Information security threat identification, analysis, and management

Abstract

A method and systems for information security threat identification, management, and analysis, including identifying and managing threats posed by senders of unsolicited e-mail, pirates, hackers, and virus-spreaders. Methods are provided for identifying and facilitating legal action against a sender of unsolicited e-mail. A secure evidence repository can be used for storing copies of and information regarding unsolicited e-mails in a forensically sound manner. A relational knowledge database can be used for storing copies of and information regarding unsolicited e-mails such that the information can be queried, manipulated, or analyzed.

Description

COPYRIGHT NOTICE [0001] A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever. BACKGROUND OF THE INVENTION [0002] This invention relates in general to information security, and in particular to systems and methods for internet threat identification, analysis, management, and prevention along with a system and method to monetize the same. [0003] The importance of information security threat identification, analysis, management, and prevention has grown dramatically in recent years and continues to expand. For example, with the increasing use of the Internet and electronic communication, such as e-mail, for business, personal, and entertainment purposes, efficient, safe, accura...

AI Technical Summary

Benefits of technology

[0023] In another embodiment, the invention provides a method for facilitating obtaining information regarding unsolicited e-mails. The method includes one or more computers associated with a first entity sending copies of received unsolicited e-mails through a secure channel for storage in a secure database. The method further includes storing copies of the unsolicited e-mails in a knowledge database, the knowledge database being a relational database. The method further includes allowing querying of the relational database to obtain information regarding the unsolicited e-mails.

Problems solved by technology

Without such communications, tremendous economic and other damage can result, and the utility of electronic communication is compromised.

Spam, piracy, hacking, and virus spreading, for example, represent important and growing threats.

Unsolicited bulk e-mails, or “UBEs”, can cause serious loss in many ways.

In the business context, one type of UBE, unsolicited email (UCE or “spam”) is distracting, annoying, wastes workers' time, and reduces productivity.

It can clog or slow down networks, and spread computer viruses and pornography, leading to further complications and losses.

Excessive UBEs may lead to workers disregarding actual solicited e-mail.

UBEs, in addition to their sharp negative effect in a business context, can also have dramatic negative consequences in a social context.

Sources of UBEs often prey on children and other susceptible groups, scamming them or threatening their safety and privacy.

For example, spam from phony or disreputable drug companies may induce individuals to purchase vital drugs, under false pretenses or claims about the nature, source, or other critical information about the drug that they are purchasing, at great peril to the purchasers and great profit to the scamming company.

Other problems caused by UBEs include identity theft, fraudulent advertising, digital piracy, counterfeit products, diverted products, malicious code (virus / trojan) distribution, and digital entertainment piracy.

Such systems suffer from a variety of deficiencies.

Blocking or filtering spam can be ineffective, since spammers can often easily find ways to avoid or get around the filter, or find another or different way in to a network or computer.

Companies or entities that suffer loss or damage as a result of spam are often without practical recourse, as the spammers often obscure or hide their real identity.

With such spam, even though the image appears to the eye to contain text that may be searched for by a filter, the filter misses the spam because the image contains no electronically formatted text to detect.

Additionally, such spam may use a chain of URLs to lead to the image, and the URL causing the image to be displayed can be disabled shortly after the spam is sent, which can make tracking of the source difficult.

Related problems exist in the computer piracy content.

Some systems are available which provide limited internal, civil, or governmental enforcement actions against perceived sources of threats.

However, these system have many drawbacks.

There is no process in the art for gathering large volumes of reliable, court admissible evidence regarding infringing email activity.

There is no mechanism for efficiently associating evidence with a refined list of threat sources.

Prior art systems are manually intensive especially with regard to evidence / intelligence aggregation, association and presentation.

There is also no method for qualifying and quantifying threats posed by a particular activity source.

UBEs are presently costing large companies tens of millions of dollars each year.

A single source may be responsible for great damage from spamming, even though the identity of the source may not obvious, and much apparently unrelated spamming all may originate from an individual source.

Images