公开(公告)号：US09338181B1

公开(公告)日：2016-05-10

申请号：US14198383

申请日：2014-03-05

Applicant: NETFLIX, INC.

Inventor： William D. Burns ,  Rob Fry

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

Abstract: A data processing method comprising obtaining a plurality of computer network security threat feeds from two or more computer threat detection systems; based upon computer network attack information in the computer network security threat feeds, determining a threat score that represents a severity of an actual or suspected attack on a particular host in a computer network; obtaining an asset value for the particular host that indicates a worth of the particular host, and updating the threat score based upon the asset value; mapping the updated threat score to one of a plurality of remediation actions, wherein a first remediation action is mapped when the updated threat score is low and a second, different remediation action is mapped when the updated threat score is high; based upon the updated threat score and the mapping, selecting and automatically performing one of the plurality of remediation actions on the particular host; wherein the method is performed by one or more special-purpose computing devices.

Abstract translation: 一种数据处理方法，包括从两个或更多个计算机威胁检测系统获得多个计算机网络安全威胁馈送; 基于计算机网络安全威胁馈送中的计算机网络攻击信息，确定表示计算机网络中特定主机的实际或可疑攻击的严重性的威胁分数; 为特定主机获得指示特定主机价值的资产价值，并根据资产价值更新威胁分数; 将更新的威胁分数映射到多个修复动作中的一个，其中当更新的威胁分数低时映射第一修复动作，并且当更新的威胁分数较高时映射第二不同的补救动作; 基于所述更新的威胁分数和所述映射，在所述特定主机上选择并自动执行所述多个修复动作中的一个; 其中所述方法由一个或多个专用计算设备执行。