US 11,809,554 B2
Systems and methods for intelligent cyber security threat detection and intelligent verification-informed handling of cyber security events through automated verification workflows
Peter Silberman, Rockville, MD (US); Jonathan Hencinski, Herndon, VA (US); Dan Whalen, Herndon, VA (US); and Roger Studner, Herndon, VA (US)
Assigned to Expel, Inc., Herndon, VA (US)
Filed by Expel, Inc., Herndon, VA (US)
Filed on Dec. 2, 2022, as Appl. No. 18/074,186.
Application 18/074,186 is a continuation of application No. 17/671,881, filed on Feb. 15, 2022, granted, now 11,550,907.
Claims priority of provisional application 63/159,895, filed on Mar. 11, 2021.
Prior Publication US 2023/0108834 A1, Apr. 6, 2023
Int. Cl. H04L 29/06 (2006.01); G06F 21/55 (2013.01)
CPC G06F 21/554 (2013.01) [G06F 2221/034 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A method for verification-informed handling of cybersecurity activity, the method comprising:
at a cybersecurity event detection and response service:
attributing, by one or more computers, a service-computed threat severity level to a target cybersecurity event;
constructing, by the one or more computers, a cybersecurity threat verification communication based at least on the service-computed threat severity level, wherein the cybersecurity threat verification communication includes:
(a) one or more pieces of threat-informative content based on data associated with the target cybersecurity event;
(b) a first selectable interface object that, when selected, provides an indication that the target cybersecurity event relates to a cybersecurity incident; and
(c) a second selectable interface object that, when selected, provides an indication that the target cybersecurity event relates to a valid cybersecurity event;
selectively identifying a communication transmission destination for the cybersecurity threat verification communication from a plurality of distinct communication transmission destinations based on a subscriber-defined cybersecurity policy and the threat severity level, wherein the subscriber-defined cybersecurity policy defines a distinct communication transmission destination of the plurality of distinct transmission destinations for each of distinct threat severity level of a plurality of distinct service-computed threat severity levels;
transmitting, by the one or more computers, the cybersecurity threat verification communication based on the construction of the cybersecurity threat verification communication and the identification of the communication transmission destination;
updating, by the one or more computers, a threat severity level of the target cybersecurity event based on identifying an input selecting the first selectable interface object or the second selectable interface object of the cybersecurity threat verification communication; and
routing the target cybersecurity event to one of:
a cybersecurity threat escalation route of the cybersecurity event detection and response service based on identifying the input selecting the first selectable interface object, the cybersecurity threat escalation route comprising a cybersecurity incident queue; and
a cybersecurity threat de-escalation route of the cybersecurity event detection and response service based on identifying the input selecting the second selectable interface object, the cybersecurity threat de-escalation route comprising a cybersecurity event disposal queue.