Security sharing system

摘要

Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

主权项

1. A system for sharing of security information, the system comprising:
one or more computing devices programmed, via executable code instructions, to:
receive a first plurality of security attack data objects from a first entity, the first plurality of security attack data objects comprising information regarding one or more security attacks detected by the first entity, each security attack data object from the first plurality of security attack data objects associated with a first access control list comprising indications of privacy of respective security attack data objects or indications of respective one or more entities permissioned to receive respective security attack data objects;determine a first subset of the first plurality of security attack data objects permissioned to be shared by the first entity based at least in part on the first access control list;share the first subset of security attack data objects with respective entities based at least in part on the first access control list;receive a second plurality of security attack data objects from a second entity, the second plurality of security attack objects comprising information regarding one or more security attacks detected by the second entity, each security attack data object from the second plurality of security attack data objects associated with a second access control list comprising indications of privacy of respective security attack data objects or indications of respective one or more entities permissioned to receive respective security attack data objects;determine a second subset of the second plurality of security attack data objects permissioned to be shared by the second entity based at least in part on the second access control list;share the second subset of security attack data objects with respective entities based at least in part on the second access control list;receive a ruleset from a third entity, wherein the ruleset is generated by the third entity, the ruleset based at least in part on one or more shared security attack data objects from the first entity and one or more shared security attack data objects from the second entity, wherein the ruleset comprises code instructions executable by a plurality of entities to detect one or more security attacks, and wherein execution of the code instructions of the ruleset identifies malicious behavior of one or more security attacks, and wherein execution of the code instructions of the ruleset further accesses one or more third data objects associated with respective entities to identify the malicious behavior associated with respective entities, the one or more third data objects comprising at least one of IP address data, proxy data, user login data, malware data, virtual private network data, hostname data, data associated with computing device behavior, or network data, and wherein the ruleset is associated with a ruleset access control list, the ruleset access control list indicating respective one or more entities permissioned to receive the ruleset; andshare the ruleset with respective entities based at least in part on the ruleset access control list.