Abstract: A method includes monitoring user behavior in an enterprise system, identifying a given user of the enterprise system associated with a given portion of the monitored user behavior, determining a predicted impact of compromise of the given user on the enterprise system, generating a risk score for the given user based on the predicted impact of compromise and the given portion of the monitored user behavior, and identifying one or more remedial actions to reduce the risk score for the given user. The method also includes implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of at least one asset in the enterprise system, the at least one asset comprising at least one of a physical computing resource and a virtual computing resource in the enterprise system.

Abstract: A method includes detecting a plurality of events associated assets of an enterprise system and generating database record structures based on the detected events, each database record structure comprising a first field storing an association key identifying one of the assets, a second field storing a first timestamp associated with a first detected event stored in that database record structure for its identified asset, and at least a third field storing a value associated with a second detected event stored in that database record structure for its identified asset. The method also includes maintaining indexing structures for the first, second and third fields, receiving a query to resolve a temporal association for a queried assets at a specified time, and utilizing the indexing structures to locate a particular one of the database record structures storing the temporal association for the queried asset at the specified time.

Abstract: A method includes detecting a plurality of events associated assets of an enterprise system and generating database record structures based on the detected events, each database record structure comprising a first field storing an association key identifying one of the assets, a second field storing a first timestamp associated with a first detected event stored in that database record structure for its identified asset, and at least a third field storing a value associated with a second detected event stored in that database record structure for its identified asset. The method also includes maintaining indexing structures for the first, second and third fields, receiving a query to resolve a temporal association for a queried assets at a specified time, and utilizing the indexing structures to locate a particular one of the database record structures storing the temporal association for the queried asset at the specified time.

Abstract: A method includes obtaining usage metrics for assets of an enterprise system and extracting sets of features from the obtained usage metrics, the sets of features characterizing relative importance of each of the assets for each of two or more designated time windows. The method also includes determining, utilizing the extracted features, an importance of each of the assets. The method further includes establishing a baseline behavior of the assets based on the extracted features, monitoring behavior of the assets during at least one additional time window, and modifying a configuration of a given asset responsive to detecting that the monitored behavior of the given asset during the at least one additional time window exhibits a threshold difference from the established baseline behavior of the given asset, wherein the modification is based at least in part on the importance of the given asset relative to one or more other assets.

Abstract: A method includes monitoring user behavior in an enterprise system, identifying a given user of the enterprise system associated with a given portion of the monitored user behavior, determining a predicted impact of compromise of the given user on the enterprise system, generating a risk score for the given user based on the predicted impact of compromise and the given portion of the monitored user behavior, and identifying one or more remedial actions to reduce the risk score for the given user. The method also includes implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of at least one asset in the enterprise system, the at least one asset comprising at least one of a physical computing resource and a virtual computing resource in the enterprise system.

Abstract: A method includes obtaining usage metrics for assets of an enterprise system and extracting sets of features from the obtained usage metrics, the sets of features characterizing relative importance of each of the assets for each of two or more designated time windows. The method also includes determining, utilizing the extracted features, an importance of each of the assets. The method further includes establishing a baseline behavior of the assets based on the extracted features, monitoring behavior of the assets during at least one additional time window, and modifying a configuration of a given asset responsive to detecting that the monitored behavior of the given asset during the at least one additional time window exhibits a threshold difference from the established baseline behavior of the given asset, wherein the modification is based at least in part on the importance of the given asset relative to one or more other assets.

Abstract: Systems and methods for sensitive data remediation include calculating a Probability of Loss of data on a given computer based on measures of control, integrity, and potential avenues of exploitation of the given computer, determining an Impact of Loss of the data on the given computer based on a type, volume, and nature of the data, and correlating the Probability of Loss with the Impact of Loss to generate a risk score for the given computer that can be compared to other computers in the network. The computers with higher risk scores can then be subjected to data remediation activity.

Abstract: Systems and methods for sensitive data remediation include calculating a Probability of Loss of data on a given computer based on measures of control, integrity, and potential avenues of exploitation of the given computer, determining an Impact of Loss of the data on the given computer based on a type, volume, and nature of the data, and correlating the Probability of Loss with the Impact of Loss to generate a risk score for the given computer that can be compared to other computers in the network. The computers with higher risk scores can then be subjected to data remediation activity.