Techniques for sharing network security event information

Assignee

• ServiceNow, Inc. · US

Inventors

• Richard Reybok · Fremont, US
• Andreas Seip Haugsnes · Mountain View, US
• Kurt Joseph Zettel, II · Nashville, US
• Jeffrey Rhines · San Antonio, US
• Henry Geddes · Corte Madera, US
• Volodymyr Osypov · Mountain View, US
• Scott Lewis · Sunnyvale, US
• Sean Brady · San Diego, US
• Mark M. Manning · Penfield, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/145
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.