Abstract: A cyber security protection system includes a plurality of threat information updating devices; and a proactive suspicious domain alert system, which including: a domain information monitoring device; a domain information storage device; and a security threat analysis device, arranged to operably communicate data with the plurality of threat information updating devices through a network. If the domain information monitoring device detects that a domain mapping of a suspect domain is changed and the new domain mapping of the suspect domain points to a predetermined local address, the domain information monitoring device would further monitor a domain mapping variation frequency of the suspect domain. If the domain mapping variation frequency of the suspect domain exceeds a predetermined value, the security threat analysis device adds the suspect domain into an alert list to render the plurality of threat information updating devices to block their member devices from accessing the suspect domain.

Abstract: A cyber security protection system includes a plurality of threat information updating devices; and a proactive suspicious domain alert system, which including: a domain information monitoring device, arranged to operably inspect domain ages of suspect domains; a domain information storage device; and a security threat analysis device, arranged to operably communicate data with the plurality of threat information updating devices through a network. Before the domain age of a suspect domain reaches a first threshold value, if the plurality of threat information updating devices discovers that an member device within a plurality of client network systems is trying to access the suspect domain, the security threat analysis device adds the suspect domain into an alert list to render the plurality of threat information updating devices to block member devices within the plurality of client network systems from accessing the suspect domain.

Abstract: A cyber security protection system includes a plurality of threat information updating devices; and a proactive suspicious domain alert system, which including: a domain information monitoring device; a domain information storage device; and a security threat analysis device, arranged to operably communicate data with the plurality of threat information updating devices through a network. If the domain information monitoring device detects that a domain mapping of a suspect domain is changed and the new domain mapping of the suspect domain points to a predetermined local address, the domain information monitoring device would further monitor a domain mapping variation frequency of the suspect domain. If the domain mapping variation frequency of the suspect domain exceeds a predetermined value, the security threat analysis device adds the suspect domain into an alert list to render the plurality of threat information updating devices to block their member devices from accessing the suspect domain.

Abstract: A cyber security protection system includes a plurality of threat information updating devices; and a proactive suspicious domain alert system, which including: a domain information monitoring device, arranged to operably inspect domain ages of suspect domains; a domain information storage device; and a security threat analysis device, arranged to operably communicate data with the plurality of threat information updating devices through a network. Before the domain age of a suspect domain reaches a first threshold value, if the plurality of threat information updating devices discovers that an member device within a plurality of client network systems is trying to access the suspect domain, the security threat analysis device adds the suspect domain into an alert list to render the plurality of threat information updating devices to block member devices within the plurality of client network systems from accessing the suspect domain.