Microsoft Corporation
Adaptation of attack surface reduction clusters

Abstract:

A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.