| CPC H04L 63/1441 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01)] | 17 Claims |
|
1. A computer-implemented method comprising:
creating a first security digital twin (SDT) for a focus computer system (FCS) with an associated security ontology for the FCS;
receiving, by the first SDT, a potential threat object (PTO);
mapping the PTO to an enterprise attack vector pattern;
searching, by the first SDT, using historical routines associated with a second SDT of an other computer system (OCS), for a predicted attack pattern meeting a similarity criteria threshold respective to the enterprise attack vector pattern, wherein the similarity criteria threshold is a percentage of commonality between the associated security ontology for the FCS and an associated security ontology for the OCS; and
responsive to finding the predicted attack pattern:
locating an action mitigation plan (AMP) related to the predicted attack pattern in a data fabric associated with the second SDT of the OCS;
copying the OCS predicted attack pattern to an FCS predicted attack pattern store;
copying the OCS AMP to an FCS AMP store; and
defending the FCS from the PTO using the AMP.
|