Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat identified in an alert, a threat disposition score (TDS) is retrieved. The TDS is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The TDS is based in part on an effectiveness of a prior calculated TDS to predict a particular historical disposition associated with the alert. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.

Abstract: In some examples, an accelerometer system includes a first excitation ring comprising: a first housing; and a first cover removably attached to the first housing, wherein the first housing and the first cover define a first recess. The accelerometer system also includes a second excitation ring comprising: a second housing; and a second cover removably attached to the second housing, wherein the second housing and the second cover define a second recess. The accelerometer system also includes a proof mass assembly; and processing circuitry located within one or both of the first recess and the second recess, wherein the first excitation ring and the second excitation ring shield the processing circuitry from harmful levels of radiation existing outside of the accelerometer system, and wherein the processing circuitry is configured to maintain a proof mass of the proof mass assembly in a null position.

Abstract: In some examples, an accelerometer system includes a first excitation ring comprising: a first housing; and a first cover removably attached to the first housing, wherein the first housing and the first cover define a first recess. The accelerometer system also includes a second excitation ring comprising: a second housing; and a second cover removably attached to the second housing, wherein the second housing and the second cover define a second recess. The accelerometer system also includes a proof mass assembly; and processing circuitry located within one or both of the first recess and the second recess, wherein the first excitation ring and the second excitation ring shield the processing circuitry from harmful levels of radiation existing outside of the accelerometer system, and wherein the processing circuitry is configured to maintain a proof mass of the proof mass assembly in a null position.

Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.

Abstract: Mechanisms for performing advanced rule analysis are provided. The mechanisms perform natural language processing of a security rule set data structure, specifying a plurality of security rules. The mechanisms execute, for each security rule pairing, a determination of a similarity measure indicating a degree of similarity of the textual description of the first security rule in the pairing with the textual description of the second security rule in the pairing, and in response to the security measure being equal to or above duplicate rule threshold value, eliminating one of the first security rule or the second security rule in the pairing from the security rule set data structure to generate a modified security rule set data structure. The mechanisms deploy the modified security rule set data structure to a computing environment for use in identifying security incidents and performing event management.

Abstract: Mechanisms for performing advanced rule analysis are provided. The mechanisms perform natural language processing of a security rule set data structure, specifying a plurality of security rules. The mechanisms execute, for each security rule pairing, a determination of a similarity measure indicating a degree of similarity of the textual description of the first security rule in the pairing with the textual description of the second security rule in the pairing, and in response to the security measure being equal to or above duplicate rule threshold value, eliminating one of the first security rule or the second security rule in the pairing from the security rule set data structure to generate a modified security rule set data structure. The mechanisms deploy the modified security rule set data structure to a computing environment for use in identifying security incidents and performing event management.

Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.

Abstract: A method and associated systems for measuring proficiency and efficiency of a security operations center. A processor gathers statistical information that identifies characteristics of a security-operations centers performance of a process during a certain period of time. The processor uses this information to derive values of a set of empirical metrics, and then uses these metric values to derive a set of novel parameters. These parameters quantize characteristics of the organization's proficiency and efficiency when servicing incoming service requests associated with the process. These parameters may also be used to identify proficiency or efficiency standards associated with the organization's past performance and to identify target standards that allow measurement of the organization's current or future performance.

Abstract: A method and associated systems for dynamically modeling workloads, staffing requirements, and resource requirements of a security operations center. A processor receives an average rate at which the center receives threats, an average time needed to handle a threat, a target time within which the center desires to respond to a threat, and a target service level that characterizes a goal of handling a certain portion of a workload within certain constraints. The processor develops a model of the operations center and allows the user to fine-tune the model by proposing what-if scenarios. The processor uses statistical methods that time-distribute characteristics of the workload and uses staff-availability information to translate the model into an interval capacity plan, which the user may further fine-tune by proposing additional scenarios. The processor continues to refine the model by comparing real-world results with the capacity plan's forecasts and by considering further user input.