Systems and methods for message threat management
First Claim
1. A method for operation upon one or more data processors to assign a reputation to a messaging entity, the method comprising:
- receiving a communication from a messaging entity;
deriving a risk profile for the communication comprising;
queuing the communication for interrogation by a plurality of interrogation engines, each interrogation engine of a particular type designed to test the communication for a particular security risk;
performing a load evaluation on an interrogation engine of one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication;
determining that the load evaluation exceeds a threshold, and in response adjusting the plurality of the interrogation engines by generating a new instance of an interrogation engine of the one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication;
aggregating output of the plurality of interrogation engines with data associated with previously received communications to form the risk profile for the communication;
determining, using one or more data processors, a reputation score associated with the communication based upon the risk profile;
wherein the reputation score is indicative of reputation of the messaging entity;
wherein the determined reputation score is used in deciding what action is to be taken with respect to communications associated with the messaging entity.
14 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to systems and methods for detecting unsolicited and threatening communications and communicating threat information related thereto. Threat information is received from one or more sources; such sources can include external security databases and threat information data from one or more application and/or network layer security systems. The received threat information is reduced into a canonical form. Features are extracted from the reduced threat information; these features in conjuntion with configuration data such as goals are used to produce rules. In some embodiments, these rules are tested against one or more sets of test data and compared against the same or different goals; if one or more tests fail, the rules are refined until the tests succeed within an acceptable margin of error. The rules are then propagated to one or more application layer security systems.
-
Citations
17 Claims
-
1. A method for operation upon one or more data processors to assign a reputation to a messaging entity, the method comprising:
-
receiving a communication from a messaging entity; deriving a risk profile for the communication comprising; queuing the communication for interrogation by a plurality of interrogation engines, each interrogation engine of a particular type designed to test the communication for a particular security risk; performing a load evaluation on an interrogation engine of one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication; determining that the load evaluation exceeds a threshold, and in response adjusting the plurality of the interrogation engines by generating a new instance of an interrogation engine of the one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication; aggregating output of the plurality of interrogation engines with data associated with previously received communications to form the risk profile for the communication; determining, using one or more data processors, a reputation score associated with the communication based upon the risk profile; wherein the reputation score is indicative of reputation of the messaging entity; wherein the determined reputation score is used in deciding what action is to be taken with respect to communications associated with the messaging entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method of performing transmission filtering utilizing reputation scores of transmission sender, the method comprising:
-
storing a transmission from a sender in computer memory; deriving a risk profile for the transmission comprising; queuing the transmission for interrogation by a plurality of interrogation engines, each interrogation engine of a particular type designed to test the transmission for a particular security risk; performing a load evaluation on an interrogation engine of one of the particular types based upon the plurality of interrogation engines queued to interrogate the transmission; determining that the load evaluation exceeds a threshold, and in response adjusting the plurality of the interrogation engines by generating a new instance of an interrogation engine of the one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication; aggregating output of the plurality of interrogation engines with data associated with previously received transmission to form the risk profile for the transmission; determining a reputation score associated for the sender based upon the risk profile; performing, using one or more data processors, an action on the transmission from the sender corresponding to the score range of the reputation score associated with the sender. - View Dependent Claims (15, 16)
-
-
17. A system, comprising:
-
a computer processing device; and a memory device storing instructions executable by the computer processing device that upon such execution cause the computer processing device to perform operations comprising; receiving a communication from a messaging entity; deriving a risk profile for the communication comprising; queuing the communication for interrogation by a plurality of interrogation engines, each interrogation engine of a particular type designed to test the communication for a particular security risk; performing a load evaluation on a interrogation engine of one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication; determining that the load evaluation exceeds a threshold, and in response adjusting the plurality of the interrogation engines by generating a new instance of an interrogation engine of the one of the particular types based upon the plurality of interrogation engines queued to interrogate the communication; aggregating output of the plurality of interrogation engines with data associated with previously received communications to form the risk profile for the communication; determining, using one or more data processors, a reputation score associated with the communication based upon the risk profile; wherein the reputation score is indicative of reputation of the messaging entity; wherein the determined reputation score is used in deciding what action is to be taken with respect to communications associated with the messaging entity.
-
Specification