Abstract: A system and method for detecting unauthorized access to a plurality of network assets is described. The system and method receive a network asset feed from a plurality of data sources and then generating at least one social graph with the network asset feed. User communities are identified with the social graph and user accounts are associated with user communities. Commonly accessed network assets are identified from a firewall log, a router log or the combination thereof. A derived community is identified based on the user accounts associated with commonly accessed network assets. The systems and methods monitor communications associated with the user community so that the communications correspond to the derived community, and then reports an anomalous communication when the user community communications do not correspond to the derived community.

Abstract: A system and method for detecting unauthorized access to a plurality of network assets is described. The system and method receive a network asset feed from a plurality of data sources and then generating at least one social graph with the network asset feed. User communities are identified with the social graph and user accounts are associated with user communities. Commonly accessed network assets are identified from a firewall log, a router log or the combination thereof. A derived community is identified based on the user accounts associated with commonly accessed network assets. The systems and methods monitor communications associated with the user community so that the communications correspond to the derived community, and then reports an anomalous communication when the user community communications do not correspond to the derived community.

Abstract: A method for prioritizing a security incident is described. The method includes determining a social graph of a plurality users in an organization. The method then proceeds to apply a first algorithm to the social graph to determine a dynamic organizational hierarchy. The method identifies a critical user community from a plurality of critical users in the dynamic organizational hierarchy. A plurality of security incidents are identified based on the dynamic organizational hierarchy by the prioritization analytics engine. Each security incident includes at least one of an alert, an event and an anomaly. The security incident is identified when a critical user is affected by the security incident by the prioritization analytics engine. The security incident is selected from at least one of a security alert, a security event, and a security anomaly.

Abstract: A method for identifying an ingress router with collected IP network traffic data captured at an egress router is described. The method includes receiving, at a learning database, an ingress network traffic data flow exported from the ingress router and an ingress interface. The method then proceeds to receive, at a flow processing module, an egress network traffic data flow exported from the egress router and an egress interface. The method then enables the flow processing module to query the learning database with the egress network traffic data flow. The method determines the ingress router corresponding to the egress network traffic data flow, when the learning database matches the egress network traffic data flow with the ingress network traffic data flow.