US 12,452,296 B1
Systems and methods for real-time detection and mitigation of malicious electronic communications
Joshua Kamdjou, Washington, DC (US); Ian Thiel, Brooklyn, NY (US); and Ross Wolf, Denver, CO (US)
Assigned to Sublime Security, Inc., Washington, DC (US)
Filed by Sublime Security, Inc., Washington, DC (US)
Filed on Jul. 7, 2025, as Appl. No. 19/261,636.
Claims priority of provisional application 63/757,898, filed on Feb. 13, 2025.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1441 (2013.01) [H04L 63/1416 (2013.01)] 30 Claims
OG exemplary drawing
 
1. A computer-implemented method for real-time detection and mitigation of malicious electronic communications, the method comprising:
at a threat detection and response service:
detecting, in real-time, an electronic communication transmitted to a message storage repository monitored by the threat detection and response service;
retrieving, by one or more computers, unstructured message data of the electronic communication in response to detecting the transmission of the electronic communication to the message storage repository;
transforming, by the one or more computers, the unstructured message data of the electronic communication into a structured message data object interpretable by the threat detection and response service, wherein transforming the unstructured message data of the electronic communication into the structured message data object includes:
instantiating a message data object based on a message data model schema defined by the threat detection and response service for representing electronic communications of a target type,
extracting, from the unstructured message data of the electronic communication, a plurality of message components specified by the message data model schema, and
populating, within the message data object, the plurality of message components in accordance with the message data model schema to create the structured message data object corresponding to the electronic communication;
assessing, by the one or more computers, the structured message data object that corresponds to the electronic communication against (i) a set of subscriber-agnostic threat detection instructions provided by the threat detection and response service and (ii) a set of subscriber-specific threat detection instructions created by a subscribing entity that controls the message storage repository;
automatically detecting, by the one or more computers, the electronic communication as malicious based on the assessment of the structured message data object of the electronic communication against the set of subscriber-agnostic threat detection instructions and the set of subscriber-specific threat detection instructions; and
executing, in real-time, a threat mitigation action that mitigates a security threat associated with the electronic communication in response to detecting the electronic communication as malicious.