Dynamic cybersecurity peer identification using groups

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Jonathan Moshe Monsonego · Tel Aviv-Yafo, IL
• Itay Argoeti · Petah Tikva, IL
• Amir Harar · Tel Aviv-Yafo, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Cybersecurity peer identification (CPI) technology obtains security group definitions from an identity directory, computes peerSimilarityScores that represent user similarity in terms of security permissions, and submits contextual cybersecurity peer data to cybersecurity peer-based functionality (CPBF). CPBF code may then perform behavior analytics, resource management, permissions management, or location management. Cyberattacks may then be disrupted or mitigated, and inefficiencies may be avoided or decreased. Having smaller security groups in common gives users higher peerSimilarityScores than having larger groups in common, as a result of logarithmic, reciprocal, or other score functions. Security group definitions are refreshed and peer scores are updated at regular intervals or on demand by CPI code, to avoid staleness. CPI code may be tuned by varying update intervals, varying cutoffs imposed on the size of security groups deemed suitable for use in computing peerSimilarityScores, or varying other parameters.