Security threat reporting in light of local security tools
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/00
G06F-012/14
G06F-012/16
G08B-023/00
출원번호
US-0426917
(2006-06-27)
등록번호
US-8332947
(2012-12-11)
발명자
/ 주소
Bregman, Mark
Sobel, William E.
출원인 / 주소
Symantec Corporation
대리인 / 주소
Fenwick & West LLP
인용정보
피인용 횟수 :
14인용 특허 :
64
초록▼
When a client receives a potential threat source (PTS), a user of the client may desire to make an informed decision regarding the PTS. The PTS can be, for example, an email or instant message with an embedded executable, a link to a network destination (e.g., included in search engine results or an
When a client receives a potential threat source (PTS), a user of the client may desire to make an informed decision regarding the PTS. The PTS can be, for example, an email or instant message with an embedded executable, a link to a network destination (e.g., included in search engine results or an email, or webpage), or an executable file (e.g., downloaded from a website). The PTS is identified and characterized to establish a threat rating. The threat rating can then be presented to the user, so as to inform the user as to the PTS riskiness. The threat rating is determined in light of the local security tools available. If there are no local security tools that mitigate the threat of the PTS, then a security tool that is known to mitigate the threat can be identified and recommended to the user.
대표청구항▼
1. A computer implemented method for threat reporting in light of local security tools, comprising: using a computer to perform steps comprising: identifying a network link identifying a web site that is a potential threat source (PTS) for the computer;determining a plurality of security threats ass
1. A computer implemented method for threat reporting in light of local security tools, comprising: using a computer to perform steps comprising: identifying a network link identifying a web site that is a potential threat source (PTS) for the computer;determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer and unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; andproviding the adjusted threat rating to a user of the computer. 2. The method of claim 1 further comprising: identifying one or more characteristics of the web site, the characteristics selected from the set consisting of: a frequency with which the computer has visited the web site, whether a previous visit to the web site had a negative impact on the computer, a type of negative impact on the computer resulting from a previous visit to the web site, and a source of the network link identifying the web site; anddetermining threat weights associated with unmitigated ones of the identified characteristics;wherein the adjusted threat rating of the PTS is determined based at least in part on the threat weights of the unmitigated characteristics of the web site. 3. The method of claim 2, further comprising: normalizing a sum of the threat weights associated with the unmitigated characteristics of the web site to produce the threat adjusted rating. 4. The method of claim 1 further comprising: automatically determining one or more security tools that would mitigate one or more of the unmitigated security threats. 5. The method of claim 4 further comprising: automatically suggesting procurement of the one or more security tools to the user to improve the adjusted threat rating. 6. The method of claim 1 further comprising: automatically suggesting procurement of security tools to the user that would lower the adjusted threat rating. 7. The method of claim 1 wherein providing the adjusted threat rating to the user includes providing a graphical indicator. 8. The method of claim 1, further comprising: determining whether one or more of the plurality of security threats associated with characteristics of the web site identified by the network link are mitigated by security settings of a web browser used by the user to access web sites from the computer, wherein a security threat associated with a characteristic of the web site is designated a mitigated threat if it is mitigated by the security settings of the web browser. 9. The method of claim 1, wherein the network link is presented to the user on a web page, and wherein the adjusted threat rating is provided to the user of the computer in association with the presentation of the network link on the web page. 10. The method of claim 9, wherein the adjusted threat rating is provided to the user as a pop-up message. 11. A non-transitory computer-readable storage medium encoded with instructions, that when executed by one or more processors, cause the processors to carry out a process for threat reporting in light of local security tools, the process comprising: identifying a network link identifying a web site that is a potential threat source (PTS) for a computer;determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer and unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; andproviding the adjusted threat rating to a user of the computer. 12. The computer-readable storage medium of claim 11, the process further comprising: identifying one or more characteristics of the web site, the characteristics selected from the set consisting of: a frequency with which the computer has visited the web site, whether a previous visit to the web site had a negative impact on the computer, a type of negative impact on the computer resulting from a previous visit to the web site, and a source of the network link identifying the web site; anddetermining threat weights associated with unmitigated ones of the identified characteristics;wherein the adjusted threat rating of the PTS is determined based at least in part on the threat weights of the unmitigated characteristics of the web site. 13. The computer-readable storage medium of claim 11, the process further comprising: automatically determining one or more security tools that would mitigate one or more of the unmitigated security threats. 14. The computer-readable storage medium of claim 13, the process further comprising: automatically suggesting procurement of the one or more security tools to the user to improve the adjusted threat rating. 15. The computer-readable storage medium of claim 11, the process further comprising: automatically suggesting procurement of security tools to the user that would lower the adjusted threat rating. 16. A system for threat reporting in light of local security tools, comprising: a non-transitory computer-readable storage medium encoded with executable instructions for: identifying a network link identifying a web site that is a potential threat source (PTS) for a computer;determining a plurality of security threats associated with the PTS, wherein the plurality of security threats are associated with characteristics of the web site identified by the network link;determining an initial threat rating for the PTS based on the plurality of security threats associated with the PTS;identifying mitigated security threats of the plurality of security threats that are mitigated by local security on the computer;identifying unmitigated security threats of the plurality of security threats that are not mitigated by local security on the computer;adjusting the initial threat rating for the PTS to account for the mitigated security threats and the unmitigated security threats to produce an adjusted threat rating based on the unmitigated security threats; andproviding the adjusted threat rating to a user of the computer; anda processor for executing the instructions. 17. The system of claim 16 further comprising instructions for: identifying one or more characteristics of the web site, the characteristics selected from the set consisting of: a frequency with which the computer has visited the web site, whether a previous visit to the web site had a negative impact on the computer, a type of negative impact on the computer resulting from a previous visit to the web site, and a source of the network link identifying the web site; anddetermining threat weights associated with unmitigated ones of the identified characteristics;wherein the adjusted threat rating of the PTS is determined based at least in part on the threat weights of the unmitigated characteristics of the web site. 18. The system of claim 16 further comprising instructions for: automatically determining one or more security tools that would mitigate one or more of the unmitigated security threats. 19. The system of claim 18 further comprising instructions for: automatically suggesting procurement of the one or more security tools to the user to improve the adjusted threat rating. 20. The system of claim 16 further comprising instructions for: automatically suggesting procurement of security tools to the user that would lower the adjusted threat rating.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (64)
Paul Sunil, Apparatus and method for controlling delivery of unsolicited electronic mail.
Thomas Mark Hastings ; Michael E. McNeil ; Todd S. Glassey ; Gerald L. Willett, Controlling access to stored information based on geographical location and date and time.
Kangho Lee ; James Daniel Wiggins ; David Wayne Bonn ; Randall Craig Boroughs, Device and method for graphically displaying data movement in a secured network.
Michael Olivier, Dynamically matching users for group communications based on a threshold degree of matching of sender and recipient predetermined acceptance criteria.
MacDoran Peter F. ; Mathews Michael B. ; Ziel Fred A. ; Gold Kenn L. ; Anderson Steven M. ; Coffey Mark A. ; Denning Dorothy E., Method and apparatus for authenticating the location of remote users of networked computing systems.
Ram Subbaroyan ; Yongdong Wang ; Paul Andre Gauthier ; Douglas Michael Cook ; Douglass Russell Judd, Method and apparatus for identifying spoof documents.
Castelli Vittorio ; Hutchins Sharmila Thadhani ; Li Chung-Sheng ; Turek John Joseph Edward, Modifying an unreliable training set for supervised classification.
Wilson Gregory S. (Merrimack County NH) Halpert David E. (Windsor County VT) Chaffee Mark A. (Grafton County NH), Programmable motion controller with graphical programming aid.
Rakesh Agrawal ; Andreas Arning DE; Roland Seiffert DE; Ramakrishnan Srikant, Self-adaptive method and system for providing a user-preferred ranking order of object sets.
Piccionelli Gregory A. ; Rittmaster Ted R., System and process for limiting distribution of information on a communication network based on geographic location.
Tracy, Richard P.; Smith, Peter A.; Berman, Lon J.; Catlin, Gary M.; Wilson, David J.; Barrett, Hugh; Hall, Jr., Larry L., System, method and medium for certifying and accrediting requirements compliance.
Horvitz Eric ; Heckerman David E. ; Dumais Susan T. ; Sahami Mehran ; Platt John C., Technique which utilizes a probabilistic classifier to detect "junk" e-mail by automatically updating a training and re-training the classifier based on the updated training set.
Te-Won Lee ; Michael S. Lewicki ; Terrence J. Sejnowski, Unsupervised adaptation and classification of multiple classes and sources in blind signal separation.
Wescoe, Kurt; Campbell, John T.; Ferrara, Joseph A.; Hawthorn, Trevor T.; Himler, Alan; Sadeh-Koniecpol, Norman, Advanced processing of electronic messages with attachments in a cybersecurity system.
Wescoe, Kurt; Campbell, John T.; Ferrara, Joseph A.; Hawthorn, Trevor T.; Himler, Alan; Sadeh-Koniecpol, Norman, Advanced processing of electronic messages with attachments in a cybersecurity system.
Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
Himler, Alan; Campbell, John T.; Ferrara, Joseph A.; Hawthorn, Trevor T.; Sadeh-Koniecpol, Norman; Wescoe, Kurt, Method and system for assessing and classifying reported potentially malicious messages in a cybersecurity system.
Himler, Alan; Campbell, John T.; Ferrara, Joseph A.; Hawthorn, Trevor T.; Sadeh-Koniecpol, Norman; Wescoe, Kurt, Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system.
Himler, Alan; Campbell, John T.; Ferrara, Joseph A.; Hawthorn, Trevor T.; Sadeh-Koniecpol, Norman; Wescoe, Kurt, Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system.
Khetawat, Rupesh Hanumant; Ghatge, Amol Sharadchandra; Sonawane, Sagar Shashikant, Systems and methods for increasing compliance with data loss prevention policies.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.