Cyber defense systems and methods

摘要

Cyber defense systems and methods protect an enterprise system formed of a plurality of networked components. Connectivity and relationship information indicative of connectivity and behavior of the components are collected. A relationship graph is created based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships. At least part of the relationship graph is stored to form a chronology. The relationship graph and the chronology are analyzed to predict connectivity and relationship changes within the enterprise system, and a first anomaly is identified when the current connectivity and relationships do not match the prediction.

主权项

1. A cyber defense method for protecting an enterprise system having a plurality of networked components, at least some of the components being accessible via endpoints, comprising:
collecting connectivity and relationship information indicative of connectivity and behavior of the components resulting from human interaction with the endpoints; creating a relationship graph based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships between the components; storing at least part of the relationship graph to form a chronology indicating the connectivity and relationship information of the components at a given time; generating a prediction by analyzing the previously stored relationship graph and the previously formed chronology, the prediction indicating expected future connectivity and relationship behavior within the enterprise system; and identifying a first anomaly when the most recent connectivity and relationships do not match the prediction.