LATENT-CONTEXT ALERT CORRELATION ENGINE IN A SECURITY MANAGEMENT SYSTEM

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Daniel Davraev of Or Yehuda (IL)

Tamer Salman of Haifa (IL)

Ram Haim Pliskin of Rishon Lezion (IL)

LATENT-CONTEXT ALERT CORRELATION ENGINE IN A SECURITY MANAGEMENT SYSTEM - A simplified explanation of the abstract

This abstract first appeared for US patent application 18183783 titled 'LATENT-CONTEXT ALERT CORRELATION ENGINE IN A SECURITY MANAGEMENT SYSTEM

Simplified Explanation: The patent application describes a system for security incident management using a latent-context alert correlation engine in a security management system. This system connects alerts based on known attack paths, even if they do not share a common entity in a security graph.

Key Features and Innovation:

• Integration of a latent-context alert correlation engine into a security management system
• Determining connections between alerts based on latent-context connections
• Generating security incidents for connected alerts
• Communicating notifications for generated security incidents

Potential Applications: This technology can be applied in various industries such as cybersecurity, network security, and threat intelligence to enhance incident response capabilities.

Problems Solved: This technology addresses the challenge of identifying and correlating security alerts that may not have an obvious connection in traditional security systems.

Benefits:

• Improved detection and response to security incidents
• Enhanced visibility into potential attack paths
• Efficient incident management and resolution

Commercial Applications: The technology can be utilized by cybersecurity companies, IT departments, and organizations with high-security needs to strengthen their security posture and mitigate potential threats effectively.

Prior Art: Readers can explore prior patents related to security incident management, alert correlation engines, and security graph analysis to understand the evolution of this technology.

Frequently Updated Research: Stay informed about the latest advancements in security incident management, alert correlation techniques, and threat intelligence to leverage cutting-edge solutions for enhanced cybersecurity.

Questions about Security Incident Management using Latent-Context Alert Correlation Engine: 1. How does the latent-context alert correlation engine improve incident response in security management systems? 2. What are the key advantages of using a latent-context connection to correlate security alerts?

Original Abstract Submitted

Methods, systems, and computer storage media for providing security incident management using a latent-context alert correlation engine in a security management system. Security incident management is provided using the latent-context alert correlation engine that is operationally integrated into the security management system. In operation, first security data of a first alert and second security data of a second alert are accessed. The first alert and the second alert do not share a common entity identifiable in a security graph. Using the first security data and the second security data, a determination is made that the first alert is connected to the second alert based on a latent-context connection. The latent-context connection is a known attack path connection that indirectly connects alerts. Based on determining that the first alert is connected to the second alert, a security incident is generated for the alert. A notification comprising the security incident is communicated.