System and method for vendor agnostic automatic supplementary intelligence propagation

US 10,489,720 B2
Filed: 05/02/2017
Issued: 11/26/2019
Est. Priority Date: 05/02/2017
Status: Active Grant

First Claim

Patent Images

1. An information handling system comprising:

a storage device configured to store network activity logs from a first set of client systems and a second set of client systems; and

a processor configured to;

receive a security alert from the first set of client systems;

analyze the security alert to obtain a plurality of supplementary indicators;

utilize the supplementary indicators to build a statistical security model; and

analyze activity on the second set of client systems using the statistical security model to identify an additional security event,wherein the first set of client systems does not include the second set of client systems.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information handling system includes a storage and a processor. The storage is configured to store network activity logs from a first client system and a second client system. The processor is configured to receive a security alert from the first client system, analyze the security alert to obtain a plurality of indicators, utilize the supplementary indicators to build a statistical security model, and analyze activity on the second client system using the statistical security model to identify an additional security events.

12 Citations

18 Claims

1. An information handling system comprising:
- a storage device configured to store network activity logs from a first set of client systems and a second set of client systems; and
  
  a processor configured to;
  
  receive a security alert from the first set of client systems;
  
  analyze the security alert to obtain a plurality of supplementary indicators;
  
  utilize the supplementary indicators to build a statistical security model; and
  
  analyze activity on the second set of client systems using the statistical security model to identify an additional security event,wherein the first set of client systems does not include the second set of client systems.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The information handling system of claim 1, wherein the activity is stored in a log of previous activity for the second set of client systems.
  - 3. The information handling system of claim 2, wherein the additional security event is a previously undetected security event.
  - 4. The information handling system of claim 1, wherein the activity of the second client system includes current activity on the second set of client systems.
  - 5. The information handling system of claim 4, wherein the additional security event is an ongoing malicious activity.
  - 6. The information handling system of claim 1, wherein the statistical security model provides a likelihood that activity is malicious based on one or more of the supplementary indicators.

7. A method for automated malware analysis, comprising:
- receiving alerts of one or more security events from a first set of client systems;
  
  analyzing the security event alerts to obtain a plurality of indicators;
  
  utilizing the indicators to build a statistical security model; and
  
  analyzing activity of a second set of client systems using the statistical security model to identify an additional security event,wherein the security alert is from the first set of client systems that does not include the second set of client systems.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the activity is stored in a log of previous events for the second set of client systems.
  - 9. The method of claim 8, wherein the additional security event is a previously undetected security event.
  - 10. The method of claim 7, wherein the activity of the second client system includes logs of current activity on the second set of client systems.
  - 11. The method of claim 10, wherein the additional security event is ongoing malicious activity.
  - 12. The method of claim 7, wherein the statistical security model provides a likelihood that activity is malicious based on one or more of the supplementary indicators.

13. A non-transitory computer-readable medium including code that when executed causes a processor to perform a method, the method comprising:
- receiving alerts of one or more security events from a first set of client systems;
  
  analyzing the security event alerts to obtain a plurality of indicators;
  
  utilizing the indicators to build a statistical security model; and
  
  analyzing activity of a second set of client systems the statistical security model to identify an additional security event,wherein the security alert is from the first set of client systems that does not include the second set of client systems.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the activity is stored in a log of previous events for the second set of client systems.
  - 15. The non-transitory computer-readable medium of claim 14, wherein the additional security event is a previously undetected security event.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the activity of the second client system includes logs of current activity on the second set of client systems.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the additional security event is ongoing malicious activity.
  - 18. The non-transitory computer-readable medium of claim 13, wherein the statistical security model provides a likelihood that activity is malicious based on one or more of the supplementary indicators.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureWorks Corp. (Dell Technologies Inc.)
Original Assignee
SecureWorks Corp. (Dell Technologies Inc.)
Inventors
McLean, Lewis I., Smithson, Angus W.
Primary Examiner(s)
Lottich, Joshua P

Application Number

US15/584,816
Publication Number

US 20180322410A1
Time in Patent Office

938 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06N 20/00   Machine learning

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

System and method for vendor agnostic automatic supplementary intelligence propagation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for vendor agnostic automatic supplementary intelligence propagation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links