REPUTATION-BASED THREAT PROTECTION

US 20120311703A1
Filed: 08/15/2011
Published: 12/06/2012
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method for reputation based threat protection, the method comprising:

maintaining information in memory concerning a plurality of identified threats, the maintained information provided by a plurality of preselected sources;

receiving an e-mail message over a communication network;

executing instructions stored in memory, wherein execution of the instructions by a processor;

separates the received e-mail message into a plurality of components,searches the maintained information to identify a reputation score associated with each of the plurality of components, anddetermines that the e-mail is a threat based on the identified reputation score of each of the plurality of components; and

sending information to a designated recipient regarding the determination that the e-mail is a threat, the information being sent over the communication network.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

Citations

19 Claims

1. A method for reputation based threat protection, the method comprising:
- maintaining information in memory concerning a plurality of identified threats, the maintained information provided by a plurality of preselected sources;
  
  receiving an e-mail message over a communication network;
  
  executing instructions stored in memory, wherein execution of the instructions by a processor;
  
  separates the received e-mail message into a plurality of components,searches the maintained information to identify a reputation score associated with each of the plurality of components, anddetermines that the e-mail is a threat based on the identified reputation score of each of the plurality of components; and
  
  sending information to a designated recipient regarding the determination that the e-mail is a threat, the information being sent over the communication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising generating a thumbprint for each of the plurality of components.
  - 3. The method of claim 2, wherein each of the preselected sources is allowed one vote per thumbprint per day.
  - 4. The method of claim 3, wherein the reputation score for each of the plurality of components is based on a collection of votes from the preselected sources.
  - 5. The method of claim 1, further comprising:
    - identifying a sender of the e-mail message determined to be a threat; and
      
      sending an alert regarding the identified sender.
  - 6. The method of claim 5, further comprising locating the sender device, wherein the sender device is placed in safe mode.
  - 7. The method of claim 6, wherein an outgoing e-mail sent by the sender device placed in safe mode is quarantined for analysis before being allowed to be delivered to a recipient.
  - 8. The method of claim 7, wherein analysis includes permitting the sender to review the quarantined message and information regarding the determination that the e-mail message is a threat.
  - 9. The method of claim 8, wherein content in the quarantined message is blocked from display.
  - 10. The method of claim 7, wherein analysis includes permitting the recipient to review the quarantined message and information regarding the determination that the e-mail message is a threat.
  - 11. The method of claim 10, wherein content in the quarantined message is blocked from display.

12. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for reputation based threat protection, the method comprising:
- maintaining information concerning a plurality of identified threats, the maintained information provided by a plurality of preselected sources;
  
  receiving an e-mail message;
  
  separating the received e-mail message into a plurality of components;
  
  searching the maintained information to identify a reputation score associated with each of the plurality of components;
  
  determining that the e-mail is a threat based on the identified reputation score of each of the plurality of components; and
  
  sending information to a designated recipient regarding the determination that the e-mail is a threat.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The non-transitory computer-readable storage medium of claim 12, the program further executable to generate a thumbprint for each of the plurality of components.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein each of the preselected sources is allowed one vote per thumbprint per day.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the reputation score for each of the plurality of components is based on a collection of votes from the preselected sources.
  - 16. The non-transitory computer-readable storage medium of claim 12, and the program further executable to:
    - identify a sender of the e-mail message determined to be a threat; and
      
      send an alert regarding the identified sender.
  - 17. The non-transitory computer-readable storage medium of claim 16, the program further executable to locate the sender device, wherein the sender device is placed in safe mode.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein an outgoing e-mail sent by the sender device placed in safe mode is quarantined for analysis before being allowed to be delivered to a recipient.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein analysis includes permitting the sender to review the quarantined message and information regarding the determination that the e-mail message is a threat.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Yanovsky, Boris, Eikenberry, Scott

Granted Patent

US 8,910,279 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 16/955   using information identifie...

G06F 21/552   involving long-term monitor...

H04L 51/212   using filtering or selectiv...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

REPUTATION-BASED THREAT PROTECTION

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

REPUTATION-BASED THREAT PROTECTION

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links