Real-time network updates for malicious content
First Claim
Patent Images
1. A method for establishing the reputation of message components, the method comprising:
- transmitting over a network communication interface a request for data from a first electronic computing device;
receiving the requested data over the network communication interface;
executing instructions out of a memory, wherein execution of the instructions by a processor breaks the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database;
receiving a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second electronic computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components;
comparing the received plurality of constituent components with the plurality of component parts;
identifying that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts;
associating each of the plurality of component parts with a threat, wherein the database is updated with information indicating that the plurality of component parts are associated with the threat;
transmitting over a network communication interface a second request for additional data from the first electronic computing device;
receiving the additional requested data over the network communication interface;
breaking the additional received data into a plurality of additional component parts;
storing the plurality of additional component parts in the database;
receiving a second set of information from a second electronic computing device, wherein the received information is associated with the bad reputation and includes a plurality of additional constituent components, and the processor at the second electronic computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components;
comparing the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components;
identifying that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and
associating each of the plurality of additional component parts with the threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with the threat.
24 Assignments
0 Petitions
Accused Products
Abstract
A global response network collects, analyzes, and distributes “cross-vector” threat-related information between security systems to allow for an intelligent, collaborative, and comprehensive real-time response.
-
Citations
15 Claims
-
1. A method for establishing the reputation of message components, the method comprising:
-
transmitting over a network communication interface a request for data from a first electronic computing device; receiving the requested data over the network communication interface; executing instructions out of a memory, wherein execution of the instructions by a processor breaks the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; receiving a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second electronic computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components; comparing the received plurality of constituent components with the plurality of component parts; identifying that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; associating each of the plurality of component parts with a threat, wherein the database is updated with information indicating that the plurality of component parts are associated with the threat; transmitting over a network communication interface a second request for additional data from the first electronic computing device; receiving the additional requested data over the network communication interface; breaking the additional received data into a plurality of additional component parts; storing the plurality of additional component parts in the database; receiving a second set of information from a second electronic computing device, wherein the received information is associated with the bad reputation and includes a plurality of additional constituent components, and the processor at the second electronic computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components; comparing the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components; identifying that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and associating each of the plurality of additional component parts with the threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with the threat. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium having embodied thereon a program executable by a processor for performing a method for establishing the reputation of message components, the method comprising:
-
transmitting over a network communication interface a request for data from a first electronic computing device; receiving the requested data over the network communication interface; breaking the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; receiving a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second electronic computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components; comparing the received plurality of constituent components with the plurality of component parts; identifying that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; associating each of the plurality of component parts with a threat, wherein the database is updated with information indicating that the plurality of component parts are associated with the threat; transmitting over a network communication interface a second request for additional data from the first electronic computing device; receiving the additional requested data over the network communication interface; breaking the additional received data into a plurality of additional component parts; storing the plurality of additional component parts in the database; receiving a second set of information from the second electronic computing device, wherein the received information is associated with the bad reputation and includes a plurality of additional constituent components, and the processor at the second electronic computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components; comparing the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components; identifying that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and associating each of the plurality of the plurality of additional component parts with the threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with the threat. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for establishing the reputation of message components, the system comprising:
a data center electronic computing device including a processor, a memory, and one or more network communication interfaces, wherein the data center electronic computing device; transmits over a network communication interface of the one or more network communication interfaces a request for data from a first electronic computing device; receives the requested data over the network communication interface of the one or more network communication interfaces; breaks the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; and receives a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second electronic computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components; compares the received plurality of constituent components with the plurality of component parts; identifies that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; associates each of the component parts with a threat, wherein the database is updated with information indicating that the component parts are associated with the threat; transmits over a network communication interface of the one or more network communication interfaces a second request for additional data from the first electronic computing device; receives the additional requested data over the network communication interface of the one or more network communication interfaces; breaks the additional received data into a plurality of additional component parts; stores the plurality of additional component parts in the database; receives a second set of information from the second electronic computing device, wherein the received information is associated with the bad reputation and includes a plurality of additional constituent components, and the processor at the second electronic computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components; compares the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components; identifies that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and associates each of the plurality of the plurality of additional component parts with the threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with the threat. - View Dependent Claims (12, 13, 14, 15)
Specification