SYSTEM AND METHODS FOR MALWARE DETECTION USING LOG BASED CROWDSOURCING ANALYSIS
First Claim
1. A crowdsourcing log analysis system for protecting a plurality of client networks from security threats, each of said plurality of client networks is associated with a set of network entities, said system comprising:
- at least one breach detection platform operable to receive a plurality of log files from said plurality of client networks via a communication network;
a plurality of server machines, each of said plurality of server machines operable to execute a third-party security product and log associated third-party assessment attributes of at least one suspect entity into at least one log file; and
said plurality of client networks, each of said plurality of client networks operable to connect with at least one of said plurality of server machines;
wherein said crowdsourcing log analysis system is operable to generate a risk factor for said at least one suspect entity based upon at least a plurality of said third-party assessment attributes.
6 Assignments
0 Petitions
Accused Products
Abstract
A crowdsourcing log analysis system and methods for protecting computers and networks from malware attacks by analyzing data log information obtained from a plurality of client network. The client networks are associated with a set of network entities representing a plurality of business units or customers. The system may further comprise a plurality of server machines, each operable to execute a security product associated with a security product vendor and log associated information of at the network entities into at least one log file. The log files may be uploaded onto a breach detection platform for analysis based upon crowdsourcing principles and is operable to generate a risk factor attribute for at least one suspect entity.
79 Citations
27 Claims
-
1. A crowdsourcing log analysis system for protecting a plurality of client networks from security threats, each of said plurality of client networks is associated with a set of network entities, said system comprising:
-
at least one breach detection platform operable to receive a plurality of log files from said plurality of client networks via a communication network; a plurality of server machines, each of said plurality of server machines operable to execute a third-party security product and log associated third-party assessment attributes of at least one suspect entity into at least one log file; and said plurality of client networks, each of said plurality of client networks operable to connect with at least one of said plurality of server machines; wherein said crowdsourcing log analysis system is operable to generate a risk factor for said at least one suspect entity based upon at least a plurality of said third-party assessment attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for generating a risk factor for protecting a plurality of client networks from security threats, each of said plurality of client networks is associated with a set of network entities, for use in a system comprising at least one breach detection platform and a plurality of server machines associated with said plurality of client networks, each of said plurality of server machines operable to execute at least one third-party security product and log associated information, said at least one breach detection platform and said plurality of server machines being connected via a communication network,
said method for operating said at least one breach detection platform in an improved manner, the method comprising: -
retrieving, via said communication network, a plurality of log files from said plurality of client networks, each of said plurality of log files comprising at least one log record structured in a plurality of a third-party formats (TPF); normalizing each of said plurality of log files by mapping a plurality of assessment attributes pertaining to at least one suspect entity from said plurality of third-party format into a standard format of at least one entity record; aggregating said plurality of log files into at least one data repository; and generating a risk factor for said at least one suspect entity, said risk factor characterized by an entity score. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for protecting a plurality of client networks from security threats using a crowdsourcing log analysis system, said system comprising at least one breach detection platform, a plurality of server machines associated with at least one of said plurality of client networks, each of said plurality of server machines operable to execute a product associated with a security product vendor and log associated information of at least one of a set of network entities into at least one log file, said system connectable with said plurality of client networks via a communication network,
said method for operating each of said plurality of client networks in an improved manner, the method comprising: -
connecting, via said communication network, to said at least one breach detection platform, said platform comprising at least one data repository connectable via a computer network; uploading, via said communication network, said at least one log file to said at least one breach detection platform; and receiving, via said communication network, a risk factor attribute associated with a detectable security event associated with said at least one of said set of network entities. - View Dependent Claims (25, 26, 27)
-
Specification