Patent application number | Description | Published |
20120030757 | LOGIN INITIATED SCANNING OF COMPUTING DEVICES - Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated. | 02-02-2012 |
20120046989 | SYSTEMS AND METHODS FOR DETERMINING RISK OUTLIERS AND PERFORMING ASSOCIATED RISK REVIEWS - Embodiments of the invention relate to risk review assessments and, more particularly to determining risk review candidates by identifying two or more community categories, determining risk scores for each user/employee across risk categories, normalizing the risk scores based on community averages and community standard deviations and determining risk review candidates by comparing the normalized risk scores to predetermined thresholds. In additional embodiments, an outlier reinforcement score for each user/employee by summing all of the positive-valued normalized risk scores across the two or more communities and comparing the outlier reinforcement score to a predetermined threshold. | 02-23-2012 |
20120047575 | SYSTEMS AND METHODS FOR PERFORMING ACCESS ENTITLEMENT REVIEWS - Embodiments of the invention relate to risk assessments and, more particularly to performing access risk assessments based on identified outliers. | 02-23-2012 |
20130091569 | LOGIN INITIATED SCANNING OF COMPUTING DEVICES - Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning. In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated. | 04-11-2013 |
20150033337 | CYBER SECURITY ANALYTICS ARCHITECTURE - Systems and methods are disclosed for responding to security events in real time. The disclosed systems and methods utilize the vast amount of risk and asset knowledge collected in a security data warehouse and aggregated in a security information manager, without the expense and latency associated with performing such calculations in real time. The disclosed systems and methods, thereby, significantly extend the time intervals feasible for temporal analysis. | 01-29-2015 |
20150066575 | ENTERPRISE RISK ASSESSMENT - Methods and apparatus are disclosed for assessing risk in an enterprise. A server may receive risk scores indicating an asset's risk level across various risk vectors. The server may aggregate the risk scores and assess score ranges for each risk vector. For each risk vector, the server may then segregate the risk scores based on their rank amongst the other risk scores within the range (e.g., top 10%, bottom 60%, and the like). Next, the server may apply a grading rubric to assign grades for each percentage (e.g., top 10% is an F grade, bottom 60% is an A grade and the like) assign grade points (e.g., an F grade is a 0.0, an A grade is a 4.0, and the like). By calculating a grade point average, the server may be able to provide a uniform system of assessing and evaluating risk across all assets in the enterprise. | 03-05-2015 |
20150067848 | DETECTING AUTOMATED SITE SCANS - Automated site scans are often seen as precursors to a cyber attack, from URI enumeration and version mapping to timing scans used to identify the most valuable DDoS targets. Disclosed are methods and apparatuses for detecting automated site scans and identifying the source of cyber attacks. Honeypot links are provided on a web page via a server. If multiple honeypot links are selected by a visitor of the web page, the server may identify the visitor as an automated system and generate a session ID. The server induces an artificial delay prior to displaying the data associated with the selected honeypot link. After a subsequent attack, the server is able to identify the attacker by association with the stored session ID of an automated site scan. | 03-05-2015 |
20150067850 | DDOS DETECTION USING SENSOR GRID - Methods and apparatus for detecting a network attack are disclosed. A sensor grid may be established in a network (e.g., an enterprise network). The sensors may monitor network assets across various network layers and transmit to a server signals that indicate the probability of an attack on the network. The server may apply an amplification algorithm to combine and amplify all of the received signals into a single signal that more accurately displays the probability of an attack on the network. | 03-05-2015 |
20150067889 | Entitlement Predictions - Systems, methods, and devices for predicting entitlements to computing resources. An entitlement associated with a user of a computer system may be identified. The entitlement may indicate a computing resource of the computer system that is accessible to the user. A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained. The entitlement probability value may be based on the set of attributes and indicate a probability that the user is authorized to have the entitlement. The entitlement probability value may be used to determine whether to include the entitlement in an access review. Depending on the entitlement probability value the entitlement may be included in the access review or excluded from the access review. | 03-05-2015 |