Cyber-security system and methods thereof

US 9,979,753 B2
Filed: 12/30/2016
Issued: 05/22/2018
Est. Priority Date: 07/18/2014
Status: Active Grant

First Claim

Patent Images

1. A method for adaptively securing a protected entity against cyber-threats, comprising:

activating a security application configured to handle a cyber-threat;

receiving a plurality of feeds during a runtime of the security application;

analyzing the plurality of received feeds to determine if the security application is required to be re-programmed to perform an optimized action to efficiently protect against the cyber-threat; and

re-programming, during the runtime, the security application, when it is determined that the security application requires performance of the optimized action;

wherein the optimized action includes at least a mitigation action.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for adaptively securing a protected entity against cyber-threats. The method includes: activating a security application configured to handle a cyber-threat; receiving a plurality of feeds during a runtime of the security application; analyzing the plurality of received feeds to determine if the security application is required to be re-programmed to perform an optimized action to efficiently protect against the cyber-threat; and re-programming, during the runtime, the security application, when it is determined that the security application requires performance of the optimized action.

42 Citations

View as Search Results

29 Claims

1. A method for adaptively securing a protected entity against cyber-threats, comprising:
- activating a security application configured to handle a cyber-threat;
  
  receiving a plurality of feeds during a runtime of the security application;
  
  analyzing the plurality of received feeds to determine if the security application is required to be re-programmed to perform an optimized action to efficiently protect against the cyber-threat; and
  
  re-programming, during the runtime, the security application, when it is determined that the security application requires performance of the optimized action;
  
  wherein the optimized action includes at least a mitigation action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the optimized action further includes an investigation action.
  - 3. The method of claim 1, wherein the security application is from a plurality of security applications, wherein each of the plurality of security applications is configured to handle a different type of cyber-threat, and wherein the at least one security application is configured to execute a first set of security services assigned to the at least one selected security application.
  - 4. The method of claim 3, wherein each of the plurality of feeds includes a signal generated by a security service of the first set of security services.
  - 5. The method of claim 4, wherein each risk intelligence feed indicates any one of:
    - a new cyber-threat and a modification of the cyber-threat.
  - 6. The method of claim 5, wherein each security service in the first set of security services is at least one of:
    - a network anomaly security service, a user application anomaly security service, a sandbox security service, a reputation security service, a user identity security service, an attack signatures security service, a challenge-response security service, a real-time fingerprint generation security service, an anti-virus security service, and a Web application security service.
  - 7. The method of claim 1, wherein analyzing the plurality of received feeds further comprises:
    - checking if the cyber-threat is in a state that requires any one of;
      
      investigating the cyber-threat and mitigating the cyber-threat.
  - 8. The method of claim 3, further comprising:
    - checking if each security service of the first set of security services is optimized to at least investigate or mitigate the cyber-threat.
  - 9. The method of claim 3, wherein re-programming the security application further comprises:
    - assigning a second set of security services to the security application; and
      
      configuring the security application to execute the second set of security services, wherein the second set of security services is optimized to perform the optimized action.
  - 10. The method of claim 3, further comprising:
    - re-programming at least one security service of the first set of security to defend against the cyber-threat.
  - 11. The method of claim 1, further comprising:
    - saving at least one of the reprogrammed security application and the security application in a central repository, thereby allowing sharing of each saved security application with at least one cybersecurity system.
  - 12. The method of claim 11, wherein each of the reprogrammed security application and the security application is imported to the at least one cybersecurity system.
  - 13. The method of claim 12, wherein the cyber-threat is at least an on-going multi-vector attack campaign.
  - 14. The method of claim 1, wherein the security application is deployed in any computing environment including the protected entity regardless of security systems operable in the computing environment.

15. A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process for adaptively securing a protected entity against cyber-threats, the process comprising:
- activating a security application configured to handle a cyber-threat;
  
  receiving a plurality of feeds during a runtime of the security application;
  
  analyzing the plurality of received feeds to determine if the security application is required to be re-programmed to perform an optimized action to efficiently protect against the cyber-threat; and
  
  re-programming, during the runtime, the security application, when it is determined that the security application requires performance of the optimized action;
  
  wherein the optimized action includes at least a mitigation action.

16. A system for adaptively securing a protected entity against cyber-threats, comprising:
- a processing circuitry; and
  
  a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to;
  
  activate a security application configured to handle a cyber-threat;
  
  receive a plurality of feeds during a runtime of the security application;
  
  analyze the plurality of received feeds to determine if the security application is required to be re-programmed to perform an optimized action to efficiently protect against the cyber-threat; and
  
  re-program, during the runtime, the security application, when it is determined that the security application requires performance of the optimized action;
  
  wherein the optimized action includes at least a mitigation action.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 17. The system of claim 16, wherein the optimized action further includes an investigation action.
  - 18. The system of claim 16, wherein the security application is from a plurality of security applications, wherein each of the plurality of security applications is configured to handle a different type of cyber-threat, and wherein the at least one security application is configured to execute a first set of security services assigned to the at least one selected security application.
  - 19. The system of claim 18, wherein each of the plurality of feeds includes a signal generated by a security service of the first set of security services.
  - 20. The system of claim 19, wherein each risk intelligence feed indicates any one of:
    - a new cyber-threat and a modification of the cyber-threat.
  - 21. The system of claim 20, wherein each security service in the first set of security services is at least one of:
    - a network anomaly security service, a user application anomaly security service, a sandbox security service, a reputation security service, a user identity security service, an attack signatures security service, a challenge-response security service, a real-time fingerprint generation security service, an anti-virus security service, and a Web application security service.
  - 22. The system of claim 16, wherein the system is further configured to:
    - check if the cyber-threat is in a state that requires any one of;
      
      investigating the cyber-threat and mitigating the cyber-threat.
  - 23. The system of claim 18, wherein the system is further configured to:
    - check if each security service of the first set of security services is optimized to at least investigate or mitigate the cyber-threat.
  - 24. The system of claim 18, wherein the system is further configured to:
    - assign a second set of security services to the security application; and
      
      configure the security application to execute the second set of security services, wherein the second set of security services is optimized to perform the optimized action.
  - 25. The system of claim 18, wherein the system is further configured to:
    - re-program at least one security service of the first set of security to defend against the cyber-threat.
  - 26. The system of claim 16, wherein the system is further configured to:
    - save at least one of the reprogrammed security application and the security application in a central repository, thereby allowing sharing of each saved security application with at least one cybersecurity system.
  - 27. The system of claim 26, wherein each of the reprogrammed security application and the security application is imported to the at least one cybersecurity system.
  - 28. The system of claim 27, wherein the cyber-threat is at least an on-going multi-vector attack campaign.
  - 29. The system of claim 16, wherein the security application is deployed in any computing environment including the protected entity regardless of security systems operable in the computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cybereason, Inc.
Original Assignee
empow Cyber Security Ltd.
Inventors
Chesla, Avi
Primary Examiner(s)
To, Baotran N

Application Number

US15/395,009
Publication Number

US 20170111396A1
Time in Patent Office

508 Days
Field of Search

726 23
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/56   Computer malware detection ...

H04L 63/02   for separating internal fro...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/1483   service impersonation, e.g....

H04L 63/20   for managing network securi...

Cyber-security system and methods thereof

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Cyber-security system and methods thereof

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links