×

Systems and methods for automated retrieval, processing, and distribution of cyber-threat information

  • US 10,178,112 B2
  • Filed: 12/05/2017
  • Issued: 01/08/2019
  • Est. Priority Date: 04/20/2015
  • Status: Active Grant
First Claim
Patent Images

1. A cyber-threat network device for automated processing of cyber-threat information, comprising:

  • a network adapter configured to receive;

    first cyber-threat information in a first format from an internal cyber-threat information source over a private network, the internal cyber-threat information source comprising a network component of an entity system, the network component being configured to provide, using an Application Program Interface (API) exposed by the network component, at least a portion of the first cyber-threat information; and

    second cyber-threat information in a second format from an external cyber-threat information source over an external network;

    at least one processor configured to perform operations comprising;

    filtering the first cyber-threat information and the second cyber-threat information by applying exclusion criteria to exclude, from further processing, the received cyber-threat information that satisfies the exclusion criteria;

    processing the filtered first cyber-threat information and the filtered second cyber-threat information into processed cyber-threat information in a standard format, the standard format comprising;

    a first data marking indicating a categorization of the first cyber-threat information and the second cyber-threat information;

    a second data marking indicating an expiration of the first cyber-threat information and the second cyber-threat information; and

    a context comprising detection and remediation procedures for cyber-attacks associated with the first cyber-threat information and the second cyber-threat information;

    extracting, from the first cyber-threat information and the second cyber-threat information, information identifying the processed cyber-threat information based on stored identification criteria;

    enforcing policy rules specifying at least one of;

    a user authorized to access the processed cyber-threat information;

    a type of processed cyber-threat information that may be accessed;

    methods of access to the processed cyber-threat information;

    orpermissible uses of accessed items of the processed cyber-threat information;

    automatically instructing the network component of the entity system to reconfigure the network component in response to the processed cyber-threat information; and

    distributing the processed cyber-threat information in the standard format to a distributor using an API exposed by the distributor.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×