Abstract: System and method for detecting a likely threat from a malicious attack is disclosed. Communication between a user computer and a destination computer is monitored by a security appliance. Selective information from the communication is extracted. Selective information is associated to one or more attributes of a security entity. A knowledge graph is generated for a plurality of security entities based on the associated selective information.

Abstract: System and method for evaluating communication between a plurality of computing devices is disclosed. A plurality of communication between a user computer and at least one a destination computer is monitored by a security appliance. Selective information from the plurality of communication is extracted by the security appliance. Extracted selective information between a pair of communication is compared for a match. An activity record is generated for the user computer and at least one destination computer, based on the match.

Abstract: System and method to identify a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. Selective information from the communication is extracted by the security appliance. At least one security entity is identified based on a subset of the selective information. One or more selective information is associated to at least one security entity. A knowledge graph is generated based on the associated selective information.

Abstract: System and method to characterize a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. Selective information from the communication is extracted by the security appliance, selective information indicative of the security entity. A plurality of words from the communication between the identified security entity and at least one destination computer are selectively extracted. A word cloud is generated based on the selectively extracted plurality of words. The word cloud is evaluated to characterize the identified security entity.