Reputation-based threat protection
First Claim
Patent Images
1. A method for reputation-based threat protection, the method comprising:
- receiving, from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources;
executing instructions stored in memory, wherein execution of the instructions by a processor;
identifies one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface,reviews the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message,identifies the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail messageblocks access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector, andblocks access to the e-mail message according to at least a second vector; and
providing a notification that the e-mail message was identified as a threat.
22 Assignments
0 Petitions
Accused Products
Abstract
Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.
47 Citations
20 Claims
-
1. A method for reputation-based threat protection, the method comprising:
-
receiving, from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources; executing instructions stored in memory, wherein execution of the instructions by a processor; identifies one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface, reviews the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message, identifies the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail message blocks access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector, and blocks access to the e-mail message according to at least a second vector; and providing a notification that the e-mail message was identified as a threat. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor for performing a method for reputation-based threat protection, the method comprising:
-
receiving, from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources; identifying one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface; reviewing the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message; identifying the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail message; blocking access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector; blocking access to the e-mail message according to at least a second vector; and providing a notification that the e-mail message was identified as a threat. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for reputation-based threat protection, the system comprising:
-
one or more databases; and at least one server communicatively coupled to the one or more databases, wherein the at least one server comprises; a communication interface that receives from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources; and a processor that executes instructions stored in memory, wherein execution of the instructions by a processor; identifies one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface, reviews the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message, identifies the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail message, blocks access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector, and blocks access to the e-mail message according to at least a second vector, wherein the communication interface provides a notification that the e-mail message was identified as a threat. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification