Computerized system and method for securely distributing and exchanging cyber-threat information in a standardized format
First Claim
1. A computerized method for distributing threat information, comprising:
- providing a network connecting a central repository to a plurality of local repositories, each local repository is in communication with a sensor;
generating threat information in a customizable machine readable language with a sensor based on an observed event;
creating a first item describing the threat information by converting the machine readable language into a common language at one of the plurality of local repositories;
pushing the first item from one of the plurality of local repositories to the central repository for storing the first item and distributing the first item from the central repository to the plurality of other local repositories; and
pushing the first item from the first local repository directly to another local repository in the network, wherein each of the plurality of local repositories are configured to push the first item to another local repository in the network, and each of the plurality of local repositories are configured to pull the first item from another local repository in the network.
3 Assignments
0 Petitions
Accused Products
Abstract
Computerized systems and methods for sharing identified cyber-threat information in a standardized and secure format. The sharing of cyber-threat information assists in preventing malicious actors from replicating successful cyber-attacks by informing potential targets of the methods employed by the malicious actors, and the defensive measures that those targets should to implement to prevent those methods from succeeding. By distributing cyber-threat information in a standardized format, the systems and methods enable participating entities to automatically analyze and implement defensive measures for cyber-threat information shared by any other participating entities. The systems and methods also permit an entity to control which threat information it shares and which other entities it shares it with in a secure manner in order to preserve that entity'"'"'s security and reputation.
-
Citations
20 Claims
-
1. A computerized method for distributing threat information, comprising:
-
providing a network connecting a central repository to a plurality of local repositories, each local repository is in communication with a sensor; generating threat information in a customizable machine readable language with a sensor based on an observed event; creating a first item describing the threat information by converting the machine readable language into a common language at one of the plurality of local repositories; pushing the first item from one of the plurality of local repositories to the central repository for storing the first item and distributing the first item from the central repository to the plurality of other local repositories; and pushing the first item from the first local repository directly to another local repository in the network, wherein each of the plurality of local repositories are configured to push the first item to another local repository in the network, and each of the plurality of local repositories are configured to pull the first item from another local repository in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computerized system for storing and distributing threat information, comprising:
-
a central repository for storing and distributing threat information; a plurality of local repositories for storing and distributing threat information, each local repository is capable of generating threat information in a customizable machine readable language based on an observed event, creating a first item describing the threat information by converting the machine readable language into a common language, pushing the first item to the central repository, and pushing the first item directly to one local repository, each of the plurality of local repositories are configured to push the first item to another local repository, and each local repository is configured to pull threat information from another local repository; and a network connecting the central repository with the plurality of local repositories, wherein the network allows transmission of the first item from at least one of the plurality of local repositories to the central repository, transmission of the first item from the central repository to the plurality of local repositories, and transmission of the first item from at least one of the plurality of local repositories directly to one other local repository. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification