THREAT INTELLIGENCE CLOUD

US 20170353475A1
Filed: 06/05/2017
Published: 12/07/2017
Est. Priority Date: 06/06/2016
Status: Abandoned Application

First Claim

Patent Images

1. A Threat Intelligence Cloud, comprising:

a machine;

a receiver on the machine, the receiver operative to receive an electronic file including a threat detected by a first anti-virus solution;

a Virus Total Service to determine information from a plurality of traditional anti-virus solutions responsive to the electronic file;

a database to store the information from the Virus Total Service; and

a report generator to generate a report responsive to the electronic file and the information from the Virus Total Service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Threat Intelligence Cloud is disclosed. The Threat Intelligence Cloud can include a machine. A receiver on the machine can receive an electronic file including a threat detected by an anti-virus solution. A Virus Total Service can determine information from traditional anti-virus solutions scanning the electronic file. A database can store the information from the Virus Total Service. A report generator can generate a report from the information.

Citations

26 Claims

1. A Threat Intelligence Cloud, comprising:
- a machine;
  
  a receiver on the machine, the receiver operative to receive an electronic file including a threat detected by a first anti-virus solution;
  
  a Virus Total Service to determine information from a plurality of traditional anti-virus solutions responsive to the electronic file;
  
  a database to store the information from the Virus Total Service; and
  
  a report generator to generate a report responsive to the electronic file and the information from the Virus Total Service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A Threat Intelligence Cloud according to claim 1, wherein the first anti-virus solution identifies the threat as not known to be good.
  - 3. A Threat Intelligence Cloud according to claim 2, wherein the first anti-virus solution includes:
    - a file type identifier to determine a purported file type for the electronic file;
      
      storage for a set of rules for the purported file type; and
      
      a scanner to determine if the electronic file conforms to the set of rules.
  - 4. A Threat Intelligence Cloud according to claim 1, wherein the Threat Intelligence Cloud is operative to use the Virus Total Service to determine information from a plurality of traditional anti-virus solutions responsive to the electronic file a plurality of times.
  - 5. A Threat Intelligence Cloud according to claim 4, wherein the Threat Intelligence Cloud is operative to use the Virus Total Service to determine information from a plurality of traditional anti-virus solutions responsive to the electronic file the plurality of times within a window.
  - 6. A Threat Intelligence Cloud according to claim 4, wherein the Threat Intelligence Cloud is operative to use the Virus Total Service to determine information from a plurality of traditional anti-virus solutions responsive to the electronic file once a day.
  - 7. A Threat Intelligence Cloud according to claim 1, wherein the information includes which of the plurality of the traditional anti-virus solutions detects the threat in the electronic file.
  - 8. A Threat Intelligence Cloud according to claim 7, wherein the information further includes a plurality of dates on which each of the traditional anti-virus solutions detects the threat in the electronic file.
  - 9. A Threat Intelligence Cloud according to claim 1, wherein the electronic file (305) does not include any personally identifiable information (PII).
  - 10. A Threat Intelligence Cloud according to claim 1, wherein the electronic file includes a hash of the electronic file.
  - 11. A Threat Intelligence Cloud according to claim 1, wherein the report is designed to be used to market the first anti-virus solution.
  - 12. A Threat Intelligence Cloud according to claim 1, wherein the report is designed to show to a customer a comparison of the first anti-virus solution with the traditional anti-virus solutions.

13. A method, comprising:
- receiving an electronic file at a Threat Intelligence Cloud, the electronic file including a threat detected by a first anti-virus solution;
  
  testing the electronic file against a plurality of traditional anti-virus solutions by the Threat Intelligence Cloud;
  
  determining which among the plurality of traditional anti-virus solutions identify the threat in the electronic file; and
  
  generating a report comparing when the first anti-virus solution and the plurality of traditional anti-virus solutions identify the threat within the electronic file.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. A method according to claim 13, wherein the first anti-virus solution identifies the threat as not known to be good.
  - 15. A method according to claim 14, further comprising:
    - scanning the electronic file by the first anti-virus solution;
      
      determining a purported file type of the electronic file;
      
      identifying a set of rules specifying when the electronic file conforms to the purported file type; and
      
      identifying the threat as not satisfying the set of rules specifying when the electronic file conforms to the purported file type.
  - 16. A method according to claim 13, wherein testing the electronic file against a plurality of traditional anti-virus solutions by the Threat Intelligence Cloud includes testing the electronic file against the plurality of traditional anti-virus solutions by the Threat Intelligence Cloud a plurality of times.
  - 17. A method according to claim 16, wherein testing the electronic file against the plurality of traditional anti-virus solutions by the Threat Intelligence Cloud a plurality of times includes testing the electronic file against the plurality of traditional anti-virus solutions by the Threat Intelligence Cloud the plurality of times within a window.
  - 18. A method according to claim 16, wherein testing the electronic file against the plurality of traditional anti-virus solutions by the Threat Intelligence Cloud a plurality of times includes testing the electronic file against the plurality of traditional anti-virus solutions by the Threat Intelligence Cloud once a day.
  - 19. A method according to claim 16, wherein determining which among the plurality of traditional anti-virus solutions identify the threat in the electronic file includes identifying when each of the plurality of traditional anti-virus solutions first detects the threat in the electronic file.
  - 20. A method according to claim 13, wherein the electronic file (305) does not include any personally identifiable information (PII).
  - 21. A method according to claim 20, wherein the PII is removed from the electronic file before the electronic file is received by the Threat Intelligence Cloud.
  - 22. A method according to claim 13, wherein receiving an electronic file at a Threat Intelligence Cloud includes receiving a hash of the electronic file at a Threat Intelligence Cloud.
  - 23. A method according to claim 13, wherein:
    - determining which among the plurality of traditional anti-virus solutions identify the threat in the electronic file includes storing, in a database, which among the plurality of traditional anti-virus solutions identify the threat in the electronic file; and
      
      generating a report comparing when the first anti-virus solution and the plurality of traditional anti-virus solutions identify the threat within the electronic file includes generating the report based on the database.
  - 24. A method according to claim 13, wherein:
    - the report shows that the first anti-virus solution detected the threat in the electronic file before at least one of the plurality of traditional anti-virus solutions; and
      
      the method further comprises forwarding the report to a customer.
  - 25. A method according to claim 13, further comprising using the report in marketing the first anti-virus solution.

26. An article comprising a non-transitory storage medium, the non-transitory storage medium having stored thereon instructions that, when executed by a machine, result in:
- receiving an electronic file at a Threat Intelligence Cloud, the electronic file including a threat detected by a first anti-virus solution;
  
  testing the electronic file against a plurality of traditional anti-virus solutions by the Threat Intelligence Cloud;
  
  determining which among the plurality of traditional anti-virus solutions identify the threat in the electronic file; and
  
  generating a report comparing when the first anti-virus solution and the plurality of traditional anti-virus solutions identify the threat within the electronic file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Glasswall (Ip) Limited
Original Assignee
Glasswall (Ip) Limited
Inventors
HUTTON, SAMUEL HARRISON

Application Number

US15/613,810
Publication Number

US 20170353475A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06Q 30/0241   Advertisements

H04L 63/145   the attack involving the pr...

THREAT INTELLIGENCE CLOUD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

THREAT INTELLIGENCE CLOUD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links