Internet security cyber threat reporting system and method

摘要

A risk assessment and managed security system for network users provides security services for dealing with formidable cyber threats, malware creations and phishing techniques. Automated solutions in combination with human-driven solutions establish an always-alert positioning for incident anticipation, mitigation, discovery and response. Assessments of threats are made and reported to a client system being monitored. The system provides an ability to receive in different file formats, and/or export from leading IT asset products asset lists for client enterprise computer systems and infrastructure, so that assets are linked to the client computer systems that are described in an incident that is being reported to the client.

主权项

1. A computer-implemented method for detecting and reporting an internet cyber threat, the method performed using one or more computer processors, the method comprising:
connecting to a client system; monitoring cyber threat incidents on the client system; collecting cyber threat data for the cyber threat incidents, the cyber threat data from a plurality of threat intelligence sources; weighting the cyber threat data based on past performance by the threat intelligence source of the plurality of threat intelligence sources providing the cyber threat data; sorting the cyber threat data based on the weight; storing the sorted cyber threat data in an incident database; producing an incident list including cyber threat incidents on the client system, the incident list including unclaimed cyber threat incidents in the incident database that include characteristics that match a nuniber of years of experience, understanding of the client system, and familiarity with analyst tools of an analyst as identified in an analyst profile stored in the incident database, the incident list including cyber threat incidents prioritized based on severity and time, with the most severe and most urgent cyber threat incident that matches the analyst profile with a highest priority; selecting the highest priority cyber threat incident in the incident list for analysis by the analyst; retrieving cyber threat data regarding the highest priority incident from the incident database; displaying the sorted cyber threat data about the at least one incident to the analyst; receiving a recommended course action and modification to the client system by the analyst based on the sorted cyber threat data; transmitting an incident report to the client system, wherein the incident report includes a recommended course of action and recommended modification to the client system; closing the incident report; and updating the incident database with the closed incident report.