobile Device Management) systems; IAM (i.e., Identity and Access Management) systems; DNS (i.e., Domain Name Server) systems; Antivirus systems; operating systems; data lakes; data logs; security-relevant software applications; security-relevant hardware systems; and resources external to the computing platform. 12 . The computer program product of claim 9 wherein processing the plurality of detection events to make them compatible with a graph database, thus defining processed detection events include identifying nodes and edges within the plurality of detection events to make them compatible with the graph database. 13 . The computer program product of claim 9 wherein the one or more