A European financial institution known as Lloyds Banking Group announced that it has obtained a U.S. invention for its so-called International Correlation Engine, a system that can automatically determine when a cybersecurity alert is a real threat.
The company’s news this week stated that it is looking to” electrify its skills” using artificial intelligence, according to Matt Rowe, chief protection officer at the bank, despite the fact that the U.S. Patent and Trademark Office, or USPTO, granted the patent in August.
Lloyds claimed that the number of false positive security alerts it referred to by security personnel decreased consistently from 70 % to 92 % within . These employees are less distracted by false alarms by reducing false positives, allowing them to concentrate on real threats.
Our Global Correlation Engine is an innovative technology that will enable us to identify real threats more quickly and effectively, ensuring that our customers are protected, Rowe said in the press release.
The co-known Global Correlation Engine, or GCE, is a patented system that analyzes individual network events. An instance of an event might be a user signing into an application, a user receiving an email with a web link, or someone trying to export all of the credentials from a server.
Each event is evaluated by the GCE on the basis of how similar its strategies and tactics are to those employed by cyberattackers in the real world. A taxonomy of these tactics and techniques, known as ATT&, CK, is published by The MITRE Corporation.
An example of how the GCE might score an event is how similar a login attempt to an adversary using stolen credentials ( as opposed to the legitimate user logging in ) is when a user logs into an application. Or, to put it another way, the system could determine how shady a given email link is, or how similar it appears to be to a phishing attempt ( let’s say, an email with a harmless link ).
To show how related events are related, the GCE also plots each event. For instance, each of the events in the graph would be connected to the other if a user logs in, launches a command line, and uses the command line to modify data on a remote server.
The GCE adds the threat score for each grouping to calculate the total. If this number exceeds certain thresholds, the system issues an alert to a security analyst, who will then check whether a cyberattack has occurred.
In the past, other methods for monitoring security alerts have been patented. For instance, FireEye, a security company, was granted a patent in 2020 that describes a method for relating events similar to those described in the Lloyds patent, which correlate together to create a pattern of malicious behavior.
This alleged prior art limits how much of a scope does Lloyds have for enforcing its patent. In other words, the company can’t create a broad blocade on threat detection systems that correlate security events with each other to bring up legitimate threats, even though the patent will protect against the company’s ability to shut down precise replications of its methods.
The bank has applied for an international patent as well, and the bank has the same patent in the U.K. The bank also has applied for an international patent. Miguel Merayo Suarez, Alexander Wallace, and James Bell, who were bank employees at the time the USPTO granted the patent, are the inventors.