17956776. FAST FORWARDED SECURITY ISSUE IDENTIFICATION USING DIGITAL TWINS simplified abstract (International Business Machines Corporation)
Contents
FAST FORWARDED SECURITY ISSUE IDENTIFICATION USING DIGITAL TWINS
Organization Name
International Business Machines Corporation
Inventor(s)
Sudheesh S. Kairali of Kozhikode (IN)
Sarbajit K. Rakshit of Kolkata (IN)
Satyam Jakkula of BENGALURU (IN)
Sudhanshu Sekher Sar of Bangalore (IN)
Maureen Kraft of Hudson MA (US)
FAST FORWARDED SECURITY ISSUE IDENTIFICATION USING DIGITAL TWINS - A simplified explanation of the abstract
This abstract first appeared for US patent application 17956776 titled 'FAST FORWARDED SECURITY ISSUE IDENTIFICATION USING DIGITAL TWINS
Simplified Explanation
The abstract describes a method and system for providing computer system security for a focus computer system (FCS) by creating a security digital twin (SDT) with an associated security ontology for the FCS. The method involves analyzing potential threats, mapping them to attack patterns, searching for similar attack patterns on another computer system, and defending the FCS using an action mitigation plan.
- Explanation of the patent:
- Creating a security digital twin (SDT) for the focus computer system (FCS) - Analyzing potential threats and mapping them to attack patterns - Searching for similar attack patterns on another computer system - Defending the FCS using an action mitigation plan
- Potential applications of this technology:
- Enhancing computer system security - Improving threat detection and response capabilities
- Problems solved by this technology:
- Identifying potential threats and vulnerabilities in the FCS - Providing a proactive approach to defending against cyber attacks
- Benefits of this technology:
- Increased security for the FCS - Enhanced threat intelligence and response capabilities
- Potential commercial applications of this technology:
- Cybersecurity companies - IT security departments in organizations
- Possible prior art:
- Existing cybersecurity systems and methods for threat detection and response
- Unanswered Questions:
- How does the system handle false positives in threat analysis?
The abstract does not mention how the system distinguishes between real threats and false alarms during the threat analysis process.
- What is the scalability of the system for large-scale computer networks?
The abstract does not provide information on how the system can scale to protect large networks with multiple interconnected systems.
Original Abstract Submitted
A method and system provide computer system security for a focus computer system (FCS). The method comprises creating a security digital twin (SDT) for the FCS with an associated security ontology for the FCS. A potential threat analyzer receives a potential threat object (PTO), and maps it to an enterprise attack vector pattern. The method further comprises searching, on another computer system (OCS) for a predicted attack pattern having a similar pattern to the enterprise attack vector pattern. Conditioned upon finding the predicted attack pattern, and using a potential threat handler locating an action mitigation plan (AMP) related to the predicted attack pattern in the data fabric associated with the OCS, the method further comprises copying the OCS predicted attack pattern to an FCS predicted attack pattern store, copying the OCS AMP to an FCS AMP store, and defending the FCS from the PTO using the AMP.
