Cyber intelligence clearinghouse
First Claim
1. A computer implemented method for providing a cyber intelligence clearinghouse executed by at least one processor, the method comprising:
- determining, by the at least one processor, a source fidelity score associated with a cyber-security intelligence source, the source fidelity score being generated based on an analysis of intelligence information received from the cyber-security intelligence source including a number of security threat events that have previously been confirmed to be associated with actual cyber-attacks based on the intelligence information received from the cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source;
determining, by the at least one processor, to block a new security threat event based on;
new intelligence information received from the cyber-security intelligence source that predicts at least how an attack of the new security threat event may be performed based on patterns identified in the intelligence information, andthe source fidelity score of the cyber-security intelligence source; and
providing, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that at least a portion of the new security threat event was successfully blocked by a security application based on the new intelligence information.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable and executable instructions are provided for providing a cyber intelligence clearinghouse (CIC). Providing a CIC can include generating analysis data from intelligence information collected from a number of sources. In addition, providing a CIC can include calculating a number of fidelity scores from the analysis data, wherein the number of fidelity scores represent a trustworthiness of the number of sources. In addition, providing a CIC can include determining a number of events to block based on the number of fidelity scores. Furthermore, providing a CIC can include providing feedback data to the number of sources based on the number of fidelity scores and the number of events to block.
33 Citations
20 Claims
-
1. A computer implemented method for providing a cyber intelligence clearinghouse executed by at least one processor, the method comprising:
-
determining, by the at least one processor, a source fidelity score associated with a cyber-security intelligence source, the source fidelity score being generated based on an analysis of intelligence information received from the cyber-security intelligence source including a number of security threat events that have previously been confirmed to be associated with actual cyber-attacks based on the intelligence information received from the cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source; determining, by the at least one processor, to block a new security threat event based on; new intelligence information received from the cyber-security intelligence source that predicts at least how an attack of the new security threat event may be performed based on patterns identified in the intelligence information, and the source fidelity score of the cyber-security intelligence source; and providing, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that at least a portion of the new security threat event was successfully blocked by a security application based on the new intelligence information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium storing a set of instructions executable by a processor to cause a computer to:
-
determine a source fidelity score associated with a cyber-security intelligence source, the source fidelity score being generated based on an analysis of intelligence information received from the cyber-security intelligence source including a number of security threat events that have previously been confirmed to be associated with actual cyber-attacks based on the intelligence information received from the cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source; determine to block a new security threat event based on; new intelligence information received from the cyber-security intelligence source that predicts at least how an attack of the new security threat event may be performed based on patterns identified in the intelligence information, and the source fidelity score of the cyber-security intelligence source; and provide, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that at least a portion of the new security threat event was successfully blocked by a security application based on the new intelligence information. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system comprising a processor in communication with a non-transitory computer readable medium, wherein the non-transitory computer readable medium includes a set of instructions that when executed by the processor cause the processor to:
-
determine a source fidelity score associated with a cyber-security intelligence source, the source fidelity score being generated based on an analysis of intelligence information received from the cyber-security intelligence source including a number of security threat events that have previously been confirmed to be associated with actual cyber-attacks based on the intelligence information received from the cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source; determine to block a new security threat event based on; new intelligence information received from the cyber-security intelligence source that predicts at least how an attack of the new security threat event may be performed based on patterns identified in the intelligence information, and the source fidelity score of the cyber-security intelligence source; and provide, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that at least a portion of the new security threat event was successfully blocked by a security application based on the new intelligence information. - View Dependent Claims (17, 18, 19, 20)
-
Specification