Systems, structures, and processes for interconnected devices and risk management

摘要

Techniques are provided that produce a risk profile consisting of a risk score and trends of risk scores across devices and sensors in a machine-to-machine (M2M) or Internet of things (IOT) environment. For example, a device is assigned a risk score which is based on baseline factors such as expected network packets between two devices, normal network packets, access to critical devices, authorized access requests from one device to another device, normal communications to a device, and the critical ports of a device; access to and conflicts across physical, logical, and operational systems; historical and current usage of these systems, and anomalies from normal behavior patterns. Techniques encompass risk management by computing a risk score in a timely fashion in accordance with an architecture that enables achieving the required scaling necessitated by the huge number of devices in the machine-to-machine (M2M) or Internet of things (IOT) environment.

主权项

1. A computer-implemented method for providing entity risk score intelligence in a machine-machine environment, comprising the steps of:
receiving baseline scoring data, associated with valid devices on a machine-machine network, at an entity warehouse, wherein the entity warehouse comprises a risk scoring and predictive analytics engine that provides entity risk score intelligence, said risk score intelligence having a risk score, regarding an entity based in part an said baseline scoring data; performing, at the entity warehouse, ongoing monitoring of (a) behavior and anomaly processes and data of said valid devices and (b) changes and behaviors processes and data of said valid devices, wherein each such processes and data impact the entity risk score intelligence; wherein said risk scoring and predictive analytics engine uses a risk score configuration on said baseline scoring data, wherein said risk score configuration comprises configurable baseline contributing factors; training and screening contributing factors; and on-going usage contributing factors; wherein the risk scoring and predictive analytics engine runs on a big data platform on a network and uses in-memory database processing; and providing system response and automatically generating real-time alerts when said risk score exceeds a defined threshold; wherein said risk score configuration comprises:
profile attributes to be set, conditions for the profile attributes to be set, values for the profile attribute conditions to be set, and corresponding points to be assigned;training or screening conditions to be set, conditions for the training or screening to be set, values for the training or screening conditions to be set, and corresponding points to be assigned;on-going usage conditions to be set, conditions for the on-going usage to be set, values for the on-going usage conditions to be set, and corresponding points to be assigned; andsetting an indicator indicating that a simulation is to be run; wherein one or more steps are performed on at least a processor coupled to at least a memory.