CPC H04L 63/205 (2013.01) | 20 Claims |
1. A system for updating cybersecurity enforcement rules in real-time over disparate computer networks, the system comprising:
one or more processors; and
a non-transitory, computer-readable storage medium storing instructions, which when executed by the one or more processors cause the one or more processors to perform operations comprising:
receiving a real-time data stream, the real-time data stream comprising a near-continuous series of real-time communications requiring cybersecurity verification;
routing the real-time data stream to a first queue associated with a first rule repository, wherein the first rule repository comprises a complete rule set for addressing known cybersecurity incidents, and wherein the near-continuous series of real-time communications is processed using the first rule repository;
querying a remote data source for rule updates based on a first criterion;
determining, based on results of querying the remote data source, that the rule updates are available;
in response to determining that the rule updates are available, retrieving a second rule repository, wherein the second rule repository comprises a revised complete rule set for addressing the known cybersecurity incidents;
while the second rule repository is being retrieved, continuing to process the near-continuous series of real-time communications within the first queue using the first rule repository;
verifying that the second rule repository has been received;
in response to verifying that the second rule repository has been received, switching routing of the real-time data stream to a second queue associated with the second rule repository;
in response to switching routing of the real-time data stream to the second queue, processing a first portion of the near-continuous series of real-time communications in the first queue with the first rule repository and, a second portion of the near-continuous series of real-time communications in the second queue using the second rule repository;
determining that the first portion of the near-continuous series of real-time communications has been processed; and
in response to determining that the first portion of the near-continuous series of real-time communications has been processed, setting a flag on the first rule repository that disables the first rule repository.
|