Using private threat intelligence in public cloud
US11044270B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 13, 2017 |
| Grant date | Jun 22, 2021 |
| Priority date | — |
| Expiry date | Mar 4, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A distributed security system and method are disclosed that enable access to known threat events from threat intelligence feeds when the system includes public cloud components. A cloud-based security policy system stores observable events for security incidents detected by and sent from user devices within an enterprise network. The observable events include observable indicators for characterizing the observable events. The threat events within the feeds include threat indicators for characterizing the threat events. An on-premises connector within the enterprise network downloads the observable indicators from the security policy system and the threat indicators from the feeds. In response to determining that any observable indicators match any threat indicators, the on-premises connector provides access to the threat events and/or the observable events having the matching indicators. In one example, the on-premises connector generates opaque query strings for users on user devices to access the threat events/observable events having the matching indicators.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.