Jess P Parnell

US Patent:

20230095306, Mar 30, 2023

Filed:

Dec 5, 2022

Appl. No.:

18/075121

Inventors:

- Portsmouth NH, US
Peter Geremia - Portsmouth NH, US
Richard Goodwin - York ME, US
Sean Moore - Hollis NH, US
Vincent Mutolo - Portsmouth NH, US
Jess P. Parnell - Grayson GA, US
Jonathan R. Rogers - Hampton Falls NH, US

International Classification:

H04L 9/40

Abstract:

A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses. The present disclosure describes incident logging, in which a single incident log efficiently incorporates the logs of the many flows that comprise the incident, thereby potentially reducing resource consumption while improving the informational/cyberanalytical value of the incident log for cyberanalysis when compared to the component flow logs. Incident logging vs. flow logging can be automatically and adaptively switched on or off depending on the combination of resource consumption and informational/cyberanalytical value.

US Patent:

20200106742, Apr 2, 2020

Filed:

May 8, 2019

Appl. No.:

16/406311

Inventors:

- Portsmouth NH, US
Jess Parnell - Grayson GA, US
Jonathan R. Rogers - Hampton Falls NH, US

International Classification:

H04L 29/06
H04L 12/26

Abstract:

Methods and systems are disclosed for integrating cyber threat intelligence (CTI), threat metadata, and threat intelligence gateways with analysis systems to form efficient and effective system for active, proactive, and reactive network protection. A network gateway may be composed of multiple stages. A first stage may include a threat intelligence gateway (TIG). A second stage may include one or more cyber analysis systems that ingest TIG-filtered communications and associated threat metadata signals. A third stage may include network protection logic that determines which protective actions. The gateway may be provisioned and configured with rules that specify the network protection policies to be enforced. The gateway may ingest all communications flowing between the protected network and the unprotected network.

US Patent:

20190012456, Jan 10, 2019

Filed:

Jul 9, 2018

Appl. No.:

16/030354

Inventors:

- Portsmouth NH, US
Jonathan R. Rogers - Hampton Falls NH, US
Jess Parnell - Grayson GA, US
Zachary Ehnerd - Atlanta GA, US

International Classification:

G06F 21/55
G06N 99/00

Abstract:

A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities. In order to improve the efficiency of the workflow process, tasks in the queue are ordered by the likelihood, or probability, that cyberanalysts will determine the associated threat events to be reportable findings; thus, high-likelihood events are investigated first likelihoods are computed using human-designed algorithms and machine-learned algorithms that are applied to characteristics of the events. Low-likelihood events may be dropped from the work queue to further improve efficiency.