US 12,001,563 B2
Generating an entity behavior profile based upon sessions
Alan Ross, Austin, TX (US); Raffael Marty, Austin, TX (US); and Nicolas Christian Fischbach, Uitikon (CH)
Assigned to Forcepoint LLC, Austin, TX (US)
Filed by Forcepoint, LLC, Austin, TX (US)
Filed on Apr. 9, 2021, as Appl. No. 17/226,722.
Application 17/226,722 is a continuation of application No. 16/791,437, filed on Feb. 14, 2020, granted, now 11,295,022.
Application 16/791,437 is a continuation of application No. 16/557,560, filed on Aug. 30, 2019, granted, now 10,999,296.
Application 16/557,560 is a continuation in part of application No. 16/415,726, filed on May 17, 2019, granted, now 10,834,097, issued on Nov. 10, 2020.
Application 17/226,722 is a continuation in part of application No. 16/162,655, filed on Oct. 17, 2018, granted, now 10,530,786, issued on Jan. 7, 2020.
Application 16/162,655 is a continuation of application No. 15/963,729, filed on Apr. 26, 2018, granted, now 10,129,269, issued on Nov. 13, 2018.
Application 15/963,729 is a continuation in part of application No. 15/878,898, filed on Jan. 24, 2018, granted, now 10,063,568, issued on Aug. 28, 2018.
Application 15/878,898 is a continuation of application No. 15/720,788, filed on Sep. 29, 2017, granted, now 9,882,918, issued on Jan. 30, 2018.
Claims priority of provisional application 63/119,116, filed on Nov. 30, 2020.
Claims priority of provisional application 62/964,372, filed on Jan. 22, 2020.
Claims priority of provisional application 62/839,060, filed on Apr. 26, 2019.
Claims priority of provisional application 62/506,300, filed on May 15, 2017.
Prior Publication US 2021/0224400 A1, Jul. 22, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/57 (2013.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06F 21/62 (2013.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01)
CPC G06F 21/577 (2013.01) [G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01); G06F 21/6227 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); H04L 63/102 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); G06F 2221/033 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implementable method for performing a security operation, comprising:
monitoring an entity, the monitoring observing at least one electronically-observable data source, the monitoring comprising monitoring at least one of a plurality of electronically-observable actions via a protected endpoint;
deriving an observable based upon the monitoring of the electronically-observable data source;
identifying a security related activity of the entity, the security related activity being based upon the observable derived from the electronic data source, the security related activity being of analytic utility;
associating the security related activity with a session;
processing an entity behavior profile of the entity and contextual information relating to the entity to generate an inference regarding the entity;
generating an entity behavior profile element based upon the security related activity and the session; and,
performing the security operation via the protected endpoint and a security analytics system, the security operation using the entity behavior entity behavior profile element and the inference regarding the entity, the security analytics system executing on a security analytics system hardware processor.