Abstract: System and method to evaluate a plurality of security entities in a network environment is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted by the security appliance. The selective information is indicative of a value for one or more attributes of the plurality of security entities. A first value indicative of occurrence of each of the values for each of the attributes is generated. A second value indicative of occurrence of each of the values for each of the attributes for each of the security entity is generated. A third value is calculated based on the first value and the second value for each of the attribute value for each of the security entity, wherein the third value is indicative of significance of the value of the attribute for the security entity.

Abstract: System and method for detecting a likely threat from a malicious attack is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted. One or more weak signals of a threat is detected based on the selective information. One or more weak signals are evaluated for a likely threat based on a threshold value. A corrective action is initiated for the likely threat, based on the evaluation.

Abstract: System and method for detecting a likely threat from a malicious attack is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted. Selective information is associated to one or more attributes of a security entity. A knowledge graph is generated for a plurality of security entities based on the associated selective information.

Abstract: System and method for evaluating communication between a plurality of computing devices is disclosed. A plurality of communication between a user computer and at least one a destination computer is monitored by a security appliance. Selective information from the plurality of communication is extracted by the security appliance. Extracted selective information between a pair of communication is compared for a match. An activity record is generated for the user computer and at least one destination computer, based on the match.

Abstract: System and method to identify a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. Selective information from the communication is extracted by the security appliance. At least one security entity is identified based on a subset of the selective information. One or more selective information is associated to at least one security entity. A knowledge graph is generated based on the associated selective information.

Abstract: System and method to characterize a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. Selective information from the communication is extracted by the security appliance, selective information indicative of the security entity. A plurality of words from the communication between the identified security entity and at least one destination computer are selectively extracted. A word cloud is generated based on the selectively extracted plurality of words. The word cloud is evaluated to characterize the identified security entity.