Reputation-based threat protection

US 9,215,241 B2
Filed: 08/28/2014
Issued: 12/15/2015
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method for reputation-based threat protection, the method comprising:

maintaining one or more dictionaries for identifying sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;

maintaining information in one or more databases concerning a plurality of identified threats;

intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;

executing instructions stored in memory, wherein execution of the instructions by a processor;

determines that the intercepted e-mail message includes sensitive data by searching for predefined patterns, wherein searching comprises reference to the one or more dictionaries stored in memory for identifying the sensitive data,identifies the e-mail message is a threat based on one or more reputation scores associated with the e-mail message and the determination that the e-mail message includes sensitive data, wherein the e-mail message is associated with the one or more reputation scores using the maintained information, andapplies one or more enforcement actions based on the determination that the e-mail message includes sensitive data; and

notifying the sender that the e-mail message was identified to be a threat.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

18 Citations

View as Search Results

17 Claims

1. A method for reputation-based threat protection, the method comprising:
- maintaining one or more dictionaries for identifying sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;
  
  maintaining information in one or more databases concerning a plurality of identified threats;
  
  intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;
  
  executing instructions stored in memory, wherein execution of the instructions by a processor;
  
  determines that the intercepted e-mail message includes sensitive data by searching for predefined patterns, wherein searching comprises reference to the one or more dictionaries stored in memory for identifying the sensitive data,identifies the e-mail message is a threat based on one or more reputation scores associated with the e-mail message and the determination that the e-mail message includes sensitive data, wherein the e-mail message is associated with the one or more reputation scores using the maintained information, andapplies one or more enforcement actions based on the determination that the e-mail message includes sensitive data; and
  
  notifying the sender that the e-mail message was identified to be a threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein determining that the intercepted e-mail message includes sensitive data comprises looking at content within an attachment.
  - 3. The method of claim 1, wherein the predefined patterns pertain to at least one of social security numbers, bank routing numbers, and credit card numbers.
  - 4. The method of claim 1, further comprising providing a plurality of approval boxes that allow for viewing and approval of the e-mail message before sending out of the identified organization.
  - 5. The method of claim 1, further comprising matching the e-mail message to a policy based on the sensitive data.
  - 6. The method of claim 5, further comprising routing the matching e-mail message to an e-mail archive.
  - 7. The method of claim 5, further comprising directing the e-mail message to an encryption/decryption server.
  - 8. The method of claim 1, wherein the dictionaries are associated with regulatory policies, industry standards, corporate compliance policies, or intellectual property policies.

9. A system for reputation-based threat protection, the system comprising:
- database memory that maintains one or more dictionaries for identifying sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;
  
  one or more databases that maintain information concerning a plurality of identified threats; and
  
  a server that;
  
  intercepts an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization,determines that the intercepted e-mail message includes sensitive data by searching for predefined patterns, wherein searching comprises reference to the one or more dictionaries stored in memory for identifying the sensitive data,identifies the e-mail message is a threat based on one or more reputation scores associated with the e-mail message and the determination that the e-mail message includes sensitive data, wherein the e-mail message is associated with the one or more reputation scores using the maintained information,applies one or more enforcement actions based on the determination that the e-mail message includes sensitive data, andnotifies the sender that the e-mail message was identified to be a threat.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the server determines that the intercepted e-mail message includes sensitive data by looking at content within an attachment.
  - 11. The system of claim 9, wherein the predefined patterns pertain to at least one of social security numbers, bank routing numbers, and credit card numbers.
  - 12. The system of claim 9, wherein the server further provides a plurality of approval boxes that allow for viewing and approval of the e-mail message before sending out of the identified organization.
  - 13. The system of claim 9, wherein the server further matches the e-mail message to a policy based on the sensitive data.
  - 14. The system of claim 13, wherein the server further routes the matching e-mail message to an e-mail archive.
  - 15. The system of claim 13, wherein the server further directs the e-mail message to an encryption/decryption server.
  - 16. The system of claim 9, wherein the dictionaries are associated with regulatory policies, industry standards, corporate compliance policies, or intellectual property policies.

17. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for reputation-based threat protection, the method comprising:
- maintaining one or more dictionaries for identifying sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization;
  
  maintaining information concerning a plurality of identified threats;
  
  intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization;
  
  determining that the intercepted e-mail message includes sensitive data by searching for predefined patterns, wherein searching comprises reference to the one or more dictionaries stored in memory for identifying the sensitive data;
  
  identifying the e-mail message is a threat based on one or more reputation scores associated with the e-mail message and the determination that the e-mail message includes sensitive data, wherein the e-mail message is associated with the one or more reputation scores using the maintained information;
  
  applying one or more enforcement actions based on the determination that the e-mail message includes sensitive data; and
  
  notifying the sender that the e-mail message was identified to be a threat.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Yanovsky, Boris, Eikenberry, Scott
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US14/472,234
Publication Number

US 20140373141A1
Time in Patent Office

474 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

G06F 16/955   using information identifie...

G06F 21/552   involving long-term monitor...

H04L 51/212   using filtering or selectiv...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

Reputation-based threat protection

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Reputation-based threat protection

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others