Cyber security sharing and identification system
First Claim
Patent Images
1. A system for sharing security information, the system comprising:
- a plurality of entities, wherein each entity of the plurality of entities comprises a network of computing devices; and
one or more computing devices programmed, via executable code instructions, to;
share a first plurality of security attack data, the first plurality of security attack data comprising information regarding one or more first security attacks;
receive a ruleset from a first entity of the plurality of entities, the ruleset comprising instructions selectably applicable by an entity of the plurality of entities to detect one or more security attacks, wherein the ruleset is generated by the first entity, and wherein the ruleset is associated with the first plurality of security attack data; and
apply the ruleset at a second entity of the plurality of entities to identify malicious behavior of a potential or actual security attack, wherein applying the ruleset comprises;
identifying a plurality of network communications associated with a network of computing devices of the second entity, wherein the plurality of network communications are from the network of computing devices of the second entity to an external computing device;
identifying an elapsed time between at least two communications of the plurality of network communications; and
determining that the elapsed time is within a predetermined time interval, wherein said determination indicates beaconing behavior.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
-
Citations
20 Claims
-
1. A system for sharing security information, the system comprising:
-
a plurality of entities, wherein each entity of the plurality of entities comprises a network of computing devices; and one or more computing devices programmed, via executable code instructions, to; share a first plurality of security attack data, the first plurality of security attack data comprising information regarding one or more first security attacks; receive a ruleset from a first entity of the plurality of entities, the ruleset comprising instructions selectably applicable by an entity of the plurality of entities to detect one or more security attacks, wherein the ruleset is generated by the first entity, and wherein the ruleset is associated with the first plurality of security attack data; and apply the ruleset at a second entity of the plurality of entities to identify malicious behavior of a potential or actual security attack, wherein applying the ruleset comprises; identifying a plurality of network communications associated with a network of computing devices of the second entity, wherein the plurality of network communications are from the network of computing devices of the second entity to an external computing device; identifying an elapsed time between at least two communications of the plurality of network communications; and determining that the elapsed time is within a predetermined time interval, wherein said determination indicates beaconing behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Non-transitory computer storage comprising instructions for causing one or more computing devices to perform operations comprising:
-
sharing a first plurality of security attack data, the first plurality of security attack data comprising information regarding one or more first security attacks; receiving a ruleset from a first entity of a plurality of entities, the ruleset comprising instructions selectably applicable by an entity of the plurality of entities to detect one or more security attacks, wherein the ruleset is generated by the first entity, and wherein the ruleset is associated with the first plurality of security attack data, and wherein each entity of the plurality of entities comprises a network of computing devices; and applying the ruleset at a second entity of the plurality of entities to identify malicious behavior of a potential or actual security attack, wherein applying the ruleset comprises; identifying a plurality of network communications associated with a network of computing devices of the second entity, wherein the plurality of network communications are from the network of computing devices of the second entity to an external computing device; identifying an elapsed time between at least two communications of the plurality of network communications; and determining that the elapsed time is within a predetermined time interval, wherein said determination indicates beaconing behavior. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer implemented method comprising:
-
receiving a ruleset at a second entity of a plurality of entities, wherein the ruleset comprises instructions selectably applicable by an entity of the plurality of entities to detect one or more security attacks, wherein the ruleset was generated by a first entity of the plurality of entities, wherein the ruleset is associated with a first plurality of security attack data, and wherein each entity of the plurality of entities comprises a network of computing devices; and applying the ruleset at the second entity to identify a potential or actual security attack at the second entity, wherein applying the ruleset comprises; identifying a plurality of network communications associated with a network of computing devices of the second entity, wherein the plurality of network communications are from the network of computing devices of the second entity to an external computing device; identifying an elapsed time between at least two communications of the plurality of network communications; and determining that the elapsed time is within a predetermined time interval, wherein said determination indicates beaconing behavior. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification