US 11,888,861 B2
Using an entity behavior catalog when performing human-centric risk modeling operations
Nicolas Christian Fischbach, Uitikon (CH); Raffael Marty, Austin, TX (US); Margaret Cunningham, Austin, TX (US); and Clifford Charles Wright, Oxfordshire (GB)
Assigned to Forcepoint LLC, Austin, TX (US)
Filed by Forcepoint, LLC, Austin, TX (US)
Filed on Dec. 11, 2020, as Appl. No. 17/119,813.
Application 17/119,813 is a continuation of application No. 16/557,560, filed on Aug. 30, 2019, granted, now 10,999,296.
Application 16/557,560 is a continuation in part of application No. 16/415,726, filed on May 17, 2019, granted, now 10,834,097, issued on Nov. 10, 2020.
Application 16/557,560 is a continuation in part of application No. 17/119,813.
Application 17/119,813 is a continuation in part of application No. 16/162,655, filed on Oct. 17, 2018, granted, now 10,530,786, issued on Jan. 7, 2020.
Application 16/162,655 is a continuation of application No. 15/963,729, filed on Apr. 26, 2018, granted, now 10,129,269, issued on Nov. 13, 2018.
Application 15/963,729 is a continuation in part of application No. 15/878,898, filed on Jan. 24, 2018, granted, now 10,063,568, issued on Aug. 28, 2018.
Application 15/878,898 is a continuation of application No. 15/720,788, filed on Sep. 29, 2017, granted, now 9,882,918, issued on Jan. 30, 2018.
Claims priority of provisional application 63/017,400, filed on Apr. 29, 2020.
Claims priority of provisional application 62/964,372, filed on Jan. 22, 2020.
Claims priority of provisional application 62/839,060, filed on Apr. 26, 2019.
Claims priority of provisional application 62/506,300, filed on May 15, 2017.
Prior Publication US 2021/0120011 A1, Apr. 22, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); H04L 67/306 (2022.01)
CPC H04L 63/04 (2013.01) [G06F 21/566 (2013.01); G06F 21/577 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/205 (2013.01); H04L 67/306 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implementable method for performing a security operation, comprising:
monitoring an entity, the monitoring observing at least one electronically-observable data source;
identifying a security related activity of the entity, the security related activity being of analytic utility;
accessing an entity behavior catalog based upon the security related activity, the entity behavior catalog providing an inventory of entity behaviors and a human-centric risk modeling framework, the human-centric risk modeling framework enabling quantification of a human-centric factor associated with the entity, the human-centric factor comprising a motivation factor, a stressor factor and an organizational dynamics stressor factor, the human-centric factor having an associated effect on the entity, the motivation factor representing a motivation for enacting the user entity behavior, the stressor factor representing an issue influencing the user entity behavior, the organizational stressor factor representing an event occurring within an organization affecting the user entity behavior; and
performing a security operation using the human-centric risk modeling framework, the security operation using entity behavior catalog data stored within the entity behavior catalog based upon the security related activity, the security operation being performed by at least one of an endpoint device and a security analytics system, the endpoint device executing the security operation on a hardware processor associated with the endpoint device, the security analytics system executing the security operation on a hardware processor associated with the security analytics system.