Automated Internet Threat Detection and Mitigation System and Associated Methods

摘要

A risk assessment and managed security system for network users provides security services for dealing with formidable cyber threats, malware creations and phishing techniques. Automated solutions in combination with human-driven solutions establish an always-alert positioning for incident anticipation, mitigation, discovery and response. A proactive, intelligence-driven and customized approach is taken to protect network users. Assessments of threats are made before and after a breach. Cyber threats are identified in advance of a resulting network problem, and automated analysis locates the threats and stops them from having an adverse effect. Humans can focus on the high-level view, instead of looking at every single potential problem area. Troubling patterns may be reviewed within the network environment to identify issues. Cyber analysis is conducted to provide a baseline over time via statistically proven, predictive models that anticipate vulnerabilities brought on by social-media usage, Web surfing and other behaviors that invite risk.

主权项

1. A computer-implemented system for automated internet threat detection and mitigation, the system comprising:
a centralized database; a customer database operable with the centralized database; a threat Intelligence subsystem for receiving intelligence data from a plurality of external intelligence sources; an analytics subsystem communicating with the threat intelligence subsystem for tracking accuracy and relevance of the intelligence data, wherein suspicious patterns are transmitted to the centralized database for use by automatic query security tools in a customer network environment; a data gathering subsystem for gathering public data from a plurality of website sources sufficient for providing context for the analytics subsystem; and a portal subsystem comprising at least one of an analyst portal and a customer portal, wherein:
the analyst portal allows analysts to query the customer database and incidents detected resulting from patterns from the threat intelligence segment, the analyst portal further tracks various metrics of analyst performance and provides feedback to the system; andthe customer portal operable for allowing the customer to view the analyst performance metrics as well as customize threat intelligence feeds, local security tools, and descriptions of the customer environment and customer assets, and wherein the customer portal provides information feedback for the system.