US 9,811,927 B2
Universal actor correlator
Victoria L. Rowland, Bonners Ferry, ID (US); and Brian Smith, Fort Worth, TX (US)
Assigned to Click Security, Inc., Austin, TX (US)
Filed by Click Security, Inc., Austin, TX (US)
Filed on Feb. 27, 2015, as Appl. No. 14/633,925.
Application 14/633,925 is a continuation of application No. 13/843,414, filed on Mar. 15, 2013, granted, now 8,973,141, issued on Mar. 3, 2015.
Prior Publication US 2015/0287225 A1, Oct. 8, 2015
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/60 (2013.01); G06T 11/20 (2006.01); H04L 29/06 (2006.01)
CPC G06T 11/206 (2013.01) [G06F 21/60 (2013.01); H04L 63/08 (2013.01); H04L 63/10 (2013.01); H04L 63/104 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01)] 11 Claims
OG exemplary drawing
 
1. A network security system comprising:
plural network sensors at plural locations operable to detect network telemetry information and stream the network telemetry information to a network location, the network telemetry information including events, each event having at least one of plural types of actor identifiers; and
a precorrelation core stored in non-transitory memory and interfaced with the data source, the precorrelation core storing the network telemetry information in tables of random access memory by the types of actor identifier of each event, the precorrelation core associating events and actors by comparing actor identifiers for the tables to identify each event of different tables having common actor identifier information, wherein the network telemetry information tables include an IP address table and a type of event, the type of event is an authentication event, the precorrelation core operable to associate authentication events by dynamically assigned IP addresses; and
a graphical user interface interfaced with the precorrelation core and operable to present the identified events of the different tables having common actor identifier information.