Abstract: Embodiments of the invention relate to systems, methods, and computer program products that provide for an employee security risk score. The security risk score is presented as an extensible composite vector that supports an arbitrary number of risk categories. The risk categories can be aggregated at any level in the business hierarchy or according to any employee parameter. The simplistic, highly normalized approach to employee security risk scoring reduces redundancies and dependencies and provides for real-time updates, As such, the employee security risk scoring system provides for easily identifiable recognition of employees who pose security threats and for a means to track and monitor security risks posed by the employee based on their security risk score.

Abstract: Systems and methods are disclosed for responding to security events in real time. The disclosed systems and methods utilize the vast amount of risk and asset knowledge collected in a security data warehouse and aggregated in a security information manager, without the expense and latency associated with performing such calculations in real time. The disclosed systems and methods, thereby, significantly extend the time intervals feasible for temporal analysis.

Abstract: Aspects of this disclosure relate to an identity level generating computer which may include a processor and memory storing computer executable instructions that, when executed, cause the computer to generate identity levels for users of a business. Generating identity levels for users of a business may include electronically receiving user data regarding at least one of: an identity of the user, a behavior of the user, a propensity of a user and a risk associated with the user's identity and determining one or more individual characteristic levels based on the electronically received information. Determining the one or more individual characteristic levels may include comparing the customer data regarding the at least one of the identity of the user, the behavior of the user, the propensity of the user and the risk associated with the user's identity with a list predetermined criteria and calculating an identity level based on the comparison of the user data with the list predetermined criteria.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing dynamic incident response using advanced analytics are presented. In some embodiments, a computing device may determine that an incident has occurred. The computing device then may load a predefined response template that includes parameters for responding to the incident. Subsequently, the computing device may utilize a big data platform to identify one or more potential responders for the incident based on the predefined response template. In some additional embodiments, the computing device also may contact the identified potential responders and subsequently monitor communications by the identified potential responders that are responsive to the contact. The computing device may also update historical interaction data based on the monitoring, and this historical interaction data may be used to subsequently determine the likelihood that at least one potential responder will respond to a future incident.

Abstract: Systems and methods are disclosed for responding to security events in real time. The disclosed systems and methods utilize the vast amount of risk and asset knowledge collected in a security data warehouse and aggregated in a security information manager, without the expense and latency associated with performing such calculations in real time. The disclosed systems and methods, thereby, significantly extend the time intervals feasible for temporal analysis.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing dynamic incident response using advanced analytics are presented. In some embodiments, a computing device may determine that an incident has occurred. The computing device then may load a predefined response template that includes parameters for responding to the incident. Subsequently, the computing device may utilize a big data platform to identify one or more potential responders for the incident based on the predefined response template. In some additional embodiments, the computing device also may contact the identified potential responders and subsequently monitor communications by the identified potential responders that are responsive to the contact. The computing device may also update historical interaction data based on the monitoring, and this historical interaction data may be used to subsequently determine the likelihood that at least one potential responder will respond to a future incident.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning. In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning. In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products that provide for an employee security risk score. The security risk score is presented as an extensible composite vector that supports an arbitrary number of risk categories. The risk categories can be aggregated at any level in the business hierarchy or according to any employee parameter. The simplistic, highly normalized approach to employee security risk scoring reduces redundancies and dependencies and provides for real-time updates, As such, the employee security risk scoring system provides for easily identifiable recognition of employees who pose security threats and for a means to track and monitor security risks posed by the employee based on their security risk score.

Abstract: Aspects of this disclosure relate to an identity level generating computer which may include a processor and memory storing computer executable instructions that, when executed, cause the computer to perform a method for generating identity levels for customers of a business. The method for generating identity levels for customers of a business may include electronically receiving customer data regarding at least one of: an identity of the customer, a behavior of the customer, a propensity of a customer and a risk associated with the customer's identity and determining one or more individual characteristic levels based on the electronically received information.