| CPC G06F 21/554 (2013.01) [G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A method to provide cybersecurity, the method comprising:
receiving a role definition, which is based on a schema, for a security principal regarding a scope of resources, the role definition including a first role definition, which defines a first permission based on a first element that is preassigned to the schema, and a second role definition, which defines a second permission based on a second element that is not preassigned to the schema;
determining a security score by providing permissions of the role definition, which include at least the first permission and the second permission, and a creation event, which indicates a circumstance of creation of the role definition, as inputs to a machine learning model, which causes the machine learning model to determine that the creation event is an irregular role definition creation event, to determine that the permissions of the role definition correspond to a relatively high amount of permission, and to generate the security score by taking into consideration that the creation event is the irregular role definition creation event and further by taking into consideration that the permissions of the role definition correspond to the relatively high amount of permission;
comparing the security score to a plurality of security score ranges that are defined by a plurality of thresholds and that correspond to a plurality of actions,
the plurality of thresholds comprising a first threshold and a second threshold that is less than the first threshold,
the plurality of actions comprising a first action in which access to a resource in the scope of resources is provided, a second action in which conditional access to the resource is provided, and a third action in which access to the resource is denied,
the plurality of security score ranges comprising a first security score range that is greater than the first threshold and that corresponds to the first action, a second security score range that is less than the first threshold and greater than the second threshold and that corresponds to the second action, and a third security score range that is less than the second threshold and that corresponds to the third action; and
denying access to the resource by selecting the third action from the plurality of actions as a result of the security score being included in the third security score range.
|