COMPUTERIZED SYSTEM AND METHOD FOR SECURELY DISTRIBUTING AND EXCHANGING CYBER-THREAT INFORMATION IN A STANDARDIZED FORMAT
First Claim
1. A computerized system for automatically exchanging threat information, comprising:
- a central server comprising at least one multi-core processor,wherein the central server hosts a central repository containing a plurality of centralized threat information, the central repository comprising a MongoDB database, andthe central server has SSL certification;
a plurality of distributed servers,wherein each of the distributed servers hosts a local repository containing a plurality of localized threat information; and
wherein the central server is configured to synchronize the plurality of centralized threat information with the plurality of localized threat information contained in each of the plurality of distributed servers by exchanging, using SSL encryption, at least a portion of the plurality of centralized threat information for at least a portion of the plurality of localized threat information.
3 Assignments
0 Petitions
Accused Products
Abstract
Computerized systems and methods for sharing identified cyber-threat information in a standardized and secure format. The sharing of cyber-threat information assists in preventing malicious actors from replicating successful cyber-attacks by informing potential targets of the methods employed by the malicious actors, and the defensive measures that those targets should to implement to prevent those methods from succeeding. By distributing cyber-threat information in a standardized format, the systems and methods enable participating entities to automatically analyze and implement defensive measures for cyber-threat information shared by any other participating entities. The systems and methods also permit an entity to control which threat information it shares and which other entities it shares it with in a secure manner in order to preserve that entity'"'"'s security and reputation.
-
Citations
24 Claims
-
1. A computerized system for automatically exchanging threat information, comprising:
-
a central server comprising at least one multi-core processor, wherein the central server hosts a central repository containing a plurality of centralized threat information, the central repository comprising a MongoDB database, and the central server has SSL certification; a plurality of distributed servers, wherein each of the distributed servers hosts a local repository containing a plurality of localized threat information; and wherein the central server is configured to synchronize the plurality of centralized threat information with the plurality of localized threat information contained in each of the plurality of distributed servers by exchanging, using SSL encryption, at least a portion of the plurality of centralized threat information for at least a portion of the plurality of localized threat information. - View Dependent Claims (2, 3)
-
-
4. A computerized method for securely exchanging threat information, comprising, at a first distributed server:
-
creating a first item of threat information in a machine-readable language; converting the first item of threat information from the machine-readable language into the STIX language; at a TAXII interface at the first distributed server, securely transmitting the converted first item of threat information to a centralized server using SSL encryption; at the TAXII interface at the first distributed server, receiving a second item of encrypted threat information, wherein the second item is in the STIX language and has been encrypted using SSL encryption; validating an XML schema of the second item of encrypted threat information; analyzing the second item of encrypted threat information; translating the second item from the STIX language into the machine-readable language; and inserting the translated second item into a local repository, wherein the local repository is a MongoDB database.
-
-
5. A computerized method for distributing threat information, comprising:
-
creating, at a first repository for storing and distributing threat information, a first item describing an observed event or property in a common language; distributing the first item to at least one other repository for storing and distributing threat information. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computerized system for storing and distributing threat information, comprising:
-
a central repository for storing and distributing threat information; a plurality of local repositories for storing and distributing threat information; and a network connecting the central repository with the plurality of local repositories, wherein the network is configured to transmit one or more items of threat information from at least one of the plurality of local repositories to the central repository, and configured to transmit one or more items of threat information from the central repository to at least one of the plurality of local repositories. - View Dependent Claims (21, 22, 23, 24)
-
Specification