Computer-implemented method for determining computer system security threats, security operations center system and computer program product

• Main Authors: Scheidler, Balazs, Illes, Marton
• Format: Patent
• Language: English
• Published: 09.06.2020
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRIC DIGITAL DATA PROCESSING; ELECTRICITY; PHYSICS; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

A computer-implemented method for determining computer system security threats, the computer system including user accounts established on the computer system, the method including the steps of: (i) for a plurality of user accounts, assigning a risk level to each account; (ii) in a time interval, for a plurality of events, wherein each event is linked to a respective user account, assigning an event score relating to deviation from normal behavior of each event with respect to the respective user account; (iii) in the time interval, for the plurality of events, calculating an event importance which is a function of the respective event score and the respective user account risk level; (iv) prioritizing the plurality of events by event importance, and (v) providing a record of the plurality of events, prioritized by event importance.