Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system
First Claim
1. An electronic message analysis system of a cybersecurity network, the system comprising:
- a message origination server comprising a processor and programming instructions configured to cause the message origination server to generate a plurality of mock malicious messages and send the mock malicious messages to a client computing device; and
the client computing device, comprising a processor and programming instructions configured to cause the client computing device to;
receive an electronic message via a communications network,receive a user activation action that indicates that the user has reported the received message as a potentially malicious message,upon receiving the user activation action, determine whether the received message is a mock malicious message or otherwise originated from a trusted sender by;
determining whether any header field of a header section of the received message starts with a predetermined key,for any header field that starts with the predetermined key, further analyzing that header field to determine whether a value that follows the predetermined key satisfies a first trusted sender rule,if the value that follows the predetermined key satisfies the first trusted sender rule, determining that the received message originated from a trusted sender, andif the value that immediately follows the predetermined key does not satisfy the first trusted sender rule, determining that the received message did not originate from a trusted sender,if the client computing device determines that the received message did not originate from a trusted sender, forward the received message to a remote service, andif the client computing device determines that the received message originated from a trusted sender, enable the user to cause the client computing device to take action on the received message without further reporting the received message to the remote service.
7 Assignments
0 Petitions
Accused Products
Abstract
An electronic message analysis system of a cybersecurity network assesses whether a received message is a mock malicious message in response to, receiving a user activation action that indicates that the user has reported the received message as a potentially malicious message. The system does this by determining whether any header field of a header section of the message starts with a predetermined key. For any header field that starts with the predetermined key, the system determines whether a value that follows the predetermined key satisfies a trusted sender rule. If the value that follows the predetermined key satisfies the trusted sender rule, the system determines that the received message originated from a trusted sender. If the value that immediately follows the predetermined key does not satisfy the trusted sender rule, the system determines that the received message did not originate from a trusted sender.
118 Citations
26 Claims
-
1. An electronic message analysis system of a cybersecurity network, the system comprising:
-
a message origination server comprising a processor and programming instructions configured to cause the message origination server to generate a plurality of mock malicious messages and send the mock malicious messages to a client computing device; and the client computing device, comprising a processor and programming instructions configured to cause the client computing device to; receive an electronic message via a communications network, receive a user activation action that indicates that the user has reported the received message as a potentially malicious message, upon receiving the user activation action, determine whether the received message is a mock malicious message or otherwise originated from a trusted sender by; determining whether any header field of a header section of the received message starts with a predetermined key, for any header field that starts with the predetermined key, further analyzing that header field to determine whether a value that follows the predetermined key satisfies a first trusted sender rule, if the value that follows the predetermined key satisfies the first trusted sender rule, determining that the received message originated from a trusted sender, and if the value that immediately follows the predetermined key does not satisfy the first trusted sender rule, determining that the received message did not originate from a trusted sender, if the client computing device determines that the received message did not originate from a trusted sender, forward the received message to a remote service, and if the client computing device determines that the received message originated from a trusted sender, enable the user to cause the client computing device to take action on the received message without further reporting the received message to the remote service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of assessing whether an electronic message originated from a trusted source, the method comprising:
-
by a client computing device, receiving an electronic message via a communications network; by the client computing device, receiving a user activation action that indicates that a user has reported the received message as a potentially malicious message; upon receiving the user activation action, by the client computing device, implementing programming instructions that are installed on the client computing device that cause the client computing device to determine a source of the received message by; determining whether any header field of a header section of the received message starts with a predetermined key, for any header field that starts with the predetermined key, further analyzing that header field to determine whether a value that follows the predetermined key satisfies a first trusted sender rule, if the value that follows the predetermined key satisfies the first trusted sender rule, determining that the received message may have originated from a trusted sender and enabling the user to use the client computing device to take action on the received message without further sending the received message to a remote service for analysis, and if the value that immediately follows the predetermined key does not satisfy the first trusted sender rule, sending the received message to the remote service for analysis. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An electronic message device, comprising:
-
a processor; and programming instructions configured to cause the electronic message device to; receive an electronic message via a communications network, receive a user activation action that indicates that a user has reported the received message as a potentially malicious message, and upon receiving the user activation action, determine whether the received message is a mock malicious message or otherwise originated from a trusted sender by; determining whether any header field of a header section of the received message starts with a predetermined key, for any header field that starts with the predetermined key, further analyzing that header field to determine whether a value that follows the predetermined key satisfies a first trusted sender rule, if the value that follows the predetermined key satisfies the first trusted sender rule, determining that the received message originated from a trusted sender, and if the value that immediately follows the predetermined key does not satisfy the first trusted sender rule, determining that the received message did not originate from a trusted sender; upon determining that the received message did not originate from a trusted sender, forward the received message to a cybersecurity analyzer server; and upon determining that the received message originated from a trusted sender, enable the user to cause the electronic message device to take action on the received message without further reporting the received message to the cybersecurity analyzer server. - View Dependent Claims (25, 26)
-
Specification