Systems and methods for detecting and thwarting attacks on an IT environment
US11277421B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 20, 2018 |
| Grant date | Mar 15, 2022 |
| Priority date | — |
| Expiry date | Feb 13, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2111
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods for detecting and thwarting attacks on a computing system. The methods comprise: collecting timestamped data from different software products comprising a unified end point management product, an SBC/ADV product, an application delivery controller product, a content collaboration product, and/or a software defined WAN product; analyzing the collected timestamped data to determine if an observed user behavior matches a learned normal user behavior of an authorized user associated with a user account; determining a risk classification level associated with a credential used by a user to log into the user account, when the observed user behavior does not match the learned normal user behavior of the authorized user; and causing at least one security related action to be performed when the risk classification level is greater than a threshold level or the risk classification level is one of a top N highest risk classification levels.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.