REPUTATION-BASED THREAT PROTECTION
First Claim
Patent Images
1. A method for reputation-based threat protection, the method comprising:
- maintaining one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;
intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;
executing instructions stored in memory, wherein execution of the instructions by a processor;
determines that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data, andidentifies the e-mail message is a threat based on the determination that the e-mail message includes sensitive data; and
notifying the sender that the e-mail message was determined to be a threat.
22 Assignments
0 Petitions
Accused Products
Abstract
Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.
19 Citations
21 Claims
-
1. A method for reputation-based threat protection, the method comprising:
-
maintaining one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization; intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization; executing instructions stored in memory, wherein execution of the instructions by a processor; determines that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data, and identifies the e-mail message is a threat based on the determination that the e-mail message includes sensitive data; and notifying the sender that the e-mail message was determined to be a threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for reputation-based threat protection, the system comprising:
-
database memory that maintains one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization; and a server that; intercepts an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization; determines that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data, identifies the e-mail message is a threat based on the determination that the e-mail message includes sensitive data, and notifies the sender that the e-mail message was determined to be a threat. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for reputation-based threat protection, the method comprising:
-
maintaining one or more dictionaries for identifying the sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization; intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization; determining that the intercepted e-mail message includes sensitive data by reference to the one or more dictionaries stored in memory for identifying the sensitive data; identifying the e-mail message is a threat based on the determination that the e-mail message includes sensitive data; and notifying the sender that the e-mail message was determined to be a threat.
-
Specification