Inferring a scenario when performing a security operation using an entity behavior catalog

Assignee

• Forcepoint LLC · US

Inventors

• Raffael Marty · Austin, US
• Alan Ross · Austin, US
• Nicolas Christian Fischbach · Uitikon, CH
• Matthew P. Moynahan · Austin, US
• Chad Anson · Austin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring an entity, the monitoring observing at least one electronically-observable data source; deriving an observable based upon the monitoring of the electronically-observable data source; identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility; converting the security related activity to entity behavior catalog data, the entity behavior catalog providing an inventory of entity behaviors; accessing an entity behavior catalog based upon the entity behavior catalog data; inferring a security vulnerability scenario from the observable derived based upon the monitoring; and performing a security operation via a security system, the security operation using the security vulnerability scenario and the entity behavior catalog data stored within the entity behavior catalog based upon the security related activity.