| CPC H04L 63/1441 (2013.01) [H04L 63/1433 (2013.01); H04L 2463/146 (2013.01)] | 19 Claims |
|
1. A method for autonomous security enhancement of a tenant network via a managed security service provider (MSSP) server comprising a processor and a memory, with information from a plurality of data sources, the method comprising:
querying, via the processor, a database or server, upon an encounter with an indicator of compromise (IoC) by a security system, to identify data sources of a plurality of data sources, wherein the data sources comprise references to the IoC;
generating, via the processor, based on an output of the querying, an IoC threat score for the IoC, wherein the generating comprises:
identifying, for each data source of the data sources, an IoC threat value provided by the data source;
assigning, for each data source of the data sources, a multiplier to the IoC threat value provided by the data source to produce an adjusted IoC threat value, wherein the multiplier is based on a reliability score associated with the data source; and
normalizing adjusted IoC threat values from the data sources to output the IoC threat score;
generating, via the processor, at least one actionable security enhancement notification based on the IoC threat score; and
displaying, via a user interface, the IoC threat score and the actionable security enhancement notification to a user, allowing triggering or disabling of at least one action in the at least one actionable security enhancement notification, the at least one action based on the IoC threat score.
|