| 发明名称 | Attack notification | ||
| 摘要 | Systems, methods, and machine-readable and executable instructions are provided for attack notification. Attack notification can include receiving security-related data from a number of computing devices that are associated with a number of entities through a communication link and analyzing a first portion of the security-related data that is associated with a first entity from the number of entities to determine whether the first entity has experienced an attack. Attack notification can include analyzing a second portion of the security-related data that is associated with a second entity from the number of entities and the first portion of the security-related data that is associated with the first entity to determine whether the second entity is experiencing the attack. Attack notification can include notifying, through the communication link, the second entity that the second entity is experiencing the attack if it is determined that the second entity is experiencing the attack. | ||
| 申请公布号 | US9456001(B2) | 申请公布日期 | 2016.09.27 |
| 申请号 | US201313755007 | 申请日期 | 2013.01.31 |
| 申请人 | Hewlett Packard Enterprise Development LP | 发明人 | Bhatt Sandeep N.;Sander Tomas;Singla Anurag |
| 分类号 | H04L29/06;G06F21/55 | 主分类号 | H04L29/06 |
| 代理机构 | Brooks, Cameron & Huebsch, PLLC | 代理人 | Brooks, Cameron & Huebsch, PLLC |
| 主权项 | 1. A method for attack notification comprising: receiving, through a communication link, security-related data from each of a plurality of computing devices that are each associated with one of a plurality of entities, each entity being a separate organization; clustering, by a threat exchange server, the plurality of entities into groups based on characteristics that define the plurality of entities; analyzing, by the threat exchange server, a first portion of the security-related data that is associated with a first entity from the plurality of entities to determine whether the first entity has experienced an attack; determining that the first entity experienced an attack; without evidence of the attack on a second entity of the plurality of entities, sending, through the communication link, an early warning to the second entity based on cluster placement of both the first entity and the second entity; analyzing, by the threat exchange server, a second portion of the security-related data that is associated with the second entity and the first portion of the security-related data that is associated with the first entity to identify partial evidence of the attack on the second entity; and in response to identifying partial evidence of the attack on the second entity, sending a confirmed warning, through the communication link, to the second entity, wherein the early warning and the confirmed warning are sent based on rankings, and wherein the rankings are based on at least one of: a severity of the attack; a duration of the attack; a number of patterns associated with the attack; or a number of entities that are experiencing the attack. | ||
| 地址 | Houston TX US | ||