US 11,888,862 B2
Distributed framework for security analytics
Lawrence Bruce Huston, III, Ann Arbor, MI (US); and David Coffey, Austin, TX (US)
Assigned to Forcepoint LLC, Austin, TX (US)
Filed by Forcepoint, LLC, Austin, TX (US)
Filed on Dec. 22, 2020, as Appl. No. 17/131,014.
Application 17/131,014 is a continuation of application No. 16/557,560, filed on Aug. 30, 2019, granted, now 10,999,296.
Application 16/557,560 is a continuation in part of application No. 16/415,726, filed on May 17, 2019, granted, now 10,834,097, issued on Nov. 10, 2020.
Application 16/557,560 is a continuation in part of application No. 17/131,014.
Application 17/131,014 is a continuation in part of application No. 16/162,655, filed on Oct. 17, 2018, granted, now 10,530,786, issued on Jan. 7, 2020.
Application 16/162,655 is a continuation of application No. 15/963,729, filed on Apr. 26, 2018, granted, now 10,129,269, issued on Nov. 13, 2018.
Application 15/963,729 is a continuation in part of application No. 15/878,898, filed on Jan. 24, 2018, granted, now 10,063,568, issued on Aug. 28, 2018.
Application 15/878,898 is a continuation of application No. 15/720,788, filed on Sep. 29, 2017, granted, now 9,882,918, issued on Jan. 30, 2018.
Claims priority of provisional application 63/119,116, filed on Nov. 30, 2020.
Claims priority of provisional application 63/017,400, filed on Apr. 29, 2020.
Claims priority of provisional application 62/964,372, filed on Jan. 22, 2020.
Claims priority of provisional application 62/839,060, filed on Apr. 26, 2019.
Claims priority of provisional application 62/506,300, filed on May 15, 2017.
Prior Publication US 2021/0112076 A1, Apr. 15, 2021
Int. Cl. H04L 9/40 (2022.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); H04L 67/306 (2022.01)
CPC H04L 63/14 (2013.01) [G06F 21/566 (2013.01); G06F 21/577 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/205 (2013.01); H04L 67/306 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implementable method for performing a security operation, comprising:
monitoring an entity, the monitoring observing at least one electronically-observable data source;
identifying an event of analytic utility;
analyzing the event of analytic utility, the analyzing the event of analytic utility identifying an entity behavior associated with the event of analytic utility; and,
performing the security operation in response to the analyzing the event of analytic utility, the security operation being performed by at least one of an entity edge component and a security analytics system, the entity edge component executing the security operation on a hardware processor associated with the entity edge component, the security analytics system executing the security operation on a hardware processor associated with the security analytics system; and wherein
the monitoring, the identifying, the analyzing and the performing are performed via a distributed security analytics framework; and,
the distributed security analytics framework comprises the entity edge component, the entity edge component performing a human factors analytics operation, the human factors analytics operation using a human-centric risk modeling framework, the human-centric risk modeling framework enabling quantification of a human-centric factor associated with the entity, the human-centric factor comprising a motivation factor, a stressor factor and an organizational dynamics stressor factor, the human-centric factor having an associated effect on the entity, the motivation factor representing a user entity behavior that provides an indication of a motivation for enacting the user entity behavior, the stressor factor representing an issue influencing the user entity behavior, the organizational stressor factor representing an event occurring within an organization affecting the user entity behavior.