IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11704405 B1

PDFFull Text
Date of Patent:
Jul. 18, 2023

Filed:

Dec. 01, 2021

Techniques for sharing network security event information

Applicant:

Servicenow, Inc., Santa Clara, CA (US);

Inventors:

Richard Reybok, Fremont, CA (US);

Andreas Seip Haugsnes, Mountain View, CA (US);

Kurt Joseph Zettel, II, Nashville, TN (US);

Jeffrey Rhines, San Antonio, TX (US);

Henry Geddes, Corte Madera, CA (US);

Volodymyr Osypov, Mountain View, CA (US);

Scott Lewis, Sunnyvale, CA (US);

Sean Brady, Bedford, NH (US);

Mark Manning, Redwood City, CA (US);

Assignee:

ServiceNow, Inc., Santa Clara, CA (US);

Attorney:

Fletcher Yoder PC

Primary Examiner:

William S Powers

Int. Cl.
CPC ...
G06F 21/55 (2013.01); H04L 9/40 (2022.01);
U.S. Cl.
CPC ...
G06F 21/552 (2013.01); H04L 63/145 (2013.01);
Abstract

This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

Find Patent Forward Citations

Loading…