Multi-level control for enhanced resource and object evaluation management of malware detection system
First Claim
1. A malware detection system, comprising:
- a portal providing access over a network to displayable data that allows each customer of a plurality of customer to (i) register with and obtain a subscription to the malware detection system and (ii) produce subscription information including a plurality of service attributes that correspond to one or more subscription requirements;
a subscription review service communicatively coupled with the portal, the subscription review service comprises a data store configured to store the subscription information including the plurality of service attributes for each customer of the plurality of customers, wherein each subscription information includes a customer identifier and at least one identifier associated with a source operable to submit one or more objects to the malware detection system for analysis;
a cloud broker communicatively coupled with the subscription review service and including a first processor and a first memory, the first memory includes analysis selection logic that, upon execution by the first processor, selects a cluster of a plurality of clusters to receive an object of the one or more objects from the source, wherein the cloud broker being located in a public network; and
a cluster broker communicatively coupled with and remotely located from the cloud broker and being part of or in communication with the selected cluster of the plurality of clusters, the cluster broker, including a second processor and a second memory, to select an object analyzer of the selected cluster to analyze the object submitted by the source to determine whether the analyzed object is associated with a cyber-attack, wherein the cluster broker being located in a private network;
wherein the cloud broker including enforcement logic, stored in the first memory that, upon execution by the first processor, enforces compliance with the plurality of service attributes from the subscription information.
7 Assignments
0 Petitions
Accused Products
Abstract
A computerized method for enforcing compliance to a subscription for object evaluation service by a malware detection system is described. Enforcement logic receives operational metadata from the malware detection system. The operational metadata includes metadata associated with operations performed on objects submitted to the malware detection system by the one or more customers. For each customer, the operational metadata associated with operations performed on data submitted by the customer is analyzed for comparison with a plurality of service attributes associated with the subscription for the customer. Responsive to detecting that the customer is failing to comply with one or more service attributes of the plurality of service attributes, performing, by the enforcement logic, an operation to remedy (i) a failure by the customer in complying with the subscription requirements for the customer or (ii) a failure by the malware detection system in providing the customer with object evaluation service that satisfies the subscription requirements for the customer.
-
Citations
41 Claims
-
1. A malware detection system, comprising:
-
a portal providing access over a network to displayable data that allows each customer of a plurality of customer to (i) register with and obtain a subscription to the malware detection system and (ii) produce subscription information including a plurality of service attributes that correspond to one or more subscription requirements; a subscription review service communicatively coupled with the portal, the subscription review service comprises a data store configured to store the subscription information including the plurality of service attributes for each customer of the plurality of customers, wherein each subscription information includes a customer identifier and at least one identifier associated with a source operable to submit one or more objects to the malware detection system for analysis; a cloud broker communicatively coupled with the subscription review service and including a first processor and a first memory, the first memory includes analysis selection logic that, upon execution by the first processor, selects a cluster of a plurality of clusters to receive an object of the one or more objects from the source, wherein the cloud broker being located in a public network; and a cluster broker communicatively coupled with and remotely located from the cloud broker and being part of or in communication with the selected cluster of the plurality of clusters, the cluster broker, including a second processor and a second memory, to select an object analyzer of the selected cluster to analyze the object submitted by the source to determine whether the analyzed object is associated with a cyber-attack, wherein the cluster broker being located in a private network; wherein the cloud broker including enforcement logic, stored in the first memory that, upon execution by the first processor, enforces compliance with the plurality of service attributes from the subscription information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computerized method for enforcing compliance to subscription requirements, the method comprising:
-
receiving, by enforcement logic, operational metadata from a malware detection system including one or more clusters configured to analyze one or more objects submitted by one or more customers to determine whether the one or more analyzed object is associated with a cyber-attack, the operational metadata being metadata associated with operations performed on the one or more objects submitted to the malware detection system by the one or more customers; and for each customer of the one or more customers, analyzing the operational metadata associated with operations performed on one or more objects submitted by the customer based on with a plurality of service attributes associated with a subscription for the customer, the plurality of service attributes corresponding to subscription requirements for the customer, and responsive to detecting that the customer is failing to comply with one or more service attributes of the plurality of service attributes, performing an operation to remedy (i) a failure by the customer in complying with the subscription requirements for the customer or (ii) a failure by the malware detection system in providing the customer with resources to satisfy the subscription requirements. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A non-transitory storage medium including software that, during execution by a processor, enforces compliance to subscription requirements by performing operations comprising:
-
receiving, by enforcement logic, operational metadata being metadata associated with operations performed on data submitted to a malware detection system, the malware detection system includes one or more clusters configured to analyze the data to determine whether the data is associated with a cyber-attack; analyzing the operational metadata associated with operations performed on the data submitted by a customer based on a plurality of service attributes associated with a subscription for the customer, the plurality of service attributes corresponding to subscription requirements for the customer; and responsive to detecting that the customer is failing to comply with one or more service attributes of the plurality of service attributes, performing an operation to remedy (i) a failure by the customer in complying with the subscription requirements for the customer or (ii) a failure by the malware detection system in providing the customer with resources to satisfy the subscription requirements. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A subscription review service deployed within a malware detection system, comprising:
-
a data store storing subscription information including a plurality of service attributes for each customer of a plurality of customers, wherein each subscription information includes a customer identifier and at least one identifier associated with a sensor operable to submit one or more objects to the malware detection system for analysis; licensing logic that, during execution, receives software license credentials from the sensor associated with the customer, the software license credentials include service policy level information; and enrollment logic, upon receipt of the software license credentials, to control access to the malware detection system by the sensor, the enrollment logic being configured to (i) receive an enrollment request message, including at least an identifier of the sensor and an identifier of the customer, (ii) authenticate the sensor, and (iii) return a network address for accessing a cloud broker being logic that is configured to select one of a plurality of clusters for analysis of the one or more objects to determine whether any of the one or more objects system is associated with a cyber-attack. - View Dependent Claims (39, 40, 41)
-
Specification