PROTECTING THREAT INDICATORS FROM THIRD PARTY ABUSE
First Claim
1. A method for detecting threats based on obfuscated threat indicators, the method comprising:
- receiving a protected threat indicator associated with an identified cyber-threat, the protected threat indicator configured to protect raw information related to the threat indicator from malicious actors;
identifying one or more client-side events occurring within a third-party system, each client-side event identified by an entity identifier indicating an entity to which the event is attributed;
determining that the third-party system experienced a cyber-threat when the protected threat indicator matches at least one entity identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
A threat analytics system expends significant resources to acquire, structure, and filter the threat indicators provided to the client-side monitoring systems. To protect the threat indicators from misuse, the threat analytics system only provides enough information about the threat indicators to the client-side systems to allow the client-side systems to detect past and ongoing threats. Specifically, the threat analytics system provides obfuscated threat indicators to the client-side monitoring systems. The obfuscated threat indicators enable the client-side systems to detect threats while protecting the threat indicators from misuse or malicious actors.
35 Citations
20 Claims
-
1. A method for detecting threats based on obfuscated threat indicators, the method comprising:
-
receiving a protected threat indicator associated with an identified cyber-threat, the protected threat indicator configured to protect raw information related to the threat indicator from malicious actors; identifying one or more client-side events occurring within a third-party system, each client-side event identified by an entity identifier indicating an entity to which the event is attributed; determining that the third-party system experienced a cyber-threat when the protected threat indicator matches at least one entity identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for detecting threats based on obfuscated threat indicators, the computer program product comprising a computer-readable storage medium containing computer program code for:
-
receiving an obfuscated threat indicator associated with an identified cyber-threat, the obfuscated threat indicator configured to protect raw information related to the threat indicator from malicious actors; identifying one or more client-side events occurring within a third-party system, each client-side event identified by an entity identifier indicating an entity to which the event is attributed; obfuscating the entity identifier using an obfuscation mechanism applied to the obfuscated threat indicator; and determining that the third-party system experienced a cyber-threat when the obfuscated threat indicator matches at least one obfuscated entity identifier. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method for transmitting threat information to client modules, the method comprising:
-
generating protected threat indicators associated with an identified cyber-threats, each protected threat indicator configured to protect raw information related to the threat indicator from malicious actors; transmitting the protected threat indicators to a client module for threat detection; determining that additional threat indicators are available for transmission to the client module; determining whether a threat detection report associated with the protected threat indicators was received from the client module; and transmitting the additional threat indicators to the client module only when the threat detection report was received from the client module. - View Dependent Claims (19, 20)
-
Specification