US 12,355,799 B2
Threat mitigation system and method
Brian P. Murphy, Tampa, FL (US); Joe Partlow, Tampa, FL (US); Colin O'Connor, Tampa, FL (US); Jason Pfeiffer, Tampa, FL (US); and Brian Philip Murphy, St. Petersburg, FL (US)
Assigned to ReliaQuest Holdings, LLC, Tampa, FL (US)
Filed by ReliaQuest Holdings, LLC, Tampa, FL (US)
Filed on Jul. 5, 2022, as Appl. No. 17/857,461.
Application 17/857,461 is a continuation of application No. 17/016,000, filed on Sep. 9, 2020, granted, now 11,411,981.
Claims priority of provisional application 62/897,703, filed on Sep. 9, 2019.
Prior Publication US 2022/0353290 A1, Nov. 3, 2022
Int. Cl. G06F 9/445 (2018.01); G06F 11/34 (2006.01); G06F 21/57 (2013.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01); H04L 67/00 (2022.01); H04L 67/60 (2022.01)
CPC H04L 63/1433 (2013.01) [G06F 11/3409 (2013.01); G06F 21/577 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 67/34 (2013.01); H04L 67/60 (2022.05); G06F 2221/034 (2013.01); H04L 63/1425 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A computer-implemented method, executed on a computing device, comprising:
monitoring, by a plurality of security-relevant subsystems, the activity of each respective security-relevant subsystem with respect to a computing platform, wherein the plurality of security-relevant subsystems include one or more of CDN (Content Delivery Network) systems; DAM (Database Activity Monitoring) systems; UBA (User Behavior Analytics) systems; MDM (Mobile Device Management) systems; IAM (Identity and Access Management) systems; DNS (Domain Name Server) systems, antivirus systems, operating systems, data lakes; data logs; security-relevant software applications; security-relevant hardware systems; and resources external to the computing platform;
generating at least a first set of platform information based upon, at least in part, the monitored activity of at least a portion of the plurality of security-relevant subsystems;
defining a threat mitigation platform for a client based upon, at least in part, the first set of platform information, so as to define at least one threat detection capability module for future installation on the computing platform, including applying a probabilistic process including artificial intelligence/machine learning to the first set of platform information, so as to define at least one threat detection capability module for installation on the computing platform;
defining a rollout schedule for at least a portion of the plurality of threat detection capability modules;
determining a difference between current security-relevant capabilities of the computing platform and possible security-relevant capabilities of the computing platform, including:
determining possible security-relevant capabilities of the computing platform using currently-deployed security relevant subsystem; and
determining possible security-relevant capabilities of the computing platform using one or more supplemental security-relevant subsystems; and
presenting the rollout schedule to the client and an identification of one or more security-relevant deficiencies of the computing platform.