公开(公告)号：US20230239312A1

公开(公告)日：2023-07-27

申请号：US17993641

申请日：2022-11-23

申请人： Target Brands, Inc.

发明人： Paul Hutelmyer ,  Adam Blake

IPC分类号： H04L9/40

CPC分类号： H04L63/1416 ,  H04L63/1425

摘要： Disclosed are techniques for monitoring and identifying attempts to subvert a security wall within a network infrastructure. A method can include receiving, by a network security system monitoring and protecting the network infrastructure, network activity for the network infrastructure, determining whether the network activity triggers at least one security event rule, blocking the network activity when the network activity triggers the rule, determining a sensitivity level associated with the network activity, starting a timer based on the sensitivity level satisfying a threshold level of sensitivity, continuously monitoring subsequent network activity until the timer expires, determining whether the subsequent network activity triggers one or more security event rules before the timer expires, associating the blocked network activity with the subsequent network activity if the subsequent network activity triggers the rules, and generating an alert indicating the associated network activity as an attempt to subvert a security wall within the network infrastructure.

公开(公告)号：US20230239311A1

公开(公告)日：2023-07-27

申请号：US17993627

申请日：2022-11-23

申请人： Target Brands, Inc.

发明人： Paul Hutelmyer ,  Adam Blake

IPC分类号： H04L9/40

CPC分类号： H04L63/1416 ,  H04L63/1441

摘要： Disclosed are techniques for associating users of a network infrastructure to network or endpoint events within the network infrastructure. A method can include receiving, by a network security system that monitors and protects the network infrastructure, a packet for a network event, the packet including (i) information identifying a user device from which the network event originates and (ii) a payload, determining whether the packet triggers at least one association rule in a group of association rules, determining candidate users to be associated with the network event based on the rule triggered by the packet, determining confidence values for the candidate users to be associated with the network event based on the rule triggered by the packet, and returning the candidate users to associate with the network event and the corresponding confidence values.

公开(公告)号：US20220321606A1

公开(公告)日：2022-10-06

申请号：US17587303

申请日：2022-01-28

申请人： Target Brands, Inc.

发明人： Paul Hutelmyer ,  Adam Blake

IPC分类号： H04L9/40

摘要： Systems and methods disclosed can evaluate security detection rules in a network security computing environment. Results for a processed log of security events can be retrieved. The results can identify determined outcomes for instances triggering security detection rules. The security detection rules can detect specific behavior on a network by being processed against a log of security events. Scores for the security detection rules can be determined based on the results of the processed log of security events and the determined outcomes. The security detection rules can be ranked based on the scores, from highest to lowest score. The highest score can indicate that a corresponding rule is performing worst among the security detection rules and the lowest score can indicate that a corresponding rule is performing best among the security detection rules. A rules score report can be generated based on the ranked rules.

公开(公告)号：US11909773B2

公开(公告)日：2024-02-20

申请号：US17587303

申请日：2022-01-28

申请人： Target Brands, Inc.

发明人： Paul Hutelmyer ,  Adam Blake

IPC分类号： H04L9/40

CPC分类号： H04L63/205

摘要： Systems and methods disclosed can evaluate security detection rules in a network security computing environment. Results for a processed log of security events can be retrieved. The results can identify determined outcomes for instances triggering security detection rules. The security detection rules can detect specific behavior on a network by being processed against a log of security events. Scores for the security detection rules can be determined based on the results of the processed log of security events and the determined outcomes. The security detection rules can be ranked based on the scores, from highest to lowest score. The highest score can indicate that a corresponding rule is performing worst among the security detection rules and the lowest score can indicate that a corresponding rule is performing best among the security detection rules. A rules score report can be generated based on the ranked rules.

公开(公告)号：US20230239303A1

公开(公告)日：2023-07-27

申请号：US17992107

申请日：2022-11-22

申请人： Target Brands, Inc.

发明人： Paul Hutelmyer ,  Adam Blake

IPC分类号： H04L9/40

CPC分类号： H04L63/102 ,  H04L63/1433 ,  H04L63/1425

摘要： Disclosed are techniques for monitoring internal security vulnerabilities in an enterprise based on determining composite risk scores for enterprise users. A method can include receiving information about an enterprise user, such as their role, identifying risks associated with the role, determining, based on the risks, a role-based risk score for the user, receiving, event alerts from a network security detection system, each event alert having been generated by the network security detection system identifying network activity on the enterprise's network that satisfies one or more security event rules indicative of a potential network security issue, determining that one or more of the event alerts are associated with the user in the enterprise to generate user-event pairings, determining, based on the user-event pairings, an event-based risk score for the user, and generating a composite risk score for the user based on aggregating the role-based risk score and the event-based risk score.

公开(公告)号：US20230231854A1

公开(公告)日：2023-07-20

申请号：US17992104

申请日：2022-11-22

申请人： Target Brands, Inc.

发明人： Adam Blake ,  Paul Hutelmyer

IPC分类号： H04L9/40

CPC分类号： H04L63/104 ,  H04L63/1425

摘要： Disclosed are techniques for identifying users within an enterprise who pose heightened security risks to the enterprise. A method can include receiving, by a computing system, information about users in the enterprise, grouping the users into groups based on at least one grouping feature and the user information, the at least one grouping feature including, for each of the users, behavior, activity, role, department, region, role-based risk score, event-based risk score, and/or composite risk score, identifying, for each group, normalized behavior of users in the group, generating, for each user in each group, a composite risk score based on deviation of the user's activity from the normalized behavior of the group, identifying, for each group, a subset of users in the group to be added to a watch list, and adding the subset of users to the watch list.