Security sharing system
First Claim
Patent Images
1. A system for sharing of security information, the system comprising:
- one or more computing devices programmed, via executable code instructions, to;
receive a first plurality of security attack data objects from a first entity, the first plurality of security attack data objects comprising information regarding one or more security attacks detected by the first entity, each security attack data object from the first plurality of security attack data objects associated with a first access control list comprising indications of privacy of respective security attack data objects or indications of respective one or more entities permissioned to receive respective security attack data objects;
determine a first subset of the first plurality of security attack data objects permissioned to be shared by the first entity based at least in part on the first access control list;
share the first subset of security attack data objects with respective entities based at least in part on the first access control list;
receive a second plurality of security attack data objects from a second entity, the second plurality of security attack objects comprising information regarding one or more security attacks detected by the second entity, each security attack data object from the second plurality of security attack data objects associated with a second access control list comprising indications of privacy of respective security attack data objects or indications of respective one or more entities permissioned to receive respective security attack data objects;
determine a second subset of the second plurality of security attack data objects permissioned to be shared by the second entity based at least in part on the second access control list;
share the second subset of security attack data objects with respective entities based at least in part on the second access control list;
receive a ruleset from a third entity, wherein the ruleset is generated by the third entity, the ruleset based at least in part on one or more shared security attack data objects from the first entity and one or more shared security attack data objects from the second entity, wherein the ruleset comprises code instructions executable by a plurality of entities to detect one or more security attacks, and wherein execution of the code instructions of the ruleset identifies malicious behavior of one or more security attacks, and wherein execution of the code instructions of the ruleset further accesses one or more third data objects associated with respective entities to identify the malicious behavior associated with respective entities, the one or more third data objects comprising at least one of IP address data, proxy data, user login data, malware data, virtual private network data, hostname data, data associated with computing device behavior, or network data, and wherein the ruleset is associated with a ruleset access control list, the ruleset access control list indicating respective one or more entities permissioned to receive the ruleset; and
share the ruleset with respective entities based at least in part on the ruleset access control list.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
672 Citations
20 Claims
-
1. A system for sharing of security information, the system comprising:
one or more computing devices programmed, via executable code instructions, to; receive a first plurality of security attack data objects from a first entity, the first plurality of security attack data objects comprising information regarding one or more security attacks detected by the first entity, each security attack data object from the first plurality of security attack data objects associated with a first access control list comprising indications of privacy of respective security attack data objects or indications of respective one or more entities permissioned to receive respective security attack data objects; determine a first subset of the first plurality of security attack data objects permissioned to be shared by the first entity based at least in part on the first access control list; share the first subset of security attack data objects with respective entities based at least in part on the first access control list; receive a second plurality of security attack data objects from a second entity, the second plurality of security attack objects comprising information regarding one or more security attacks detected by the second entity, each security attack data object from the second plurality of security attack data objects associated with a second access control list comprising indications of privacy of respective security attack data objects or indications of respective one or more entities permissioned to receive respective security attack data objects; determine a second subset of the second plurality of security attack data objects permissioned to be shared by the second entity based at least in part on the second access control list; share the second subset of security attack data objects with respective entities based at least in part on the second access control list; receive a ruleset from a third entity, wherein the ruleset is generated by the third entity, the ruleset based at least in part on one or more shared security attack data objects from the first entity and one or more shared security attack data objects from the second entity, wherein the ruleset comprises code instructions executable by a plurality of entities to detect one or more security attacks, and wherein execution of the code instructions of the ruleset identifies malicious behavior of one or more security attacks, and wherein execution of the code instructions of the ruleset further accesses one or more third data objects associated with respective entities to identify the malicious behavior associated with respective entities, the one or more third data objects comprising at least one of IP address data, proxy data, user login data, malware data, virtual private network data, hostname data, data associated with computing device behavior, or network data, and wherein the ruleset is associated with a ruleset access control list, the ruleset access control list indicating respective one or more entities permissioned to receive the ruleset; and share the ruleset with respective entities based at least in part on the ruleset access control list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
15. Non-transitory computer storage comprising instructions for causing one or more computing devices to share security information by:
-
receiving security attack data from a first entity, the security attack data comprising information regarding one or more security attacks detected by the first entity, wherein an access control list is associated with at least a portion of the security attack data, the access control list indicating respective one or more entities permissioned to receive the portion of security attack data; transmitting the portion of security attack data to respective one or more entities, wherein said transmitting of the portion of security attack data to respective one or more entities is in accordance with the access control list; receiving a ruleset from a second entity, the ruleset based at least in part on the security attack data from the first entity, wherein the ruleset be comprises code instructions executable by a plurality of entities to detect one or more security attacks, and wherein execution of the code instructions of the ruleset identifies malicious behavior of one or more security attacks, and wherein execution of the code instructions of the ruleset accesses one or more data objects associated with respective entities to identify the malicious behavior associated with the respective entities, the one or more data objects comprising at least one of IP address data, proxy data, user login data, malware data, virtual private network data, hostname data, data associated with computing device behavior, or network data, and wherein the ruleset is associated with a ruleset access control list, the ruleset access control list indicating respective one or more entities permissioned to receive the ruleset; and transmitting the ruleset to respective one or more entities, wherein said transmitting of the ruleset to respective one or more entities is in accordance with the ruleset access control list. - View Dependent Claims (16, 17, 18)
-
-
19. A method for sharing security information comprising:
-
receiving a plurality of security attack data items from one or more entities, the plurality of security attack data items comprising information regarding one or more security attacks detected by respective entities, wherein an access control list is associated with each security attack data item from the plurality of security attack data items, the access control list associated with a respective security attack data item indicating that respective one or more entities permissioned to receive the respective security attack data item; generating a ruleset based on at least one security attack data item from the plurality of security attack data items, wherein the ruleset comprises code instructions executable by a plurality of the entities to detect one or more security attacks, and wherein execution of the code instructions of the ruleset identifies malicious behavior of one or more security attacks, and wherein execution of the code instructions of the ruleset accesses one or more data objects associated with respective entities to identify the malicious behavior associated with the respective entities, the one or more data objects comprising at least one of IP address data, proxy data, user login data, malware data, virtual private network data, hostname data, data associated with computing device behavior, or network data; transmitting at least one security attack data item from the plurality of security attack data items to respective one or more entities based at least in part on respective access control lists; and transmitting the ruleset to one or more entities. - View Dependent Claims (20)
-
Specification