REMEDIAL ACTION FOR RELEASE OF THREAT DATA

US 20170155683A1
Filed: 07/21/2014
Published: 06/01/2017
Est. Priority Date: 07/21/2014
Status: Abandoned Application

First Claim

Patent Images

1. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:

receive threat information from a respective plurality of threat submitters;

provide data about the respective threat information to a plurality entities based on a set of rules;

determine that one of the data has been released outside of the entities; and

perform a remedial action based on the release of the one data.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments disclosed herein relate to performing a remedial action based on the release of data. Threat information is received from multiple threat submitters. Data about the respective threat information is provided to a plurality of entities based on rules. It is determined that the data has been released outside of the entities. The remedial action is performed based on the release of the data.

Citations

15 Claims

1. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing system, cause the computing system to:
- receive threat information from a respective plurality of threat submitters;
  
  provide data about the respective threat information to a plurality entities based on a set of rules;
  
  determine that one of the data has been released outside of the entities; and
  
  perform a remedial action based on the release of the one data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory machine-readable storage medium of claim 1, wherein one of the rules of the set indicates that the one of the data of a first one of the threat submitters is to be shared to at least one community that includes the entities.
  - 3. The non-transitory machine-readable storage medium of claim 2, further comprising instructions that, if executed by the at least one processor, cause the computing system to:
    - as part of the remedial action, determine whether the one data was shared by the first one threat submitter to a location of the release.
  - 4. The non-transitory machine-readable storage medium of claim 3, further comprising instructions that, if executed by the at least one processor, cause the computing system to:
    - based on a determination that the first one threat submitter did not share the one data;
      
      receive further threat information from the plurality of threat submitters corresponding to sharing with the at least one community;
      
      selectively share the respective another data about the further threat information with the one or more entities;
      
      determine that another release of one of the further threat information was associated with a first one of the entities; and
      
      identify at least one potential source of the other release based on a process of elimination.
  - 5. The non-transitory machine-readable storage medium of claim 4, wherein the remedial action includes at least one of notifying the identified at least one potential source of the release, removing the at least one potential source from the community, and restricting access to threat information to the at least potential source.
  - 6. The non-transitory machine-readable storage medium of claim 3, further comprising instructions that, if executed by the at least one processor, cause the computing system to:
    - based on a determination that the first one threat submitter did not share the one data;
      
      generate tainted threat information;
      
      selectively share the respective tainted threat information the one or more entities;
      
      determine that another release of one of the respective tainted threat information was associated with a first one of the entities; and
      
      identify at least one potential source of the other release based on taint of the other release.
  - 7. The non-transitory machine-readable storage medium of claim 2, wherein the remedial action is further based on a determination of a pattern of release is associated with the at least one community.
  - 8. The non-transitory machine-readable storage medium of claim 1, wherein one of the rules of the set indicates that one of the threat information of a first one of the threat submitters is not to be shared outside of one or more communities that includes the entities, and the determination that the one data has been released outside of the entities is based on a submission by another threat submitter outside of the one or more communities including the one data.

9. A method comprising:
- receiving threat information from a respective plurality of threat submitters;
  
  providing data about the respective threat information to a plurality entities based on a set of rules including a rule that indicates that the data is to be shared at least one community,wherein the at least one community includes the entities;
  
  determining that one of the data has been released outside of the entities;
  
  determining that the one data is part of a pattern of release associated with the at least one community; and
  
  performing a remedial action based on the release of the one data and the determination of the pattern.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the determination that the one data has been released outside of the entities is based on a submission by another threat submitter outside of the at least one community including the one data.
  - 11. The method of claim 9, wherein the determination that the one data has been released outside of the entities is based on information received from another source outside of the at least one community including the one data.
  - 12. The method of claim 11, wherein the other source includes at least one of:
    - a threat information feed and crawling of a website.

13. A threat management platform comprising:
- a communication engine to receive threat information from a respective plurality of threat submitters,a share engine to provide data about the respective threat information to a plurality entities that are a member of at least one community based on a set of rules including a rule that indicates that the data is to be shared at the least one community,wherein the at least one community includes the entities;
  
  a release identification engine to determine that one of the data has been released outside of the entities;
  
  a pattern engine to determine that the one data is part of a pattern of release associated with the at least one community; and
  
  a remediation engine to perform a remedial action based on the determination of the pattern.
- View Dependent Claims (14, 15)
- - 14. The threat management platform of claim 13, wherein the remedial action includes at least one of:
    - the communication engine being caused to notify the identified at least one potential source of the release, removal of the at least one potential source from the community, and restricting access to the threat information to the at least potential source.
  - 15. The threat management platform of claim 13, wherein the determination that the one data has been released outside of the entities is based on at least one of:
    - a submission by another threat submitter outside of the at least one community including the one data; and
      
      information received from another source outside of the at least one community including the one data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
SINGLA, Anurag

Application Number

US15/328,015
Publication Number

US 20170155683A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/1063   Personalisation

G06F 21/16   Program or content traceabi...

G06F 21/55   Detecting local intrusion o...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

REMEDIAL ACTION FOR RELEASE OF THREAT DATA

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

REMEDIAL ACTION FOR RELEASE OF THREAT DATA

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links