SECURITY FINDING CATEGORIES-BASED PRIORITIZATION

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Jonathan Gazit of Tel Aviv (IL)

Moshe Israel of Ramat-Gan (IL)

Dotan Patrich of Kfar Saba (IL)

SECURITY FINDING CATEGORIES-BASED PRIORITIZATION - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240267400 titled 'SECURITY FINDING CATEGORIES-BASED PRIORITIZATION

The patent application focuses on bridging the gap between past security alerts and future vulnerabilities, organizing them into categories and identifying correlations between them to create category association rules for cybersecurity prioritization.

• Alerts, vulnerabilities, and security findings are gathered from similar environments and filtered to pertain to similar resources or configurations.
• Category association rules are used to assign priority levels to alerts and likelihood levels to potential breaches.
• Graphs showing resources and data flow paths are annotated with risk scores or security findings based on the category association rules.

Potential Applications: - Cybersecurity management and prioritization - Risk assessment and mitigation in IT environments

Problems Solved: - Efficiently managing security alerts and vulnerabilities - Prioritizing cybersecurity tasks based on potential risks

Benefits: - Improved cybersecurity decision-making - Enhanced protection against potential breaches

Commercial Applications: Title: "Enhancing Cybersecurity Prioritization and Risk Assessment" This technology can be utilized by cybersecurity companies, IT departments, and organizations looking to strengthen their security measures and protect sensitive data.

Questions about the technology: 1. How does this technology improve cybersecurity management? 2. What are the key benefits of utilizing category association rules in cybersecurity prioritization?

Frequently Updated Research: Stay updated on the latest advancements in cybersecurity prioritization and risk assessment to ensure your systems are protected against evolving threats.

Original Abstract Submitted

some embodiments bridge a gap between focusing on security alerts raised by conditions and events that have already occurred, and focusing on vulnerabilities that might be exploited in the future. alerts are organized into alert categories, vulnerabilities are organized into vulnerability categories, and are optionally supplemented with misconfiguration categories. correlations are identified between alert categories and vulnerability or misconfiguration categories, and the correlation values noted, to produce category association rules. the alerts, vulnerabilities, and other security findings are gathered in some situations from multiple similar environments, and in some cases are filtered to pertain to similar resources or similar configurations. the category association rules are utilized to perform cybersecurity prioritizations such as assigning priority levels to alerts and assigning likelihood levels to potential breaches. graphs showing resources and data flow paths are annotated with risk scores or with security findings relevant to the applicable category association rules.