Reputation-based threat protection

US 10,326,779 B2
Filed: 12/14/2015
Issued: 06/18/2019
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method for reputation-based threat protection, the method comprising:

receiving, from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources;

executing instructions stored in memory, wherein execution of the instructions by a processor;

identifies one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface,reviews the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message,identifies the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail messageblocks access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector, andblocks access to the e-mail message according to at least a second vector; and

providing a notification that the e-mail message was identified as a threat.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

47 Citations

20 Claims

1. A method for reputation-based threat protection, the method comprising:
- receiving, from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources;
  
  executing instructions stored in memory, wherein execution of the instructions by a processor;
  
  identifies one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface,reviews the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message,identifies the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail messageblocks access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector, andblocks access to the e-mail message according to at least a second vector; and
  
  providing a notification that the e-mail message was identified as a threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first vector corresponds to a first port for accessing the URL and the second vector corresponds to a second port.
  - 3. The method of claim 1, wherein a signature is generated from the one or more components of the intercepted e-mail message.
  - 4. The method of claim 1, wherein information corresponding to the intercepted e-mail message is transmitted to a data center.
  - 5. The method of claim 4, wherein the information corresponding to the intercepted e-mail message is encoded and is transmitted to the data center according to a secure hypertext transfer protocol (HTTPS).
  - 6. The method of claim 5, wherein the information corresponding to the intercepted e-mail message is encoded according to at least one of a data encryption standard (DES) or an advanced encryption standard (AES).
  - 7. The method of claim 1, wherein the first network communication interface corresponds to at least one of an interface associated with outgoing e-mail traffic or a communication interfaces associated with incoming e-mail traffic.

8. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor for performing a method for reputation-based threat protection, the method comprising:
- receiving, from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources;
  
  identifying one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface;
  
  reviewing the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message;
  
  identifying the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail message;
  
  blocking access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector;
  
  blocking access to the e-mail message according to at least a second vector; and
  
  providing a notification that the e-mail message was identified as a threat.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable storage medium of claim 8, wherein the first vector corresponds to a first port for accessing the URL and the second vector corresponds to a second port.
  - 10. The non-transitory computer readable storage medium of claim 8, wherein a signature is generated from the one or more components of the intercepted e-mail message.
  - 11. The non-transitory computer readable storage medium of claim 8, wherein information corresponding to the intercepted e-mail message is transmitted to a data center.
  - 12. The non-transitory computer readable storage medium of claim 11, wherein the information corresponding to the intercepted e-mail message is encoded and is transmitted to the data center according to a secure hypertext transfer protocol (HTTPS).
  - 13. The non-transitory computer readable storage medium of claim 12, wherein the information corresponding to the intercepted e-mail message is encoded according to at least one of a data encryption standard (DES) or an advanced encryption standard (AES).
  - 14. The non-transitory computer readable storage medium of claim 8, wherein the first network communication interface corresponds to at least one of an interface associated with outgoing e-mail traffic or a communication interfaces associated with incoming e-mail traffic.

15. A system for reputation-based threat protection, the system comprising:
- one or more databases; and
  
  at least one server communicatively coupled to the one or more databases, wherein the at least one server comprises;
  
  a communication interface that receives from one or more databases, information concerning a plurality of identified threats from a plurality of selected sources; and
  
  a processor that executes instructions stored in memory, wherein execution of the instructions by a processor;
  
  identifies one or more components of an intercepted e-mail message, wherein the intercepted e-mail message was received over a first network communication interface,reviews the one or more components to associate, using the received information, one or more reputation scores with the intercepted e-mail message,identifies the intercepted e-mail message as a threat based on the one or more reputation scores associated with the e-mail message,blocks access to a universal resource locator (URL) included in the intercepted e-mail according to at least a first threat vector, andblocks access to the e-mail message according to at least a second vector,wherein the communication interface provides a notification that the e-mail message was identified as a threat.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the first vector corresponds to a first port for accessing the URL and the second vector corresponds to a second port.
  - 17. The system of claim 15, wherein a signature is generated from the one or more components of the intercepted e-mail message.
  - 18. The system of claim 15, wherein information corresponding to the intercepted e-mail message is transmitted to a data center.
  - 19. The system of claim 18, wherein the information corresponding to the intercepted e-mail message is encoded and is transmitted to the data center according to a secure hypertext transfer protocol (HTTPS).
  - 20. The system of claim 19, wherein the encoding of the information corresponding to the intercepted e-mail message is encoded according to at least one of a data encryption standard (DES) or an advanced encryption standard (AES).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Yanovsky, Boris, Eikenberry, Scott
Primary Examiner(s)
Rahim, Monjur

Application Number

US14/968,786
Publication Number

US 20160099959A1
Time in Patent Office

1,282 Days
Field of Search

726 13
US Class Current
CPC Class Codes

G06F 16/955   using information identifie...

G06F 21/552   involving long-term monitor...

H04L 51/212   using filtering or selectiv...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

Reputation-based threat protection

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reputation-based threat protection

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links