Message platform for automated threat simulation, reporting, detection, and remediation
摘要
說明書
The interdiction module can have threshold scores which must be met prior to automatic quarantining of messages occurs. Two such thresholds that can be used are sender credibility score and reporter reputation score. If the credibility score of the sender is above a set threshold, or the reporter reputation score is below a threshold (these thresholds can be the same or different values), automatic quarantining of messages is not activated. If, however, either threshold condition is met, messages can be quarantined. Alternatively, combinations of these two scores or other inputs, such as number of users who have reported the message, can be used to determine if automatic quarantining of messages should be effected based upon reporting of a message.
Information Sharing
The system can be configured to share rules and/or recipes with other installations of the system. In some embodiments, the system can communicate rules and/or recipes created at an installation to a centralized review facility. The centralized review facility can then communicate the rules to any number of other installations. In some cases, the centralized review facility can perform automated or manual quality assurance on the rules before communicating them to other installations.
In some embodiments, each external database can be considered a user. An external database can have trust and/or credibility scores related with it as well, similar to the reporter reputation scores for individuals. This allows the management console module to weigh the input it receives from the individual users from within the organization as well as the information from external sources. A database can have an overall score based upon who owns or runs it, such one run and developed by SANS? or Norton? can have a higher score associated with it than one developed by community users.
