Reputation-based threat protection

摘要

Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

主权项

1. A method for reputation-based threat protection, the method comprising:
maintaining one or more dictionaries for identifying sensitive data in memory, wherein the sensitive data is defined by policies of an identified organization; maintaining information in one or more databases concerning a plurality of identified threats; intercepting an e-mail message from a sender in the organization and addressed to a destination outside of the organization, wherein the e-mail message is intercepted prior to leaving a communication network of the organization; executing instructions stored in memory, wherein execution of the instructions by a processor:
determines that the intercepted e-mail message includes sensitive data by searching for predefined patterns, wherein searching comprises reference to the one or more dictionaries stored in memory for identifying the sensitive data,identifies the e-mail message is a threat based on one or more reputation scores associated with the e-mail message and the determination that the e-mail message includes sensitive data, wherein the e-mail message is associated with the one or more reputation scores using the maintained information, andapplies one or more enforcement actions based on the determination that the e-mail message includes sensitive data; and notifying the sender that the e-mail message was identified to be a threat.