Systems and methods for improving the ranking and prioritization of attack-related events
US10749890B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 19, 2018 |
| Grant date | Aug 18, 2020 |
| Priority date | — |
| Expiry date | Nov 18, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N5/02
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.