Behavior analytics system for determining the cybersecurity risk associated with first-time, user-to-entity access alerts

Assignee

• Exabeam, Inc. · US

Inventors

• Derek Lin · San Mateo, US
• Baoming Tang · San Mateo, US
• Qiaona Hu · Emerald Hills, US
• Barry Steiman · San Ramon, US
• Domingo Mihovilovic · Menlo Park, US
• Sylvain Gil · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The present disclosure describes a system, method, and computer program for determining the cybersecurity risk associated with a first-time access event in a computer network. In response to receiving an alert that a user has accessed a network entity for the first time, a user behavior analytics system uses a factorization machine to determine the affinity between the accessing user and the accessed entity. The affinity measure is based on the accessing user's historical access patterns in the network, as wells as context data for both the accessing user and the accessed entity. The affinity score for an access event may be used to filter first-time access alerts or weight first-time access alerts in performing a risk assessment of the accessing user's network activity. The result is that many false-positive first-time access alerts are suppressed and not factored (or not factored heavily) into cybersecurity risk assessments.