17835552. SECURITY INCIDENT DETECTION BASED ON HISTORIAN CONFIGURATION DATA COLLECTED OVER TIME simplified abstract (Microsoft Technology Licensing, LLC)
SECURITY INCIDENT DETECTION BASED ON HISTORIAN CONFIGURATION DATA COLLECTED OVER TIME
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Arun Ramadasan Mannengal of Sammamish WA (US)
Krishna Chaitanya Rudraraju of Bellevue WA (US)
Rajesh Kumaraswamy of Bothell WA (US)
SECURITY INCIDENT DETECTION BASED ON HISTORIAN CONFIGURATION DATA COLLECTED OVER TIME - A simplified explanation of the abstract
This abstract first appeared for US patent application 17835552 titled 'SECURITY INCIDENT DETECTION BASED ON HISTORIAN CONFIGURATION DATA COLLECTED OVER TIME
Simplified Explanation
The patent application describes a method for detecting security incidents based on the configuration data of a computing device. Here are the key points:
- The historic configuration data of a computing device is continuously updated whenever there is a change in its configuration.
- This historic configuration data represents the changes made to the device's configurations over a period of time.
- By analyzing the updated historic configuration data, it is possible to determine if there has been a change in the relationship between the computing device and an entity in the computer system.
- The updated historic configuration data is then fed into a machine learning model that is trained to identify security incidents.
- If the machine learning model detects a security incident based on the updated historic configuration data, a security alert is generated.
Potential applications of this technology:
- Enhancing the security of computer systems by detecting and responding to security incidents in real-time.
- Improving incident response and investigation processes by providing detailed information about the changes in device configurations.
Problems solved by this technology:
- Traditional security incident detection methods may not be able to detect subtle changes in device configurations that could indicate a security incident.
- Manual analysis of configuration data can be time-consuming and prone to human error.
Benefits of this technology:
- Enables proactive detection of security incidents by analyzing the historic configuration data of computing devices.
- Reduces the time and effort required for incident response and investigation by automating the analysis process.
- Provides a more accurate and reliable method for identifying security incidents based on machine learning algorithms.
Original Abstract Submitted
Security incident detection based on historian configuration data collected over time is described. Historic configuration data associated with a computing device is updated based on received configuration data indicative of a change in configuration of the computing device in a computer system. The historic configuration data indicates changes to configurations of the computing device over a time period. A determination that relationship between the computing device and an entity of the computer system has changed is made based on the updated historic configuration data. The updated historic configuration data is provided as input to a machine learning (ML) model configured to generate an indication of whether the updated historic configuration data evidences a security incident. In response to the ML model generating an indication that the updated historic configuration data evidences a security incident, a security alert indicative of the evidenced security incident is generated.
