Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: provide a data exchange layer (DXL) software interface, the DXL software interface to communicatively couple to an enterprise service bus (ESB) and to provide DXL messaging services via the ESB; communicatively couple to a DXL broker via the DXL software interface; via the DXL broker, subscribe to a DXL location services topic; receive via the DXL broker a location services query; and responsive the location services query, provide logical location data for one or more network devices.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing event risk score generation operation. The event risk score generation operation includes identifying an anomalous event from a plurality of events enacted by the entity; generating a first event risk severity score based upon the anomalous event; generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity; generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score; performing a risk-adaptive prevention operation, the risk-adaptive prevention operation using the entity risk severity score, the risk-adaptive prevention operation adaptively responding to mitigate risk associated with the anomalous event.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a event risk severity score generation operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a event risk severity score generation operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing event risk score generation operation. The event risk score generation operation includes identifying an anomalous event from a plurality of events enacted by the entity; generating a first event risk severity score based upon the anomalous event; generating a second event risk severity score based upon a historical entity risk function, the historical entity risk function providing an indication of historical security risk of the entity; generating an entity risk severity score for the entity, the generating using the historical entity risk function and the event risk severity score; performing a risk-adaptive prevention operation, the risk-adaptive prevention operation using the entity risk severity score, the risk-adaptive prevention operation adaptively responding to mitigate risk associated with the anomalous event.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: provide a data exchange layer (DXL) software interface, the DXL software interface to communicatively couple to an enterprise service bus (ESB) and to provide DXL messaging services via the ESB; communicatively couple to a DXL broker via the DXL software interface; via the DXL broker, subscribe to a DXL location services topic; receive via the DXL broker a location services query; and responsive the location services query, provide logical location data for one or more network devices.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.