Analysis and mitigation of network security risks

Assignee

• Splunk Inc. · US

Inventors

• Sumit Bagga · Castro Valley, US
• Francis Gerard · Bethesda, US
• Robin Jinyang Hu · Fremont, US
• Marios Iliofotou · Sunnyvale, US
• J. Evan Jordan · San Francisco, US
• Amarendra Pendala · San Francisco, US
• Sourabh Satish · Fremont, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L65/61
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method comprises acquiring anomaly data including a plurality of anomalies detected from streaming data, wherein each of the anomalies relates to an entity on or associated with a computer network. The method determines a risk score of each of the anomalies, and adjusts the risk score of an anomaly according to a set of factors. The method further determines, for each of a plurality of sliding time windows of different lengths, an entity score of the entity in relation to the sliding time window, based on an aggregation of risk scores of all anomalies related to the entity that were detected within the sliding time window, where the entity score corresponds to a risk level associated with the entity. An action to prevent the entity from performing an operation can be determined and caused to occur based on the entity score.