Cyber intelligence clearinghouse

US 9,680,857 B1
Filed: 04/01/2016
Issued: 06/13/2017
Est. Priority Date: 06/08/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one processor; and

a memory coupled to the at least one processor having instructions stored thereon which, when executed by the at least one processor, causes the at least one processor to perform operations comprising;

determining a source fidelity score associated with a cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source;

determining to block a new security threat event based on;

new intelligence information received from the cyber-security intelligence source that predicts how an attack of the new security threat event may be performed based on information identified in the new intelligence information, andthe source fidelity score of the cyber-security intelligence source; and

providing, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that the new security threat event was successfully blocked by a security application based on the new intelligence information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable and executable instructions are provided for providing a cyber intelligence clearinghouse (CIC). Providing a CIC can include generating analysis data from intelligence information collected from a number of sources. In addition, providing a CIC can include calculating a number of fidelity scores from the analysis data, wherein the number of fidelity scores represent a trustworthiness of the number of sources. In addition, providing a CIC can include determining a number of events to block based on the number of fidelity scores. Furthermore, providing a CIC can include providing feedback data to the number of sources based on the number of fidelity scores and the number of events to block.

Citations

20 Claims

1. A system comprising:
- at least one processor; and
  
  a memory coupled to the at least one processor having instructions stored thereon which, when executed by the at least one processor, causes the at least one processor to perform operations comprising;
  
  determining a source fidelity score associated with a cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source;
  
  determining to block a new security threat event based on;
  
  new intelligence information received from the cyber-security intelligence source that predicts how an attack of the new security threat event may be performed based on information identified in the new intelligence information, andthe source fidelity score of the cyber-security intelligence source; and
  
  providing, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that the new security threat event was successfully blocked by a security application based on the new intelligence information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the operations further comprise determining, based on the source fidelity score, an event fidelity score associated with the new security threat event, wherein the event fidelity score represents a trustworthiness of the associated security threat event.
  - 3. The system of claim 2, wherein the new security threat event is automatically blocked if the event fidelity score is above a predetermined threshold.
  - 4. The system of claim 1, wherein the operations further comprise generating, by a cyber intelligence clearinghouse (CIC) engine, a timeline of received intelligence information and corresponding analysis data.
  - 5. The system of claim 4, wherein the operations further comprise storing, within the CIC engine, the timeline for a longer period of time than the analysis data and intelligence information.
  - 6. The system of claim 1, wherein the source fidelity score is generated, by a CIC engine, by cross-analyzing the intelligence information received from the cyber-security intelligence source against intelligence information received a number of other cyber-security intelligence sources.
  - 7. The system of claim 2, wherein the new security threat event is automatically ignored if the event fidelity score is below a predetermined threshold.

8. A computer implemented method for providing a cyber intelligence clearinghouse executed by at least one processor, the method comprising:
- determining, by the at least one processor, a source fidelity score associated with a cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source;
  
  determining, by the at least one processor, to block a new security threat event based on;
  
  new intelligence information received from the cyber-security intelligence source that predicts how an attack of the new security threat event may be performed based on information identified in the new intelligence information, andthe source fidelity score of the cyber-security intelligence source; and
  
  providing, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that the new security threat event was successfully blocked by a security application based on the new intelligence information.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising determining, based on the source fidelity score, an event fidelity score associated with the new security threat event, wherein the event fidelity score represents a trustworthiness of the associated security threat event.
  - 10. The method of claim 9, wherein the new security threat event is automatically blocked if the event fidelity score is above a predetermined threshold.
  - 11. The method of claim 8, further comprising generating, by a cyber intelligence clearinghouse (CIC) engine, a timeline of received intelligence information and corresponding analysis data.
  - 12. The method of claim 11, further comprising storing, within the CIC engine, the timeline for a longer period of time than the analysis data and intelligence information.
  - 13. The method of claim 8, further comprising wherein the source fidelity score is generated, by a CIC engine, by cross-analyzing the intelligence information received from the cyber-security intelligence source against intelligence information received a number of other cyber-security intelligence sources.
  - 14. The method of claim 9, wherein the new security threat event is automatically ignored if the event fidelity score is below a predetermined threshold.
  - 15. The method of claim 9, further comprising alerting, through a display, a user when the event fidelity score is within a predetermined threshold.

16. A non-transitory computer readable storage device storing instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:
- determining a source fidelity score associated with a cyber-security intelligence source, wherein the source fidelity score represents a trustworthiness of the cyber-security intelligence source with regard to intelligence provided by the cyber-security intelligence source;
  
  determining to block a new security threat event based on;
  
  new intelligence information received from the cyber-security intelligence source that predicts how an attack of the new security threat event may be performed based on information identified in the new intelligence information, andthe source fidelity score of the cyber-security intelligence source; and
  
  providing, over a network, feedback data to the cyber-security intelligence source, the feedback data comprising an indication that the new security threat event was successfully blocked by a security application based on the new intelligence information.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The medium of claim 16, wherein the operations further comprise determining, based on the source fidelity score, an event fidelity score associated with the new security threat event, wherein the event fidelity score represents a trustworthiness of the associated security threat event.
  - 18. The medium of claim 17, wherein the new security threat event is automatically blocked if the event fidelity score is above a predetermined threshold.
  - 19. The medium of claim 16, wherein the source fidelity score is generated, by a CIC engine, by cross-analyzing the intelligence information received from the cyber-security intelligence source against intelligence information received a number of other cyber-security intelligence sources.
  - 20. The medium of claim 17, wherein the new security threat event is automatically ignored if the event fidelity score is below a predetermined threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United States Automobile Association (United Services Automobile Association)
Inventors
Franke, Don, Babcock, Peter
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US15/088,367
Time in Patent Office

438 Days
Field of Search

726 22- 25
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 2221/2135   Metering

H04L 63/0227   Filtering policies mail mes...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Cyber intelligence clearinghouse

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cyber intelligence clearinghouse

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links