Qualys has filed a patent for a system that tests the security of digital assets. The system uses a decision tree and multiple security engines to determine a security threat parameter for the asset. This parameter can then be used to prioritize remediation steps to mitigate against potential attacks. GlobalData’s report on Qualys gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on Qualys, network threat detection was a key innovation area identified from patents. Qualys's grant share as of June 2023 was 1%. Grant share is based on the ratio of number of grants to total number of patents.
A system for testing security objects using a decision tree
A recently filed patent (Publication Number: US20230205888A1) describes a system that utilizes decision trees and security engines to test and determine the security threat level of digital assets. The system includes one or more computing system processors and memory that stores multiple security engines and instructions. When executed by the processors, these instructions allow the system to access a decision tree, which consists of a first node and several second nodes. The second nodes include a first leaf node and a second leaf node.
The system links the first leaf node to a first security engine and the second leaf node to a second security engine. It then receives a security object, which is a digital asset that can be attacked using one or more attack execution operations. The system tests the security object using the decision tree to determine a security threat parameter. This testing involves various actions, such as checking if the security object is associated with a blacklist of denied access objects, classifying malware samples, assigning reputation parameters, and determining threat attribute data.
The digital asset of the security object can include files, file hashes, network internet protocols, universal resource locators, domain names, domain objects, file registries, or mutex objects. Mutex objects are mechanisms that serialize access to a resource or manage resource sharing among multiple program threads.
The system can categorize malware samples into threat categories based on textual or binary patterns of the security object. It can also generate risk parameters using the security engines and designate the higher magnitude risk parameter as part of the security threat parameter.
The threat attribute data associated with the security object includes information about threat actors, malware data, security tools used, and user data. Additionally, the system can include sub-engines linked to the second leaf node, which perform additional tests on the security object after the first security engine.
The decision tree is structured based on threat data derived from threat-actor behavior, security reports, and the threat attribute data. The resulting security threat parameter is used to prioritize remediation steps for mitigating the attack execution operations associated with the digital asset.
Overall, this patent describes a system that utilizes decision trees and security engines to effectively test and determine the security threat level of digital assets, allowing for efficient mitigation of potential attacks.