Fingerprinting entities based on activity in an information technology environment
US10237294B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 30, 2017 |
| Grant date | Mar 19, 2019 |
| Priority date | — |
| Expiry date | Sep 7, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/622
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate a entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.