Patent · US Active

Enrichment and analysis of cybersecurity threat intelligence and orchestrating application of threat intelligence to selected network security events

US10681071B1 · kind B1 · utility

12Cited by

2References

18Claims

0Family size

Assignee

ThreatConnect, Inc. · US

Inventors

Andrew Pendergast · Columbia, US
Andrew Gidwani · Jessup, US
Daniel Cole · Fairfax, US
Jason Spies · Clifton, US
Bhaskar Karambelkar · Ashburn, US
Christopher Johnson · Washington, US
Danny Tineo · Charlotte, US

Key dates

Filing date	Aug 2, 2017
Grant date	Jun 9, 2020
Priority date	—
Expiry date	Jul 7, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques are disclosed which can provide an orchestrated response to a cybersecurity threat. This orchestrated response may be based upon, at least in part, a reputation score. Threat model(s) may be received that identify cybersecurity threat(s). An indication of observations, false positives, and/or page views for the threat may be obtained. Data feeds may be received including known good data feeds, known bad data feeds, and enrichment data feeds. The data feeds may provide information about one or more indicators of compromise (IOC). For each IOC, a weighted criticality score may be determined. The weighted criticality score may be mapped to a corresponding point value. An aggregated score may be determined based upon at least the corresponding point value. A reputation score may be computed, and in some configurations, provided to a user.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.