Systems And Methods For Malware Detection And Mitigation
First Claim
1. A method for monitoring malware events in a computer networking environment, comprising the steps of:
- identifying a plurality of suspect objects comprising data about network transactions or computer operations suspected of being linked to a security risk;
transmitting the suspect objects to an inspection service operating on one or more general purpose digital computers, wherein the inspection service inspects the suspect objects using a plurality of inspection methods to create digital information about the nature of the potential threat posed by the suspect objects;
transmitting said digital information to an analytical service operating on one or more general purpose digital computers, wherein the analytical service performs a plurality of analytical algorithms to categorize the suspect objects with one or more scores for each suspect object based on their security threat;
transmitting said one or more scores to a correlation facility which aggregates a plurality of scores, optionally with other information about each suspect objects, into the form of aggregate data representing one or more aggregate features of a plurality of suspect objects; and
generating an infection verification pack (IVP) comprising routines which, when run on an end-point machine within the computer networking environment, will mitigate a suspected security threat.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for monitoring malware events in a computer networking environment are described. The systems and methods including the steps of identifying a plurality of suspect objects comprising data about network transactions or computer operations suspected of being linked to a security risk; transmitting the suspect objects to an inspection service operating on one or more general purpose digital computers, wherein the inspection service inspects the suspect objects using a plurality of inspection methods to create digital information about the nature of the potential threat posed by the suspect objects; transmitting said digital information to an analytical service operating on one or more general purpose digital computers, wherein the analytical service performs a plurality of analytical algorithms to categorize the suspect objects with one or more scores for each suspect object based on their security threat; transmitting said one or more scores to a correlation facility which aggregates a plurality of scores, optionally with other information about each suspect objects, into the form of aggregate data representing one or more aggregate features of a plurality of suspect objects; and generating an infection verification pack (IVP) comprising routines which, when run on an end-point machine within the computer networking environment, will mitigate a suspected security threat.
180 Citations
7 Claims
-
1. A method for monitoring malware events in a computer networking environment, comprising the steps of:
-
identifying a plurality of suspect objects comprising data about network transactions or computer operations suspected of being linked to a security risk; transmitting the suspect objects to an inspection service operating on one or more general purpose digital computers, wherein the inspection service inspects the suspect objects using a plurality of inspection methods to create digital information about the nature of the potential threat posed by the suspect objects; transmitting said digital information to an analytical service operating on one or more general purpose digital computers, wherein the analytical service performs a plurality of analytical algorithms to categorize the suspect objects with one or more scores for each suspect object based on their security threat; transmitting said one or more scores to a correlation facility which aggregates a plurality of scores, optionally with other information about each suspect objects, into the form of aggregate data representing one or more aggregate features of a plurality of suspect objects; and generating an infection verification pack (IVP) comprising routines which, when run on an end-point machine within the computer networking environment, will mitigate a suspected security threat. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A general purpose computer comprising:
-
one or more processors, each comprising at least one arithmetic logic unit; a data receiver in connection with a networking environment; a digital memory; one or more interconnection busses configured to transmit data between the one or more processors, the data receiver, and the digital memory; wherein the digital memory is loaded with an executable application program comprising instructions to perform the steps of; identifying a plurality of suspect objects comprising data about network transactions or computer operations suspected of being linked to a security risk, transmitting the suspect objects to an inspection service operating on one or more general purpose digital computers, wherein the inspection service inspects the suspect objects using a plurality of inspection methods to create digital information about the nature of the potential threat posed by the suspect objects, transmitting said digital information to an analytical service operating on one or more general purpose digital computers, wherein the analytical service performs a plurality of analytical algorithms to categorize the suspect objects with one or more scores for each suspect object based on their security threat, transmitting said one or more scores to a correlation facility which aggregates a plurality of scores, optionally with other information about each suspect objects, into the form of aggregate data representing one or more aggregate features of a plurality of suspect objects, and generating an infection verification pack (IVP) comprising routines which, when run on an end-point machine within the computer networking environment, will mitigate a suspected security threat, wherein the step of transmitting the suspect objects to an inspection service comprises transmission to the data receiver.
-
Specification