Real-time network updates for malicious content
First Claim
Patent Images
1. A method for identifying network threats, the method comprising:
- receiving data over a communication network from one or more real-time data feeds;
aggregating data from a plurality of sources regarding the one or more real-time data feeds;
breaking down the received data from the one or more real-time data feeds into a series of components;
generating reputation scores for each component;
generating a signature based on the received data from at least one of the real-time data feeds;
identifying that the signature is associated with a pattern that has a bad reputation;
identifying that the at least one real-time data feed is associated with malicious content based on a reputation score of a component associated with the identified real-time data feed; and
blocking the identified real-time data feed based on the association with the malicious content and the signature being associated with the pattern that has the bad reputation.
9 Assignments
0 Petitions
Accused Products
Abstract
A global response network collects, analyzes, and distributes “cross-vector” threat-related information between security systems to allow for an intelligent, collaborative, and comprehensive real-time response.
37 Citations
16 Claims
-
1. A method for identifying network threats, the method comprising:
-
receiving data over a communication network from one or more real-time data feeds; aggregating data from a plurality of sources regarding the one or more real-time data feeds; breaking down the received data from the one or more real-time data feeds into a series of components; generating reputation scores for each component; generating a signature based on the received data from at least one of the real-time data feeds; identifying that the signature is associated with a pattern that has a bad reputation; identifying that the at least one real-time data feed is associated with malicious content based on a reputation score of a component associated with the identified real-time data feed; and blocking the identified real-time data feed based on the association with the malicious content and the signature being associated with the pattern that has the bad reputation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor for implementing a method for identifying network threats, the method comprising:
-
receiving data over a communication network from one or more real-time data feeds; aggregating data from a plurality of sources regarding the one or more real-time data feeds; breaking down the received data from the one or more real-time data feeds into a series of components; generating reputation scores for each component; generating a signature based on the received data from at least one of the real-time data feed; identifying that the signature is associated with a pattern that has a bad reputation; identifying that the at least one real-time data feed is associated with malicious content based on a reputation score of a component associated with the identified real-time data feed; and blocking the identified real-time data feed based on the association with the malicious content and the signature being associated with the pattern that has the bad reputation. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for identifying network threats, the system comprising:
-
a communication network interface of a computing device that receives data over a communication network from one or more real-time data feeds; and a memory; a processor of the computing device that executes instructions stored in the memory, wherein execution of the instructions by the processor; aggregates data from a plurality of sources regarding the one or more real-time data feeds; breaks down the received data from the one or more real-time data feeds into a series of components; generates reputation scores for each component; generates a signature from the received data from at least one of the real-time data feed; identifies that the signature is associated with a pattern that has a bad reputation; identifies that the at least one real-time data feed is associated with malicious content based on a reputation score of a component associated with the identified real-time data feed; and blocks the identified real-time data feed based on the association with the malicious content and the signature being associated with the pattern that has the bad reputation. - View Dependent Claims (16)
-
Specification