Cyber security sharing and identification system
First Claim
Patent Images
1. A computer implemented method comprising:
- by a computer system comprising one or more computer hardware processors and one or more storage devices,communicating with a plurality of entities;
receiving security attack data from a first entity of the plurality of entities, the security attack data comprising information regarding one or more first security attacks;
identifying, based on sharing rules associated with the first entity, one or more recipient entity of a subset of the plurality of entities that are authorized to access a ruleset from the first entity; and
facilitating sharing of the ruleset from the first entity to the one or more recipient entity,wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the security attack data,wherein the ruleset comprises instructions selectably applicable by the one or more recipient entity to detect a potential security attack,wherein the instructions are configured to;
in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
675 Citations
16 Claims
-
1. A computer implemented method comprising:
-
by a computer system comprising one or more computer hardware processors and one or more storage devices, communicating with a plurality of entities; receiving security attack data from a first entity of the plurality of entities, the security attack data comprising information regarding one or more first security attacks; identifying, based on sharing rules associated with the first entity, one or more recipient entity of a subset of the plurality of entities that are authorized to access a ruleset from the first entity; and facilitating sharing of the ruleset from the first entity to the one or more recipient entity, wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the security attack data, wherein the ruleset comprises instructions selectably applicable by the one or more recipient entity to detect a potential security attack, wherein the instructions are configured to; in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface. - View Dependent Claims (2, 3, 4, 5)
-
-
6. Non-transitory computer storage medium comprising instructions for causing one or more computing devices to perform operations comprising:
-
communicating with a plurality of entities; receiving security attack data from a first entity of the plurality of entities, the security attack data comprising information regarding one or more first security attacks; identifying, based on sharing rules associated with the first entity, one or more recipient entity of a subset of the plurality of entities that are authorized to access a ruleset from the first entity; and transmitting at least a portion of a ruleset from the first entity to the one or more recipient entity, wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the security attack data, wherein the ruleset comprises instructions selectably applicable by the one or more recipient entity to detect a potential security attack, wherein the instructions are configured to; in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface. - View Dependent Claims (7, 8, 9)
-
-
10. A system for sharing security information, the system comprising:
one or more computer processors executing code instructions, to; communicate with a plurality of entities; receive security attack data from a first entity of the plurality of entities, the security attack data comprising information regarding one or more first security attacks; identify, based on sharing rules associated with the first entity, one or more recipient entity of a subset of the plurality of entities that are authorized to access ruleset data from the first entity; and facilitate sharing of at least a portion of a ruleset from the first entity to the one or more recipient entity, wherein the ruleset (i) is determined by the first entity, and (ii) is associated with the security attack data, wherein the ruleset comprises instructions selectably applicable by the one or more recipient entity to detect a potential security attack, wherein the instructions are configured to; in response to detecting the potential security attack, add data associated with the potential security attack to a cluster as a seed, wherein the cluster comprises a plurality of connected objects and a representation of the cluster is displayable in a user interface. - View Dependent Claims (11, 12, 13, 14, 15, 16)
Specification