Social network scanning

US 9,055,097 B1
Filed: 03/18/2014
Issued: 06/09/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

scanning data that is maintained on multiple social networks, wherein scanning comprises identifying, by one or more processors, data that is associated with a social entity;

wherein, scanning data is performed on a continuous basis, without user initiation;

determining one or more characteristics of the identified data;

generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;

storing one or more references to the identified data in one or more databases that are accessible to a security analysis engine;

algorithmically comparing the one or more generated references to one or more known references, wherein the one or more known references are references to characteristics of identified data that have been assigned a level of risk, and wherein the one or more known references are stored in the one or more databases accessible to the security analysis engine;

determining, a social risk score for the social entity, based on the algorithmic comparison;

comparing the social risk score for the social entity to a social risk threshold;

initiating a security action if the social risk score exceeds the social risk threshold, wherein initiating the security action comprises providing an alert to a user whose profile is spoofed by the social entity.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes identifying data on a social network that is associated with a social entity, and determining one or more characteristics of the identified data. A reference to the identified data is generated for each of the one or more characteristic and the one or more references to the identified data is stored in one or more databases that are accessible to a security analysis engine.

Citations

18 Claims

1. A method comprising:
- scanning data that is maintained on multiple social networks, wherein scanning comprises identifying, by one or more processors, data that is associated with a social entity;
  
  wherein, scanning data is performed on a continuous basis, without user initiation;
  
  determining one or more characteristics of the identified data;
  
  generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;
  
  storing one or more references to the identified data in one or more databases that are accessible to a security analysis engine;
  
  algorithmically comparing the one or more generated references to one or more known references, wherein the one or more known references are references to characteristics of identified data that have been assigned a level of risk, and wherein the one or more known references are stored in the one or more databases accessible to the security analysis engine;
  
  determining, a social risk score for the social entity, based on the algorithmic comparison;
  
  comparing the social risk score for the social entity to a social risk threshold;
  
  initiating a security action if the social risk score exceeds the social risk threshold, wherein initiating the security action comprises providing an alert to a user whose profile is spoofed by the social entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the one or more known references to characteristics of identified data that have been assigned a level of risk, are assigned the level of risk by the security analysis engine.
  - 3. The method of claim 1, wherein identifying an association between the social entity and the identified data comprises identifying that the associated data originated with, or was supplied, created, or referenced by, the social entity.
  - 4. The method of claim 1, wherein the one or more characteristics of the data are selected from the group consisting of contextual, lexical, visual, audio, profile, URL, network, destination content, domain, host, and application characteristics.
  - 5. The method of claim 1 further comprising:
    - receiving data associated with the social entity from a third party.
  - 6. The method of claim 5, wherein receiving data associated with the social entity comprises receiving data through an application programming interface (API).
  - 7. The method of claim 1, further comprising detecting an action by the social entity, wherein the social risk score for the social entity is compared to the social risk threshold in response to detecting the action by the social entity.
  - 8. The method of claim 1, further comprising determining that the social entity is an unknown social entity, wherein the social risk score for the social entity is compared to the social risk threshold in response to determining that the social entity is an unknown social entity.
  - 9. The method of claim 1 wherein the one or more references to the identified data are stored separately from the identified data.
  - 10. The method of claim 1 wherein scanning data that is maintained on multiple social networks comprises scanning data that is maintained on a first social network and data that is maintained on a second social network.

11. A system comprising:
- one or more processing devices; and
  
  one or more non-transitory computer-readable media coupled to the one or more processing devices having instructions stored thereon which, when executed by the one or more processing devices, cause the one or more processing devices to perform operations comprising;
  
  scanning data that is maintained on multiple social networks, wherein scanning comprises identifying, by one or more processors, data that is associated with a social entity;
  
  wherein, scanning data is performed on a continuous basis, without user initiation;
  
  determining one or more characteristics of the identified data;
  
  generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;
  
  storing one or more references to the identified data in one or more databases that are accessible to a security analysis engine;
  
  algorithmically comparing the one or more generated references to one or more known references, wherein the one or more known references are references to characteristics of identified data that have been assigned a level of risk, and wherein the one or more known references are stored in the one or more databases accessible to the security analysis engine;
  
  determining, a social risk score for the social entity, based on the algorithmic comparison;
  
  comparing the social risk score for the social entity to a social risk threshold;
  
  initiating a security action if the social risk score exceeds the social risk threshold, wherein initiating the security action comprises providing an alert to a user whose profile is spoofed by the social entity.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11 wherein the one or more known references to characteristics of identified data that have been assigned a level of risk, are assigned the level of risk by the security analysis engine.
  - 13. The system of claim 11, wherein identifying an association between the social entity and the identified data comprises identifying that the associated data originated with, or was supplied, created, or referenced by, the social entity.
  - 14. The system of claim 11, wherein the one or more characteristics of the data are selected from the group consisting of contextual, lexical, visual, audio, profile, URL, network, destination content, domain, host, and application characteristics.
  - 15. The system of claim 11 further comprising:
    - receiving data associated with the social entity from a third party.
  - 16. The system of claim 11, wherein receiving data associated with the social entity comprises receiving data through an application programming interface (API).

17. A non-transitory computer-readable storage device encoded with a computer program, the program comprising instructions that when executed by a data processing apparatus cause the data processing apparatus to perform operations comprising:
- scanning data that is maintained on multiple social networks, wherein scanning comprises identifying, by one or more processors, data that is associated with a social entity;
  
  wherein, scanning data is performed on a continuous basis, without user initiation;
  
  determining one or more characteristics of the identified data;
  
  generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;
  
  storing one or more references to the identified data in one or more databases that are accessible to a security analysis engine;
  
  algorithmically comparing the one or more generated references to one or more known references, wherein the one or more known references are references to characteristics of identified data that have been assigned a level of risk, and wherein the one or more known references are stored in the one or more databases accessible to the security analysis engine;
  
  determining, a social risk score for the social entity, based on the algorithmic comparison;
  
  comparing the social risk score for the social entity to a social risk threshold;
  
  initiating a security action if the social risk score exceeds the social risk threshold, wherein initiating the security action comprises providing an alert to a user whose profile is spoofed by the social entity.
- View Dependent Claims (18)
- - 18. The medium of claim 17 wherein the one or more known references to characteristics of identified data that have been assigned a level of risk, are assigned the level of risk by the security analysis engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZeroFOX, Inc. (ZeroFox Holdings, Inc.)
Original Assignee
ZeroFOX, Inc. (ZeroFox Holdings, Inc.)
Inventors
Foster, James C., Cullison, Christopher B., Francis, Robert, Blair, Evan
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/218,522
Time in Patent Office

448 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Social network scanning

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Social network scanning

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links