Systems and methods for dynamic protection from electronic attacks
First Claim
Patent Images
1. A system for reducing the security risk of transactions with a computer over a computer network, said system comprising:
- a computer network;
a honeypot computer on said computer network;
a first computer on said computer network, said first computer having a first computer network address and said first computer communicating with said honeypot computer over said computer network;
a communication between said first computer and said honeypot computer, the act of said first computer communicating with said honeypot computer being indicative of a user of said first computer being engaged in a risk activity and said communication including said first computer network address;
a monitoring system on said computer network having one or more monitoring agents autonomously obtaining said first computer network address from said communication between said first computer and said honeypot computer;
one or more algorithms assigning a risk score and a risk category indicative of said risk activity to transactions over said computer network from said first computer network address, said risk score based at least in part on the act of said first computer communicating with said honeypot computer and said risk category based at least in part on the content of said honeypot computer;
wherein said monitoring system utilizes said risk score and said risk category to inhibit a communication between said first computer and a third computer.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for gathering, classifying, and evaluating real time security intelligence data concerning security threats presented by an IP address, and reporting in real time the degree and character of such security threats.
399 Citations
14 Claims
-
1. A system for reducing the security risk of transactions with a computer over a computer network, said system comprising:
-
a computer network; a honeypot computer on said computer network; a first computer on said computer network, said first computer having a first computer network address and said first computer communicating with said honeypot computer over said computer network; a communication between said first computer and said honeypot computer, the act of said first computer communicating with said honeypot computer being indicative of a user of said first computer being engaged in a risk activity and said communication including said first computer network address; a monitoring system on said computer network having one or more monitoring agents autonomously obtaining said first computer network address from said communication between said first computer and said honeypot computer; one or more algorithms assigning a risk score and a risk category indicative of said risk activity to transactions over said computer network from said first computer network address, said risk score based at least in part on the act of said first computer communicating with said honeypot computer and said risk category based at least in part on the content of said honeypot computer; wherein said monitoring system utilizes said risk score and said risk category to inhibit a communication between said first computer and a third computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for reducing the security risk of transactions with a computer over a computer network, said method comprising:
-
providing a computer network; providing a honeypot computer on said computer network; providing a first computer on said computer network, said first computer having a first computer network address and said first computer communicating with said honeypot computer; providing a communication between said first computer and said honeypot computer, said communication including said first computer network address and the act of said first computer communicating with said honeypot computer being indicative of a user of said first computer being engaged in a risk activity; obtaining said first computer network address from said communication between said first computer and said honeypot computer; assigning a risk score to said first computer network address based at least in part on the act of said first computer communicating with said honeypot computer; assigning a risk category indicative of said risk activity to said first computer network address based at least in part on the content of said honeypot computer; transmitting said risk score and said risk category over said computer network to a third computer communicating with said first computer over said computer network; inhibiting communication between said first computer and said third computer based at least in part on said risk score and said risk category; reducing the security risk of transactions with said first computer over said computer network. - View Dependent Claims (10, 11, 12, 13, 14)
-
Specification