Jump to content

18638282. ORDERING SECURITY INCIDENTS USING ALERT DIVERSITY simplified abstract (Microsoft Technology Licensing, LLC)

From WikiPatents

ORDERING SECURITY INCIDENTS USING ALERT DIVERSITY

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Anna Swanson Bertiger of Seattle WA (US)

Michael Steven Flowers of Kent WA (US)

ORDERING SECURITY INCIDENTS USING ALERT DIVERSITY - A simplified explanation of the abstract

This abstract first appeared for US patent application 18638282 titled 'ORDERING SECURITY INCIDENTS USING ALERT DIVERSITY

Simplified Explanation: The patent application describes a method for ranking security incidents in a computer network based on a diversity metric calculated from attribute values associated with security alerts.

  • Security incidents are ranked based on values of a diversity metric computed from attribute values of security alerts.
  • Attribute-specific sub-metrics are determined for each incident and combined to calculate the overall diversity metric.
  • The ranking of security incidents can trigger automated mitigating actions or be communicated to a security administrator.

Key Features and Innovation:

  • Ranking security incidents based on a diversity metric calculated from attribute values.
  • Combining attribute-specific sub-metrics to determine the overall diversity metric.
  • Automated mitigation actions triggered based on the ranking of security incidents.

Potential Applications: This technology can be applied in various industries such as cybersecurity, network monitoring, and threat detection systems.

Problems Solved:

  • Efficient ranking of security incidents in a computer network.
  • Prioritizing security alerts based on a diversity metric.
  • Enhancing the response to security threats in real-time.

Benefits:

  • Improved security incident management.
  • Enhanced threat detection capabilities.
  • Automation of security incident response.

Commercial Applications: Potential commercial applications include cybersecurity software, network security services, and threat intelligence platforms.

Prior Art: Readers can explore prior patents related to security incident ranking, diversity metrics in cybersecurity, and attribute-based threat detection systems.

Frequently Updated Research: Stay informed about the latest advancements in cybersecurity threat detection, network monitoring technologies, and attribute-based security incident ranking methods.

Questions about Security Incident Ranking: 1. How does the diversity metric contribute to the ranking of security incidents? 2. What are the advantages of using attribute values to calculate the diversity metric for security alerts?


Original Abstract Submitted

In a computer network monitored for security threats, security incidents corresponding to groups of mutually related security alerts may be ranked based on values of a diversity metric computed for each incident from attribute values of an attribute, or multiple attributes, associated with the security alerts. In some embodiments, values of attribute-specific sub-metrics are determined for each incident and combined, e.g., upon conversion to p-values, into respective values of the overall diversity metric. Based on the ranking, an output may be generated. For example, a ranked list of the security incidents (or a subset thereof) may be communicated to a security administrator, and/or may trigger an automated mitigating action.

Retrieved from "https://wikipatents.org/index.php?title=18638282._ORDERING_SECURITY_INCIDENTS_USING_ALERT_DIVERSITY_simplified_abstract_(Microsoft_Technology_Licensing,_LLC)&oldid=225907"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.