Trusted third party broker for collection and private sharing of successful computer security practices

US 9,787,719 B2
Filed: 02/26/2015
Issued: 10/10/2017
Est. Priority Date: 02/26/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for a trusted third party broker to collect information concerning successful computer security practices from a plurality of source organizations, and to share collected information at an inter-organizational level privately, the method comprising the steps of:

receiving, by a central computer, information concerning empirically successful computer security practices, from a plurality of remote computers associated with a plurality of source organizations, wherein different ones of the empirically successful computer security practices are being used at different ones of the plurality of source organizations;

amalgamating the information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, further comprising gleaning implicitly determined information about at least one of the plurality of source organizations of the received information;

analyzing the amalgamated information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, further comprising categorizing the amalgamated information based on the implicitly determined information about the at least one source organization;

identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization, based on analyzing category granularity of the amalgamated information;

removing source information from the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization; and

providing the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization, with the source information removed, wherein the at least one target organization does not receive information identifying the source of the provided information concerning empirically successful computer security practices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted third party broker collects information concerning successful computer security practices from multiple organizations, and privately shares collected information at an inter-organizational level. Information concerning empirically successful computer security practices is received from multiple source organizations. The information concerning empirically successful computer security practices received from the multiple source organizations is amalgamated and analyzed. Based on the analysis, specific information concerning empirically successful computer security practices is identified to share with specific target organizations. Once information to share with a target organization has been identified, any explicit and/or implicit source information that could identify the organization(s) from which the information originated is removed. The identified specific information concerning empirically successful computer security practices is then provided to the specific target organizations, with the source identifying information removed.

Citations

20 Claims

1. A computer implemented method for a trusted third party broker to collect information concerning successful computer security practices from a plurality of source organizations, and to share collected information at an inter-organizational level privately, the method comprising the steps of:
- receiving, by a central computer, information concerning empirically successful computer security practices, from a plurality of remote computers associated with a plurality of source organizations, wherein different ones of the empirically successful computer security practices are being used at different ones of the plurality of source organizations;
  
  amalgamating the information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, further comprising gleaning implicitly determined information about at least one of the plurality of source organizations of the received information;
  
  analyzing the amalgamated information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, further comprising categorizing the amalgamated information based on the implicitly determined information about the at least one source organization;
  
  identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization, based on analyzing category granularity of the amalgamated information;
  
  removing source information from the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization; and
  
  providing the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization, with the source information removed, wherein the at least one target organization does not receive information identifying the source of the provided information concerning empirically successful computer security practices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - receiving, by the central computer, rules used in an intrusion detection system by at least one specific source organization to prevent at least one attack, from at least one remote computer.
  - 3. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - receiving, by the central computer, rules used in a firewall by at least one specific source organization to prevent at least one attack, from at least one remote computer.
  - 4. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - receiving, by the central computer, rules used in a data loss prevention system by at least one specific source organization to prevent loss of data, from at least one remote computer.
  - 5. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - receiving, by the central computer, settings used in an anti-malware system by at least one specific source organization to prevent infection, from at least one remote computer.
  - 6. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - receiving, by the central computer, information concerning empirically successful computer security practices explicitly transmitted to the central computer by at least one specific source organization.
  - 7. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - reading, by the central computer, information concerning empirically successful computer security practices on at least one remote computer associated with at least one specific source organization.
  - 8. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - monitoring, by the central computer, computer security practices utilized by the plurality of source organizations; and
      
      inferring successful security practices based on results of utilizing the monitored computer security practices by the plurality of source organizations over time.
  - 9. The method of claim 1 wherein receiving information concerning empirically successful computer security practices further comprises:
    - receiving, by the central computer, updated computer security practices utilized by the plurality of remote computers associated with the plurality of source organizations over time.
  - 10. The method of claim 1 further comprising:
    - categorizing amalgamated information concerning empirically successful computer security practices based on industry.
  - 11. The method of claim 1 further comprising:
    - identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization based on industry.
  - 12. The method of claim 1 further comprising:
    - categorizing amalgamated information concerning empirically successful computer security practices based on type of organization.
  - 13. The method of claim 1 further comprising:
    - identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization based on type of organization.
  - 14. The method of claim 1 further comprising:
    - identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization based on size of organization.
  - 15. The method of claim 1 further comprising:
    - identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization based on at least one specific computer security vulnerability which the identified security practices have been empirically successful protecting against for at least one source organization.
  - 16. The method of claim 1 further comprising:
    - identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization based on at least one specific computer security vulnerability to which the at least one specific target organization is subject.
  - 17. The method of claim 1 wherein providing the identified specific information concerning empirically successful computer security practices to the at least one specific target organization further comprises:
    - transmitting, by the central computer, at least one recommendation concerning computer security practices to the at least one specific target organization.
  - 18. The method of claim 1 wherein providing the identified specific information concerning empirically successful computer security practices to the at least one specific target organization further comprises:
    - automatically updating, by the central computer, security settings of at least one remote computer associated with the at least one specific organization.

19. At least one non-transitory computer readable medium for a trusted third party broker to collect information concerning successful computer security practices from a plurality of source organizations, and to share collected information at an inter-organizational level privately, the at least one non-transitory computer readable medium storing computer executable instructions that, when loaded into computer memory and executed by at least one processor of at least one computing device, cause the at least one computing device to perform the following steps:
- receiving information concerning empirically successful computer security practices, from a plurality of remote computers associated with a plurality of source organizations, wherein different ones of the empirically successful computer security practices are being used at different ones of the plurality of source organizations;
  
  amalgamating the information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, further comprising gleaning implicitly determined information about at least one of the plurality of source organizations of the received information;
  
  analyzing the amalgamated information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, further comprising categorizing the amalgamated information based on the implicitly determined information about the at least one source organization;
  
  identifying specific information concerning empirically successful computer security practices to share with at least one specific target organization, based on analyzing category granularity of the amalgamated information;
  
  removing source information from the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization; and
  
  providing the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization, with the source information removed, wherein the at least one target organization does not receive information identifying the source of the provided information concerning empirically successful computer security practices.

20. A computer system for a trusted third party broker to collect information concerning successful computer security practices from a plurality of source organizations, and to share collected information at an inter-organizational level privately, the computer system comprising:
- a processor;
  
  system memory;
  
  an information receiving module residing in the system memory, the information receiving module being programmed to receive information concerning empirically successful computer security practices, from a plurality of remote computers associated with a plurality of source organizations, wherein different ones of the empirically successful computer security practices are being used at different ones of the plurality of source organizations;
  
  an amalgamating module residing in the system memory, the amalgamating module being programmed to amalgamate the information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, and glean implicitly determined information about at least one of the plurality of source organizations of the received information;
  
  an analyzing module residing in the system memory, the analyzing module being programmed to analyze the amalgamated information concerning empirically successful computer security practices received from the plurality of remote computers associated with the plurality of source organizations, and categorize the amalgamated information based on the implicitly determined information about the at least one source organization;
  
  an identifying module residing in the system memory, the identifying module being programmed to identify specific information concerning empirically successful computer security practices to share with at least one specific target organization, based on analyzing category granularity of the amalgamated information;
  
  an anonymizing module residing in the system memory, the anonymizing module being programmed to remove source information from the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization; and
  
  an information providing module residing in the system memory, the information providing module being programmed to provide the identified specific information concerning empirically successful computer security practices to share with the at least one specific target organization, with the source information removed, wherein the at least one target organization does not receive information identifying the source of the provided information concerning empirically successful computer security practices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Efstathopoulos, Petros
Primary Examiner(s)
Dinh, Minh

Application Number

US14/632,812
Publication Number

US 20160255113A1
Time in Patent Office

957 Days
Field of Search

726 1
US Class Current
CPC Class Codes

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 65/403   Arrangements for multi-part...

Trusted third party broker for collection and private sharing of successful computer security practices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted third party broker for collection and private sharing of successful computer security practices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links