US 12,463,995 B1
Tiered risk engine with user cohorts
Trevor A. Welsh, Sherborn, MA (US); Harish Kumar Bharat Singh, Pleasanton, CA (US); Weifei Zeng, Sunnyvale, CA (US); Vikram Kapoor, Cupertino, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by LACEWORK, INC., Mountain View, CA (US)
Filed on Jan. 30, 2023, as Appl. No. 18/161,668.
Application 18/161,668 is a continuation in part of application No. 17/857,896, filed on Jul. 5, 2022, granted, now 11,909,752.
Application 17/857,896 is a continuation of application No. 17/704,926, filed on Mar. 25, 2022, abandoned.
Application 17/704,926 is a continuation in part of application No. 17/196,887, filed on Mar. 9, 2021, granted, now 11,689,553.
Application 17/196,887 is a continuation of application No. 16/459,207, filed on Jul. 1, 2019, granted, now 10,986,114, issued on Apr. 20, 2021.
Application 16/459,207 is a continuation of application No. 16/134,821, filed on Sep. 18, 2018, granted, now 10,419,469, issued on Sep. 17, 2019.
Claims priority of provisional application 63/240,818, filed on Sep. 3, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 29/06 (2006.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 18 Claims
OG exemplary drawing
 
1. A method of a tiered risk engine with user cohorts, the method comprising:
detecting one or more alerts associated with a user;
determining, based on a corresponding risk for each alert of the one or more alerts, a risk score for the user;
identifying one or more cohorts associated with the user, wherein the user is associated with a customer and the one or more cohorts comprise one or more other customers in a plurality of customers, and wherein identifying the one or more cohorts associated with the user is based on activity associated with the customer and activity associated with the plurality of customers; and
controlling access to one or more resources based on the risk score for the user, wherein determining the risk score further comprises determining a tiered risk score relative to one or more cohorts associated with the user.