Patent · US Active

Dynamic rule risk score determination in a cybersecurity monitoring system

US10841338B1 · kind B1 · utility

12Cited by

28References

10Claims

0Family size

Assignee

Exabeam, Inc. · US

Inventors

Derek Lin · San Mateo, US
Barry Steiman · San Ramon, US
Domingo Mihovilovic · Menlo Park, US
Sylvain Gil · San Francisco, US

Key dates

Filing date	Apr 4, 2018
Grant date	Nov 17, 2020
Priority date	—
Expiry date	Dec 25, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1433
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The present disclosure relates to a cybersecurity-monitoring system, method, and computer program for dynamically determining a rule's risk score based on the network and user for which the rule triggered. The methods described herein addresses score inflation problems associated with the fact that rules have different false positive rates in different networks and for different users, even within the same network. In response to a rule triggering, the system dynamically adjusts the default risk points associated with the triggered rule based on a per-rule and per-user probability that the rule triggered due to malicious behavior. In certain embodiments, network context is also a factor in customizing the risk points for a triggered rule.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.