US 11,888,864 B2
Security analytics mapping operation within a distributed security analytics environment
Lawrence Bruce Huston, III, Ann Arbor, MI (US); and David Coffey, Austin, TX (US)
Assigned to Forcepoint LLC, Austin, TX (US)
Filed by Forcepoint, LLC, Austin, TX (US)
Filed on Dec. 22, 2020, as Appl. No. 17/131,018.
Application 17/131,018 is a continuation of application No. 16/557,560, filed on Aug. 30, 2019, granted, now 10,999,296.
Application 16/557,560 is a continuation in part of application No. 16/415,726, filed on May 17, 2019, granted, now 10,834,097, issued on Nov. 10, 2020.
Application 16/557,560 is a continuation in part of application No. 17/131,018.
Application 17/131,018 is a continuation in part of application No. 16/162,655, filed on Oct. 17, 2018, granted, now 10,530,786, issued on Jan. 7, 2020.
Application 16/162,655 is a continuation of application No. 15/963,729, filed on Apr. 26, 2018, granted, now 10,129,269, issued on Nov. 13, 2018.
Application 15/963,729 is a continuation in part of application No. 15/878,898, filed on Jan. 24, 2018, granted, now 10,063,568, issued on Aug. 28, 2018.
Application 15/878,898 is a continuation of application No. 15/720,788, filed on Sep. 29, 2017, granted, now 9,882,918, issued on Jan. 30, 2018.
Claims priority of provisional application 63/119,116, filed on Nov. 30, 2020.
Claims priority of provisional application 63/017,400, filed on Apr. 29, 2020.
Claims priority of provisional application 62/964,372, filed on Jan. 22, 2020.
Claims priority of provisional application 62/839,060, filed on Apr. 26, 2019.
Claims priority of provisional application 62/506,300, filed on May 15, 2017.
Prior Publication US 2021/0112078 A1, Apr. 15, 2021
Int. Cl. H04L 9/40 (2022.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); H04L 67/306 (2022.01)
CPC H04L 63/04 (2013.01) [G06F 21/566 (2013.01); G06F 21/577 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/205 (2013.01); H04L 67/306 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implementable method for performing a security analytics mapping operation, comprising:
receiving a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity;
receiving a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity;
determining, via a distributed security analytics environment, whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity;
generating, via the distributed security analytics environment, an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity; and,
performing, via the distributed security analytics environment, a security analytics operation, the security analytics operation using the entity interaction map to identify enactment of entity behaviors by the first entity and second entity, the enactment of the entity behaviors by the first entity and the second entity transcending an enactment of an entity behavior by a single entity, the security analytics operation resulting in a security risk assessment for the enactment of the entity behaviors by the first entity and the second entity.