ATTRIBUTE-CONTROLLED MALWARE DETECTION
First Claim
1. A computerized method for authenticating access to a subscription-based service that detects an attempted cyber-attack, the method comprising:
- receiving, by a cloud broker, service policy level information that includes at least an identifier of a sensor being used to access stored information;
receiving, by the cloud broker, information based on operational metadata, the operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service; and
using, by a cloud broker, both the service policy level information and the information based on the operational metadata in (i) selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and (ii) establishing a communication session between the sensor and the cluster via the cloud broker.
5 Assignments
0 Petitions
Accused Products
Abstract
A computerized method for authenticating access to a subscription-based service to detect an attempted cyber-attack. The method features operations by the cloud broker that include receiving service policy level information and information based on operational metadata. The service policy level information includes at least subscription attributes to identify one or more performance criterion in analyses conducted on one or more objects submitted by a sensor for malware representing an attempted cyber-attack. The operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service. The cloud broker, using both the service policy level information and the information based on the operational metadata, selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and establishes a communication session between the sensor and the cluster via the cloud broker.
-
Citations
35 Claims
-
1. A computerized method for authenticating access to a subscription-based service that detects an attempted cyber-attack, the method comprising:
-
receiving, by a cloud broker, service policy level information that includes at least an identifier of a sensor being used to access stored information; receiving, by the cloud broker, information based on operational metadata, the operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service; and using, by a cloud broker, both the service policy level information and the information based on the operational metadata in (i) selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and (ii) establishing a communication session between the sensor and the cluster via the cloud broker. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computerized method comprising:
-
receiving metadata from a source node; selecting a first cluster of a plurality of clusters by a cloud broker to analyze one or more objects received from the source node, the first cluster includes one or more compute nodes providing services in analyzing the one or more objects for malware; and wherein the selection of the first cluster of the plurality of clusters by the cloud broker is based, at least in part, on operational metadata received by the cloud broker from a management system monitoring operability of each cluster of the plurality of clusters. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A system for detecting a cyber-attack, comprising:
-
a sensor associated with a first customer enrolled in a subscription service for a malware detection service, the sensor to capture a first object and perform a first malware analysis on the first object to determine whether the first object corresponds to a suspicious object potentially associated with a cyber-attack; and a cloud broker communicatively coupled to the sensor, the cloud broker to (i) receive metadata associated with the suspicious object, (ii) select a cluster of the plurality of clusters to analyze the first object submitted by the sensor based, at least in part, on the metadata associated with the suspicious object, and (iii) establish a communication session between the sensor and the cluster that conducts a second malware analysis on the first object to determine whether the first object is associated with a cyber-attack. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification