REDUCTION OF FALSE POSITIVE REPUTATIONS THROUGH COLLECTION OF OVERRIDES FROM CUSTOMER DEPLOYMENTS
An automated arrangement for reducing the occurrence and/or minimizing the impact of false positives by a reputation service is provided in which overrides for a reputation of an adversary are reported to a reputation service from security devices, such as unified threat management systems, deployed...
Gespeichert in:
Hauptverfasser: | , |
---|---|
Format: | Patent |
Sprache: | eng ; fre ; ger |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | An automated arrangement for reducing the occurrence and/or minimizing the impact of false positives by a reputation service is provided in which overrides for a reputation of an adversary are reported to a reputation service from security devices, such as unified threat management systems, deployed in enterprise or consumer networks. An override is typically performed by an administrator at a customer network to allow the security device to accept traffic from, or send traffic to a given IP address or URL. Such connectivity is allowed-even if such objects have a blacklisted reputation provided by a reputation service-in cases where the administrator recognizes that the blacklisted reputation is a false positive. The reputation service uses the reported overrides to adjust the fidelity (i.e., a confidence level) of that object's reputation, and then provides an updated reputation, which reflects the fidelity adjustment, to all the security devices that use the reputation service. |
---|