| CPC H04L 63/1433 (2013.01) [H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/205 (2013.01)] | 8 Claims |
|
1. A method of mitigating security risks in a computer network, the method comprising:
defining event costs of security events that are detected by a cloud-delivered service on the computer network, each of the event costs being indicative of an impact on the computer network of a security risk indicated by a corresponding security event;
defining action costs of taking actions to block permissions granted to users of the computer network, each of the action costs being indicative of a negative impact on a user of taking an action;
for each of the users, creating a prediction model for each security event for generating a prediction as to whether the security event will likely occur;
generating, using a prediction model of a selected user for a particular security event, a prediction as to whether the particular security event involving the selected user will likely occur;
for the selected user, making a determination according to the prediction generated using the prediction model of the selected user as to whether or not to take a particular action to block one or more permissions granted to the selected user based at least on a corresponding event cost of the particular security event, a corresponding action cost of the particular action, and the prediction generated using the prediction model of the selected user; and
blocking the one or more of the permissions granted to the selected user in accordance with the determination, wherein each of the one or more permissions granted to the selected user is an access right of the selected user on the computer network.
|