Security threat reporting in light of local security tools

US 8,332,947 B1
Filed: 06/27/2006
Issued: 12/11/2012
Est. Priority Date: 06/27/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for threat reporting in light of local security tools, comprising:

using a computer to perform steps comprising;

identifying a network link identifying a web site that is a potential threat source (PTS) for the computer;

determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;

determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;

identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer and unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;

adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; and

providing the adjusted threat rating to a user of the computer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a client receives a potential threat source (PTS), a user of the client may desire to make an informed decision regarding the PTS. The PTS can be, for example, an email or instant message with an embedded executable, a link to a network destination (e.g., included in search engine results or an email, or webpage), or an executable file (e.g., downloaded from a website). The PTS is identified and characterized to establish a threat rating. The threat rating can then be presented to the user, so as to inform the user as to the PTS riskiness. The threat rating is determined in light of the local security tools available. If there are no local security tools that mitigate the threat of the PTS, then a security tool that is known to mitigate the threat can be identified and recommended to the user.

Citations

20 Claims

1. A computer implemented method for threat reporting in light of local security tools, comprising:
- using a computer to perform steps comprising;
  
  identifying a network link identifying a web site that is a potential threat source (PTS) for the computer;
  
  determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;
  
  determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;
  
  identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer and unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;
  
  adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; and
  
  providing the adjusted threat rating to a user of the computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - identifying one or more characteristics of the web site, the characteristics selected from the set consisting of;
      
      a frequency with which the computer has visited the web site, whether a previous visit to the web site had a negative impact on the computer, a type of negative impact on the computer resulting from a previous visit to the web site, and a source of the network link identifying the web site; and
      
      determining threat weights associated with unmitigated ones of the identified characteristics;
      
      wherein the adjusted threat rating of the PTS is determined based at least in part on the threat weights of the unmitigated characteristics of the web site.
  - 3. The method of claim 2, further comprising:
    - normalizing a sum of the threat weights associated with the unmitigated characteristics of the web site to produce the threat adjusted rating.
  - 4. The method of claim 1 further comprising:
    - automatically determining one or more security tools that would mitigate one or more of the unmitigated security threats.
  - 5. The method of claim 4 further comprising:
    - automatically suggesting procurement of the one or more security tools to the user to improve the adjusted threat rating.
  - 6. The method of claim 1 further comprising:
    - automatically suggesting procurement of security tools to the user that would lower the adjusted threat rating.
  - 7. The method of claim 1 wherein providing the adjusted threat rating to the user includes providing a graphical indicator.
  - 8. The method of claim 1, further comprising:
    - determining whether one or more of the plurality of security threats associated with characteristics of the web site identified by the network link are mitigated by security settings of a web browser used by the user to access web sites from the computer, wherein a security threat associated with a characteristic of the web site is designated a mitigated threat if it is mitigated by the security settings of the web browser.
  - 9. The method of claim 1, wherein the network link is presented to the user on a web page, and wherein the adjusted threat rating is provided to the user of the computer in association with the presentation of the network link on the web page.
  - 10. The method of claim 9, wherein the adjusted threat rating is provided to the user as a pop-up message.

11. A non-transitory computer-readable storage medium encoded with instructions, that when executed by one or more processors, cause the processors to carry out a process for threat reporting in light of local security tools, the process comprising:
- identifying a network link identifying a web site that is a potential threat source (PTS) for a computer;
  
  determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;
  
  determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;
  
  identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer and unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;
  
  adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; and
  
  providing the adjusted threat rating to a user of the computer.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-readable storage medium of claim 11, the process further comprising:
    - identifying one or more characteristics of the web site, the characteristics selected from the set consisting of;
      
      a frequency with which the computer has visited the web site, whether a previous visit to the web site had a negative impact on the computer, a type of negative impact on the computer resulting from a previous visit to the web site, and a source of the network link identifying the web site; and
      
      determining threat weights associated with unmitigated ones of the identified characteristics;
      
      wherein the adjusted threat rating of the PTS is determined based at least in part on the threat weights of the unmitigated characteristics of the web site.
  - 13. The computer-readable storage medium of claim 11, the process further comprising:
    - automatically determining one or more security tools that would mitigate one or more of the unmitigated security threats.
  - 14. The computer-readable storage medium of claim 13, the process further comprising:
    - automatically suggesting procurement of the one or more security tools to the user to improve the adjusted threat rating.
  - 15. The computer-readable storage medium of claim 11, the process further comprising:
    - automatically suggesting procurement of security tools to the user that would lower the adjusted threat rating.

16. A system for threat reporting in light of local security tools, comprising:
- a non-transitory computer-readable storage medium encoded with executable instructions for;
  
  identifying a network link identifying a web site that is a potential threat source (PTS) for a computer;
  
  determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;
  
  determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;
  
  identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer;
  
  identifying unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;
  
  adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; and
  
  providing the adjusted threat rating to a user of the computer; and
  
  a processor for executing the instructions.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 further comprising instructions for:
    - identifying one or more characteristics of the web site, the characteristics selected from the set consisting of;
      
      a frequency with which the computer has visited the web site, whether a previous visit to the web site had a negative impact on the computer, a type of negative impact on the computer resulting from a previous visit to the web site, and a source of the network link identifying the web site; and
      
      determining threat weights associated with unmitigated ones of the identified characteristics;
      
      wherein the adjusted threat rating of the PTS is determined based at least in part on the threat weights of the unmitigated characteristics of the web site.
  - 18. The system of claim 16 further comprising instructions for:
    - automatically determining one or more security tools that would mitigate one or more of the unmitigated security threats.
  - 19. The system of claim 18 further comprising instructions for:
    - automatically suggesting procurement of the one or more security tools to the user to improve the adjusted threat rating.
  - 20. The system of claim 16 further comprising instructions for:
    - automatically suggesting procurement of security tools to the user that would lower the adjusted threat rating.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sobel, William E., Bregman, Mark
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
NGUYEN, TRONG H

Application Number

US11/426,917
Time in Patent Office

2,359 Days
Field of Search

713/188
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Security threat reporting in light of local security tools

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security threat reporting in light of local security tools

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links