Cisco Systems, Inc.
Malicious content detection with retrospective reporting

Abstract:

A server obtains security intelligence data used for classifying whether data associated with user activity in a network is undesirable, and classifies the data based on the security intelligence data. The server provides an initial classifying result of the data to a device associated with the data. At a subsequent time, the server obtains updated security intelligence data and re-classifies whether the first data is undesirable based on the updated security intelligence data. Responsive to a determination that the initial classifying result is changed based on the re-classifying, the server provides an updated classifying result to the device associated with the data.