Exabeam. has been granted a patent for a method of graph-based multi-stage attack detection that organizes cybersecurity alerts according to attack tactics within a framework like MITRE ATT&CK. The system groups alerts into tactic blocks, constructs a graph, identifies threat scenarios, and displays ranked threat information. GlobalData’s report on Exabeam gives a 360-degree view of the company including its patenting strategy. Buy the report here.

According to GlobalData’s company profile on Exabeam, DNS monitoring was a key innovation area identified from patents. Exabeam's grant share as of July 2024 was 68%. Grant share is based on the ratio of number of grants to total number of patents.

Graph-based multi-stage cybersecurity attack detection system

Source: United States Patent and Trademark Office (USPTO). Credit: Exabeam Inc

The granted patent US12063226B1 outlines a method and system for graph-based, multi-stage attack detection in cybersecurity. The method involves a computer system that processes a series of cybersecurity alerts generated within a specified analysis window. Each alert is classified according to an established attack framework, which organizes attack tactics into a sequence. The alerts are then grouped into tactic blocks based on shared attack tactics and time criteria. A graph is constructed by directionally connecting these tactic blocks, taking into account time, tactic, and matching criteria. The system identifies clusters of interconnected components within this graph and determines threat scenarios that represent sequences of attack tactics. These scenarios are ranked, and information regarding the highest-ranked scenarios is displayed, including the associated sequence of attack tactics.

Additionally, the patent specifies criteria for connecting tactic blocks, such as shared user names or source host computers. The identification of clusters utilizes graph theory algorithms, and the highest-risk sequences of events within these clusters are determined based on risk scores assigned to each alert. The ranking of threat scenarios is influenced by these risk scores, ensuring that the most critical threats are prioritized. The patent also encompasses a non-transitory computer-readable medium that enables the execution of this method, as well as a computer system designed to perform these operations, thereby enhancing the detection and analysis of cybersecurity threats through a structured and systematic approach.

To know more about GlobalData’s detailed insights on Exabeam, buy the report here.

Data Insights

From

The gold standard of business intelligence.

Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.

GlobalData

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

GlobalData Patent Analytics tracks bibliographic data, legal events data, point in time patent ownerships, and backward and forward citations from global patenting offices. Textual analysis and official patent classifications are used to group patents into key thematic areas and link them to specific companies across the world’s largest industries.