REPUTATION-BASED THREAT PROTECTION

US 20140373141A1
Filed: 08/28/2014
Published: 12/18/2014
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method for reputation-based threat protection, the method comprising:

maintaining one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;

intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;

executing instructions stored in memory, wherein execution of the instructions by a processor;

determines that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data, andidentifies the e-mail message is a threat based on the determination that the e-mail message includes sensitive data; and

notifying the sender that the e-mail message was determined to be a threat.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

19 Citations

View as Search Results

21 Claims

1. A method for reputation-based threat protection, the method comprising:
- maintaining one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;
  
  intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;
  
  executing instructions stored in memory, wherein execution of the instructions by a processor;
  
  determines that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data, andidentifies the e-mail message is a threat based on the determination that the e-mail message includes sensitive data; and
  
  notifying the sender that the e-mail message was determined to be a threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein determining that the intercepted e-mail message includes sensitive data comprises looking at content within an attachment.
  - 3. The method of claim 1, wherein determining that the intercepted e-mail message includes sensitive data comprises searching for predefined patterns.
  - 4. The method of claim 3, wherein the predefined pattern pertains to at least one of social security numbers, bank routing numbers, and credit card numbers.
  - 5. The method of claim 1, further comprising providing a plurality of approval boxes that allow for viewing and approval of the e-mail message before sending out of the identified organization.
  - 6. The method of claim 1, further comprising matching the e-mail message to a policy based on the sensitive data.
  - 7. The method of claim 6, further comprising routing the matching e-mail message to an e-mail archive.
  - 8. The method of claim 6, further comprising directing the e-mail message to an encryption/decryption server.
  - 9. The method of claim 1, further comprising applying one or more enforcement actions based on the determination that the e-mail message includes sensitive data.
  - 10. The method of claim 1, wherein the dictionaries are associated with regulatory policies, industry standards, corporate compliance policies, or intellectual property policies.

11. A system for reputation-based threat protection, the system comprising:
- database memory that maintains one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization; and
  
  a server that;
  
  intercepts an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;
  
  determines that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data,identifies the e-mail message is a threat based on the determination that the e-mail message includes sensitive data, andnotifies the sender that the e-mail message was determined to be a threat.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the server determines that the intercepted e-mail message includes sensitive data by looking at content within an attachment.
  - 13. The system of claim 11, wherein the server determines that the intercepted e-mail message includes sensitive data by searching for predefined patterns.
  - 14. The system of claim 13, wherein the predefined pattern pertains to at least one of social security numbers, bank routing numbers, and credit card numbers.
  - 15. The system of claim 11, wherein the server further provides a plurality of approval boxes that allow for viewing and approval of the e-mail message before sending out of the identified organization.
  - 16. The system of claim 11, further comprising matching the e-mail message to a policy based on the sensitive data.
  - 17. The system of claim 16, wherein the server further routes the matching e-mail message to an e-mail archive.
  - 18. The system of claim 16, wherein the server further directs the e-mail message to an encryption/decryption server.
  - 19. The system of claim 11, wherein the server further applies one or more enforcement actions based on the determination that the e-mail message includes sensitive data.
  - 20. The system of claim 11, wherein the dictionaries are associated with regulatory policies, industry standards, corporate compliance policies, or intellectual property policies.

21. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for reputation-based threat protection, the method comprising:
- maintaining one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;
  
  intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;
  
  determining that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data;
  
  identifying the e-mail message is a threat based on the determination that the e-mail message includes sensitive data; and
  
  notifying the sender that the e-mail message was determined to be a threat.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Yanovsky, Boris, Eikenberry, Scott

Granted Patent

US 9,215,241 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 16/955   using information identifie...

G06F 21/552   involving long-term monitor...

H04L 51/212   using filtering or selectiv...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

REPUTATION-BASED THREAT PROTECTION

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

REPUTATION-BASED THREAT PROTECTION

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links