CA2526759A1 - Event monitoring and management - Google Patents
Event monitoring and management Download PDFInfo
- Publication number
- CA2526759A1 CA2526759A1 CA002526759A CA2526759A CA2526759A1 CA 2526759 A1 CA2526759 A1 CA 2526759A1 CA 002526759 A CA002526759 A CA 002526759A CA 2526759 A CA2526759 A CA 2526759A CA 2526759 A1 CA2526759 A1 CA 2526759A1
- Authority
- CA
- Canada
- Prior art keywords
- program product
- computer program
- network
- agent
- reporting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Abstract
Described are techniques used in monitoring the performance, security and health of a system used in an industrial application. Agents included in the industrial network report data to an appliance or server. The appliance stores the data and determines when an alarm condition has occurred. Notifications are sent upon detecting an alarm condition. The alarm thresholds may be user defined. A threat thermostat controller determines a threat level used to control the connectivity of a network used in the industrial application.
Claims (174)
1. A method for controlling connectivity in a network comprising:
receiving one or more inputs;
determining a threat level indicator in accordance with said one or more inputs;
and selecting, for use in said network, a firewall configuration in accordance with said threat level indicator.
receiving one or more inputs;
determining a threat level indicator in accordance with said one or more inputs;
and selecting, for use in said network, a firewall configuration in accordance with said threat level indicator.
2. The method of Claim 1, wherein said firewall configuration is selected from a plurality of firewall configurations each associated with a different threat level indicator.
3. The method of Claim 2, wherein a first firewall configuration associated with a first threat level indicator provides for more restrictive connectivity of said network than a second firewall configuration associated with a second threat level indicator when said first threat level indicator is a higher threat level than said second threat level indicator.
4. The method of Claim 3, wherein, a firewall configuration associated with a highest threat level indicator provides for disconnecting said network from all other less-trusted networks.
5. The method of Claim 4, wherein said disconnecting includes physically disconnecting said network from other networks.
6. The method of Claim 4, wherein said network is reconnected to said less trusted networks when a current threat level is a level other than said highest threat level indicator.
7. The method of Claim 1, further comprising:
automatically loading said firewall configuration as a current firewall configuration in use in said network.
automatically loading said firewall configuration as a current firewall configuration in use in said network.
8. The method of Claim 1, wherein said one or more inputs includes at least one of: a manual input, a metric about a system in said network, a metric about said network, a derived value determined using a plurality of weighted metrics including one metric about said network, a derived value determined using a plurality of metrics, and an external source from said network.
9. The method of Claim 8, wherein, if said manual input is specified, said manual input determines the threat level indicator overriding all other indicators.
10. The method of Claim 8, wherein said plurality of weighted metrics includes a metric about at least one of: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a high level of privileges.
11. The method of Claim 10, wherein said high level of privileges corresponds to one of: administrator privileges and root user privileges.
12. The method of Claim 1, wherein said selecting additionally selects one or more of the following: an antivirus configuration, an intrusion prevention configuration, and an intrusion detection configuration.
13. A computer program product for controlling connectivity in a network comprising code that:
receives one or more inputs;
determines a threat level indicator in accordance with said one or more inputs;
and selects, for use in said network, a firewall configuration in accordance with said threat level indicator.
receives one or more inputs;
determines a threat level indicator in accordance with said one or more inputs;
and selects, for use in said network, a firewall configuration in accordance with said threat level indicator.
14. The computer program product of Claim 13, wherein said firewall configuration is selected from a plurality of firewall configurations each associated with a different threat level indicator.
15. The computer program product of Claim 14, wherein a first firewall configuration associated with a first threat level indicator provides for more restrictive connectivity of said network than a second firewall configuration associated with a second threat level indicator when said first threat level indicator is a higher threat level than said second threat level indicator.
16. The computer program product of Claim 15, wherein, a firewall configuration associated with a highest threat level indicator provides for disconnecting said network from all other less-trusted networks.
17. The computer program product of Claim 16, wherein said code that disconnects includes physically disconnecting said network from other networks.
18. The computer program product of Claim 16, wherein said network is reconnected to said less trusted networks when a current threat level is a level other than said highest threat level indicator.
19. The computer program product of Claim 13, further comprising code that:
automatically loads said firewall configuration as a current firewall configuration in use in said network.
automatically loads said firewall configuration as a current firewall configuration in use in said network.
20. The computer program product of Claim 13, wherein said one or more inputs includes at least one o~ a manual input, a metric about a system in said network, a metric about said network, a derived value determined using a plurality of weighted metrics including one metric about said network, a derived value determined using a plurality of metrics, and an external source from said network.
21. The computer program product of Claim 20, wherein, if said manual input is specified, said manual input determines the threat level indicator overriding all other indicators.
22. The computer program product of Claim 20, wherein said plurality of weighted metrics includes a metric about at least one of: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a high level of privileges.
23. The computer program product of Claim 22, wherein said high level of privileges corresponds to one of administrator privileges and root user privileges.
24. The computer program product of Claim 13, wherein said code that selects additionally selects one or more of the following: an antivirus configuration, an intrusion prevention configuration, and an intrusion detection configuration.
25. A method of event reporting by an agent comprising:
receiving data;
determining if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting;
reporting said first occurrence of an event if said determining determines said data indicates said first occurrence; and reporting a summary including said metric in a periodic report at a first point in time.
receiving data;
determining if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting;
reporting said first occurrence of an event if said determining determines said data indicates said first occurrence; and reporting a summary including said metric in a periodic report at a first point in time.
26. The method of Claim 25, wherein said reporting of said first occurrence and said reporting of said summary are performed without a request for a report.
27. The method of Claim 25, wherein data for said reporting of said first occurrence and said reporting of said summary are performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
28. The method of Claim 27, wherein said reporting of said first occurrence and said summary further comprising:
opening a communication connection;
sending data to said reporting destination; and closing said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
opening a communication connection;
sending data to said reporting destination; and closing said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
29. The method of Claim 28, wherein said communication connection is a TCP
or UDP socket.
or UDP socket.
30. The method of Claim 25, wherein said periodic report includes a summary of a selected set of one or more data sources and associated values for a time interval since a last periodic report was sent to a reporting destination.
31. The method of Claim 30, wherein said selected set of one or more metrics is a first level of reporting information and said periodic report includes a second level of reporting information used to perform one at least one of the following:
determine a cause of a problem, and take a corrective action to a problem.
determine a cause of a problem, and take a corrective action to a problem.
32. The method of Claim 25, wherein said reporting of said first occurrence and said summary includes transmitting messages from said agent to a reporting destination, each of said messages being a fixed maximum size.
33. The method of Claim 32, wherein a time interval at which said periodic report is sent by said agent and data included in each of said messages are determined in accordance with at least one of: resources available on a computer system and a network in which said agent is included.
34. The method of Claim 33, wherein said agent executes on a first computer system and reports data to another computer system.
35. The method of Claim 31, further comprising:
monitoring a log file; and extracting said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.
monitoring a log file; and extracting said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.
36. The method of Claim 28, wherein said agent transmits an XML
communication to said reporting destination using said communication connection.
communication to said reporting destination using said communication connection.
37. The method of Claim 25, wherein a threshold is specified for an amount of data that said agent can report in a fixed reporting interval, said threshold being equal to or greater than a fixed maximum size for each summary report sent by said agent.
38. The method of Claim 25, wherein a report sent for any of said reporting includes an encrypted checksum preventing modifications of said report while said report is being communicated from an agent to a receiver in a network.
39. The method of Claim 25, wherein said reporting is performed by an agent that sends a report, said report including one of: a timestamp which increases with time duration, and a sequence number which increases with time duration, used by a receiver of said report.
40. The method of Claim 39, wherein said receiver uses said one of said timestamp or said sequence number in authenticating a report received by said receiver as being sent by said agent, said receiver processing received reports having said one of a timestamp or sequence number which is greater than another one of a timestamp or sequence number associated with a last report received from said agent.
41. The method of Claim 31, wherein said second level of reporting information identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
42. A method of event reporting by an agent comprising:
receiving data;
determining if said data corresponds to an event of interest associated with at least one security metric; and sending a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection.
receiving data;
determining if said data corresponds to an event of interest associated with at least one security metric; and sending a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection.
43. The method of Claim 42, wherein said agent only sends data on said one-way communication connection to said reporting destination without reading any communication from said communication connection.
44. The method of Claim 42, wherein said report includes at least one performance metric in accordance with said data received.
45. A method of event reporting by an agent comprising:
receiving data;
determining if said data indicates a security event of interest; and reporting a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval.
receiving data;
determining if said data indicates a security event of interest; and reporting a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval.
46. The method of Claim 45, wherein said reporting of said summary is performed without a request for a report.
47. The method of Claim 45, wherein data for said reporting of said summary is performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
48. The method of Claim 47, wherein said reporting of said summary further comprises:
opening a communication connection;
sending data to a said reporting destination; and closing said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
opening a communication connection;
sending data to a said reporting destination; and closing said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
49. The method of Claim 48, wherein said communication connection is a TCP
or UDP socket.
or UDP socket.
50. The method of Claim 48, wherein said agent transmits an XML
communication to said reporting destination using said communication connection.
communication to said reporting destination using said communication connection.
51. The method of Claim 25, wherein said reporting of said summary includes transmitting periodic messages from said agent to a reporting destination, each of said message having a fixed maximum size.
52. A computer program product for event reporting by an agent comprising code that:
receives data;
determines if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting;
reports said first occurrence of an event if said code that determines that said data indicates said first occurrence; and reports a summary including said metric in a periodic report at a first point in time.
receives data;
determines if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting;
reports said first occurrence of an event if said code that determines that said data indicates said first occurrence; and reports a summary including said metric in a periodic report at a first point in time.
53. The computer program product of Claim 52, wherein said code that reports said first occurrence and said code that reports said summary are performed without a request for a report.
54. The computer program product of Claim 52, wherein data for said code that reports said first occurrence and said code that reports said summary are performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
55. The computer program product of Claim 54, wherein at least one of said code that reports said first occurrence and said code that reports said summary further comprise code that:
opens a communication connection;
sends data to said reporting destination; and closes said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
opens a communication connection;
sends data to said reporting destination; and closes said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
56. The computer program product of Claim 55, wherein said communication connection is a TCP or UDP socket.
57. The computer program product of Claim 52, wherein said periodic report includes a summary of a selected set of one or more data sources and associated values for a time interval since a last periodic report was sent to a reporting destination.
58. The computer program product of Claim 57, wherein said selected set of one or more metrics is a first level of reporting information and said periodic report includes a second level of reporting information used to perform one at least one of the following:
determine a cause of a problem, and take a corrective action to a problem.
determine a cause of a problem, and take a corrective action to a problem.
59. The computer program product of Claim 52, wherein said code that reports said first occurrence and said code that reports said summary includes code that transmits messages from said agent to a reporting destination, each of said messages being a fixed maximum size.
60. The computer program product of Claim 59, wherein a time interval at which said periodic report is sent by said agent and data included in each of said messages are determined in accordance with at least one of: resources available on a computer system and a network in which said agent is included.
61. The computer program product of Claim 60, wherein said agent executes on a first computer system and reports data to another computer system.
62. The computer program product of Claim 58, further comprising code that:
monitors a log file; and extracts said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.
monitors a log file; and extracts said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.
63. The computer program product of Claim 55, wherein said agent transmits an XML communication to said reporting destination using said communication connection.
64. The computer program product of Claim 52, wherein a threshold is specified for an amount of data that said agent can report in a fixed reporting interval, said threshold being equal to or greater than a fixed maximum size for each summary report sent by said agent.
65. The computer program product of Claim 52, wherein a report sent for any of said code that reports uses an encrypted checksum preventing modifications of said report while said report is being communicated from an agent to a receiver in a network.
66. The computer program product of Claim 52, wherein said code that reports is performed by an agent that sends a report, said report including one of: a timestamp which increases with time duration; and a sequence number which increases with time duration, used by a receiver of said report.
67. The computer program product of Claim 66, wherein said receiver uses said one of said timestamp or said sequence number in authenticating a report received by said receiver as being sent by said agent, said receiver processing received reports having said one of a timestamp or sequence number which is greater than another one of a timestamp or sequence number associated with a last report received from said agent.
68. The computer program product of Claim 58, wherein said second level of reporting information identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
69. A computer program product for event reporting by an agent comprising code that:
receives data;
determines if said data corresponds to an event of interest associated with at least one security metric; and sends a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection.
receives data;
determines if said data corresponds to an event of interest associated with at least one security metric; and sends a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection.
70. The computer program product of Claim 69, wherein said agent only sends data on said one-way communication connection to said reporting destination without reading any communication from said communication connection.
71. The computer program product of Claim 69, wherein said report includes at least one performance metric in accordance with said data received.
72. A computer program product for event reporting by an agent comprising code that:
receives data;
determines if said data indicates a security event of interest; and reports a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval.
receives data;
determines if said data indicates a security event of interest; and reports a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval.
73. The computer program product of Claim 72, wherein said code that reports said summary is performed without a request for a report.
74. The computer program product of Claim 72, wherein data for said code that reports said summary is performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
75. The computer program product of Claim 74, wherein said code that reports said summary further comprises code that:
opens a communication connection;
sends data to a said reporting destination; and closes said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
opens a communication connection;
sends data to a said reporting destination; and closes said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
76. The computer program product of Claim 75, wherein said communication connection is a TCP or UDP socket.
77. The computer program product of Claim 75, wherein said agent transmits an XML communication to said reporting destination using said communication connection.
78. The computer program product of Claim 52, wherein said code that reports said summary includes code that transmits periodic messages from said agent to a reporting destination, each of said message having a fixed maximum size.
79. A method of event notification comprising:
receiving a first report of a condition;
sending a first notification message about said first report of said condition;
sending a second notification message about said condition at a first notification interval;
receiving subsequent reports at fixed time intervals;
sending a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval.
receiving a first report of a condition;
sending a first notification message about said first report of said condition;
sending a second notification message about said condition at a first notification interval;
receiving subsequent reports at fixed time intervals;
sending a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval.
80. The method of Claim 79, wherein said first report is sent from a reporting agent on a first computer system reporting about one of said first computer system and a network including said first computer system, and said notification messages are sent from a notification server on a second computer system.
81. The method of Claim 79, wherein notification messages are sent to a notification point at successive notification intervals wherein each of said successive notification intervals increases approximately exponentially with respect to an immediately prior notification interval.
82. The method of Claim 80, wherein said condition is associated with an alarm condition and an alarm condition is set when a current level of a metric is not in accordance with a predetermined threshold value.
83. The method of Claim 79, wherein each of said notification messages includes a first level of information about said condition and a second level of information used to perform at least one of the following: determine a cause of said condition, and take a corrective action for said condition.
84. The method of Claim 83, wherein an option is included in a reporting agent to enable and disable reporting of said second level of information to a notification server from said agent sending said first report.
85. The method of Claim 83, wherein an option is used to enable and disable condition notification messages including said second level of information.
86. The method of Claim 82, wherein an alarm condition is associated with a first level alarm and an alarm state of said first level is maintained when a current level of a metric is in accordance with said predetermined threshold value until an acknowledgement of said alarm state at said first level is received by said notification server.
87. The method of Claim 86, wherein said alarm condition transitions to a second level alarm when said current level is not in accordance with said predetermined threshold and another threshold associated with a second level, and said second level alarm is maintained when a current level of a metric is in accordance with one of: said predetermined threshold and said other threshold until acknowledgement of said second level alarm is received by said notification server.
88. The method of Claim 79, wherein reports are sent from a reporting agent executing on a computer system in an industrial network to an appliance included in said industrial network and each of said reports includes events occurring within said industrial network.
89. The method of Claim 82, wherein an alarm condition is determined in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
90. A method of event notification comprising:
receiving a first report of a condition at a reporting destination; and sending a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
receiving a first report of a condition at a reporting destination; and sending a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
91. The method of Claim 90, wherein said summary identifies at least one source associated with an attack, wherein said source is one of a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
92. The method of Claim 90, wherein said summary identifies at least one target associated with an attack, wherein said target is one of a user, a machine, an application, and a port, said percentage indicating a percentage of events associated with said at least one target for a type of attack.
93. The method of Claim 90, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
94. A method of event notification comprising:
receiving report of a potential cyber-attack condition at fixed time intervals; and sending a notification message about said conditions when said conditions exceed a notification threshold.
receiving report of a potential cyber-attack condition at fixed time intervals; and sending a notification message about said conditions when said conditions exceed a notification threshold.
95. The method of Claim 94, wherein a notification threshold is determined using an alarm condition in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
96. The method of Claim 94, wherein said notification message includes a summary of information about events occurring in a fixed time interval, said summary identifying at least one of: a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
97. The method of Claim 96, wherein said summary identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
98. The method of Claim 96, wherein said summary identifies at least one target associated with an attack, wherein said target is one of a user, a machine, an application, and a port, said percentage indicating a percentage of events associated with said at least one target for a type of attack.
99. The method of Claim 96, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
100. A computer program product for event notification comprising code that:
receives a first report of a condition;
sends a first notification message about said first report of said condition;
sends a second notification message about said condition at a first notification interval;
receives subsequent reports at fixed time intervals; and sends a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval.
receives a first report of a condition;
sends a first notification message about said first report of said condition;
sends a second notification message about said condition at a first notification interval;
receives subsequent reports at fixed time intervals; and sends a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval.
101. The computer program product of Claim 100, wherein said first report is sent from a reporting agent on a first computer system reporting about one of:
said first computer system and a network including said first computer system, and said notification messages are sent from a notification server on a second computer system.
said first computer system and a network including said first computer system, and said notification messages are sent from a notification server on a second computer system.
102. The computer program product of Claim 100, wherein notification messages are sent to a notification point at successive notification intervals wherein each of said successive notification intervals increases approximately exponentially with respect to an immediately prior notification interval.
103. The computer program product of Claim 101, wherein said condition is associated with an alarm condition and an alarm condition is set when a current level of a metric is not in accordance with a predetermined threshold value.
104. The computer program product of Claim 100, wherein each of said notification messages includes a first level of information about said condition and a second level of information used to perform at least one of the following:
determine a cause of said condition, and take a corrective action for said condition.
determine a cause of said condition, and take a corrective action for said condition.
105. The computer program product of Claim 104, wherein an option is included in a reporting agent to enable and disable reporting of said second level of information to a notification server from said agent sending said first report.
106. The computer program product of Claim 104, wherein an option is used to enable and disable condition notification messages including said second level of information.
107. The computer program product of Claim 103, wherein an alarm condition is associated with a first level alarm and an alarm state of said first level is maintained when a current level of a metric is in accordance with said predetermined threshold value until an acknowledgement of said alarm state at said first level is received by said notification server.
108. The computer program product of Claim 107, wherein said alarm condition transitions to a second level alarm when said current level is not in accordance with said predetermined threshold and another threshold associated with a second level, and said second level alarm is maintained when a current level of a metric is in accordance with one of: said predetermined threshold and said other threshold until acknowledgement of said second level alarm is received by said notification server.
109. The computer program product of Claim 100, wherein reports are sent from a reporting agent executing on a computer system in an industrial network to an appliance included in said industrial network and each of said reports includes events occurring within said industrial network.
110. The computer program product of Claim 103, wherein an alarm condition is determined in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
111. A computer program product for event notification comprising code that:
receives a first report of a condition at a reporting destination; and sends a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of:
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
receives a first report of a condition at a reporting destination; and sends a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of:
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
112. The computer program product of Claim 111, wherein said summary identifies at least one source associated with an attack, wherein said source is one of a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
113. The computer program product of Claim 111, wherein said summary identifies at least one target associated with an attack, wherein said target is one of: a user, a machine, an application, and a port, said percentage indicating a percentage of events associated with said at least one target for a type of attack.
114. The computer program product of Claim 111, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
115. A computer program product for event notification comprising code that:
receives report of a potential cyber-attack condition at fixed time intervals;
and sends a notification message about said conditions when said conditions exceed a notification threshold.
receives report of a potential cyber-attack condition at fixed time intervals;
and sends a notification message about said conditions when said conditions exceed a notification threshold.
116. The computer program product of Claim 115, wherein a notification threshold is determined using an alarm condition in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about:
a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
117. The computer program product of Claim 115, wherein said notification message includes a summary of information about events occurring in a fixed time interval, said summary identifying at least one of: a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
118. The computer program product of Claim 117, wherein said summary identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
119. The computer program product of Claim 117, wherein said summary identifies at least one target associated with an attack, wherein said target is one of: a user, a machine, an application, and a port, said percentage indicating a percentage of, events associated with said at least one target for a type of attack.
120. The computer program product of Claim 117, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
121. A method for monitoring an industrial network comprising:
reporting first data about a first computer system by a first agent executing on said first computer system in said industrial network, said first computer system performing at least one of: monitoring or controlling a physical process of said industrial network, said first data including information about software used in connection with said physical process.
reporting first data about a first computer system by a first agent executing on said first computer system in said industrial network, said first computer system performing at least one of: monitoring or controlling a physical process of said industrial network, said first data including information about software used in connection with said physical process.
122. The method of Claim 121, further comprising:
reporting second data about communications on a connection between said industrial network and another network by a second agent executing on a second computer system.
reporting second data about communications on a connection between said industrial network and another network by a second agent executing on a second computer system.
123. The method of Claim 122, wherein said second data reported by said second agent is included in an appliance to which said first data is sent.
124. The method of Claim 121, wherein said first agent reports on at least one of:
critical file monitoring, log file for said first computer system, hardware and operating system of said first computer system, password and login, a specific application executing on said computer system wherein said application is in accordance with a particular industrial application of said industrial network.
critical file monitoring, log file for said first computer system, hardware and operating system of said first computer system, password and login, a specific application executing on said computer system wherein said application is in accordance with a particular industrial application of said industrial network.
125. The method of Claim 124, wherein a plurality of agents execute on said first computer system monitoring said first computer system.
126. The method of Claim 125, wherein said plurality of agents includes a master agent and other agents performing a predetermined set of monitoring tasks, said master agent controlling execution of said other agents.
127. The method of Claim 126, wherein said plurality of agents report data at predetermined intervals to one of: an appliance and said second computer system.
128. The method of Claim 127, further comprising performing, by at least one of said plurality of agents:
obtaining data from a data source;
parsing said data;
performing pattern matching on said parsed data to determine events of interest;
recording any events of interest;
reporting any events of interest in accordance with occurrences of selected events in a tune interval;
creating a message including said summary at predetermined time intervals; and encrypting at least one of: said message and a checksum of said message.
obtaining data from a data source;
parsing said data;
performing pattern matching on said parsed data to determine events of interest;
recording any events of interest;
reporting any events of interest in accordance with occurrences of selected events in a tune interval;
creating a message including said summary at predetermined time intervals; and encrypting at least one of: said message and a checksum of said message.
129. The method of Claim 121, wherein said first data includes at least one of the following metrics: a number of open listen connections and a number of abnormal process terminations.
130. The method of Claim 129, wherein, when a number of open listen connections falls below a first level, an event corresponding to a component failure is determined.
131. The method of Claim 129, wherein, when a number of open listen connections is above a second level, an event corresponding to a new component or unauthorized component is determined.
132. The method of Claim 122, wherein said second agent reports on network activity in accordance with a set of rules, said rules including at least one rule indicating that events in a business network are flagged as suspicious in said industrial network.
133. The method of Claim 132, wherein said events include at least one of: an event associated with a web browser, and an event associated with e-mail.
134. The method of Claim 122, wherein said second agent reports on an address binding of a physical device identifier to a network address if the physical device identifier of a component was not previously known, or said network address in the address binding is a reassignment of said network address within a predetermined time period since said network address was last included in an address binding.
135. The method of Claim 122, wherein said second agent reports second data about a firewall, and said second data includes at least one of: a change to a saved firewall configuration corresponding to a predetermined threat level, a change to a current set of firewall configuration rules currently controlling operations between said industrial network and said other network.
136. The method of Claim 135, wherein log files associated with said firewall are stored remotely at a location on said second computer system with log files for said second computer system activity.
137. The method of Claim 122, wherein said second data includes at least one threat assessment from a source external to said industrial network.
138. The method of Claim 137, wherein said second data includes at least one of:
a threat level indicator from a corporate network connected to said industrial network, a threat level indicator from a public network source, and a threat level indicator that is manually input.
a threat level indicator from a corporate network connected to said industrial network, a threat level indicator from a public network source, and a threat level indicator that is manually input.
139. The method of Claim 121, further comprising:
receiving at least said first data by a receiver;
authenticating said first data as being sent by said first agent; and processing, in response to said authenticating, said first data by said receiver.
receiving at least said first data by a receiver;
authenticating said first data as being sent by said first agent; and processing, in response to said authenticating, said first data by said receiver.
140. The method of Claim 139, wherein said authenticating includes at least one of: verifying use of said first agent's encryption key, and checking validity of a message checksum, and using a timestamp or sequence number to detect invalid reports received by said receiver as being sent from said first agent.
141. The method of Claim 121, wherein said reporting is performed in accordance with a threshold size indicates an amount of data that said first agent is permitted to transmit in a fixed periodic reporting interval.
142. A computer program product for monitoring an industrial network comprising code that:
reports first data about a first computer system by a first agent executing on said first computer system in said industrial network, said first computer system performing at least one of: monitoring or controlling a physical process of said industrial network, said first data including information about software used in connection with said physical process.
reports first data about a first computer system by a first agent executing on said first computer system in said industrial network, said first computer system performing at least one of: monitoring or controlling a physical process of said industrial network, said first data including information about software used in connection with said physical process.
143. The computer program product of Claim 142, further comprising code that:
reports second data about communications on a connection between said industrial network and another network by a second agent executing on a second computer system.
reports second data about communications on a connection between said industrial network and another network by a second agent executing on a second computer system.
144. The computer program product of Claim 143, wherein said second data reported by said second agent is included in an appliance to which said first data is sent.
145. The computer program product of Claim 142, wherein said first agent reports on at least one of: critical file monitoring, log file for said first computer system, hardware and operating system of said first computer system, password and login, a specific application executing on said computer system wherein said application is in accordance with a particular industrial application of said industrial network.
146. The computer program product of Claim 145, wherein a plurality of agents execute on said first computer system monitoring said first computer system.
147. The computer program product of Claim 146, wherein said plurality of agents includes a master agent and other agents performing a predetermined set of monitoring tasks, said master agent controlling execution of said other agents.
148. The computer program product of Claim 147, wherein said plurality of agents report data at predetermined intervals to one of: an appliance and said second computer system.
149. The computer program product of Claim 148, further comprising code for performing, by at least one of said plurality of agents:
obtaining data from a data source;
parsing said data;
performing pattern matching on said parsed data to determine events of interest;
recording any events of interest;
reporting any events of interest in accordance with occurrences of selected events in a time interval;
creating a message including said summary at predetermined time intervals; and encrypting at least one of: said message and a checksum of said message.
obtaining data from a data source;
parsing said data;
performing pattern matching on said parsed data to determine events of interest;
recording any events of interest;
reporting any events of interest in accordance with occurrences of selected events in a time interval;
creating a message including said summary at predetermined time intervals; and encrypting at least one of: said message and a checksum of said message.
150. The computer program product of Claim 142, wherein said first data includes at least one of the following metrics: a number of open listen connections and a number of abnormal process terminations.
151. The computer program product of Claim 150, wherein, when a number of open listen connections falls below a first level, an event corresponding to a component failure is determined.
152. The computer program product of Claim 150, wherein, when a number of open listen connections is above a second level, an event corresponding to a new component or unauthorized component is determined.
153. The computer program product of Claim 143, wherein said second agent reports on network activity in accordance with a set of rules, said rules including at least one rule indicating that events in a business network are flagged as suspicious in said industrial network.
154. The computer program product of Claim 153, wherein said events include at least one of: an event associated with a web browser, and an event associated with e-mail.
155. The computer program product of Claim 143, wherein said second agent reports on an address binding of a physical device identifier to a network address if the physical device identifier of a component was not previously known, or said network address in the address binding is a reassignment of said network address within a predetermined time period since said network address was last included in an address binding.
156. The computer program product of Claim 143, wherein said second agent reports second data about a firewall, and said second data includes at least one of: a change to a saved firewall configuration corresponding to a predetermined threat level, a change to a current set of firewall configuration rules currently controlling operations between said industrial network and said other network.
157. The computer program product of Claim 156, wherein log files associated with said firewall are stored remotely at a location on said second computer system with log files for said second computer system activity.
158. The computer program product of Claim 143, wherein said second data includes at least one threat assessment from a source external to said industrial network.
159. The computer program product of Claim 158, wherein said second data includes at least one of: a threat level indicator from a corporate network connected to said industrial network, a threat level indicator from a public network source, and a threat level indicator that is manually input.
160. The computer program product of Claim 142, further comprising code that:
receives at least said first data by a receiver;
authenticates said first data as being sent by said first agent; and processes, in response to said code that authenticates, said first data by said receiver.
receives at least said first data by a receiver;
authenticates said first data as being sent by said first agent; and processes, in response to said code that authenticates, said first data by said receiver.
161. The computer program product of Claim 160, wherein said code that authenticates includes at least one of code that verifies use of said first agent's encryption key and checks validity of a message checksum, and code that uses a timestamp or sequence number to detect invalid reports received by said receiver as being sent from said first agent.
162. The computer program product of Claim 142, wherein said code that reports uses a threshold size indicating an amount of data that said first agent is permitted to transmit in a fixed periodic reporting interval.
163. A method for detecting undesirable messages in a network comprising:
receiving a message in said network;
determining if said message is undesirable in accordance with at least one rule defining an acceptable message in said network; and reporting said message as undesirable if said message is not determined to be in accordance with said at least one rule.
receiving a message in said network;
determining if said message is undesirable in accordance with at least one rule defining an acceptable message in said network; and reporting said message as undesirable if said message is not determined to be in accordance with said at least one rule.
164. The method of Claim 163, further comprising:
defining another rule for use in said determining if an additional message type is determined to be acceptable in said network.
defining another rule for use in said determining if an additional message type is determined to be acceptable in said network.
165. A computer program product for detecting undesirable messages in a network comprising code that:
receives a message in said network;
determines if said message is undesirable in accordance with at least one rule defining an acceptable message in said network; and reports said message as undesirable if said message is not determined to be in accordance with said at least one rule.
receives a message in said network;
determines if said message is undesirable in accordance with at least one rule defining an acceptable message in said network; and reports said message as undesirable if said message is not determined to be in accordance with said at least one rule.
166. The computer program product of Claim 165, further comprising code that:
defines another rule for use in said determining if an additional message type is determined to be acceptable in said network.
defines another rule for use in said determining if an additional message type is determined to be acceptable in said network.
167. A method for performing periodic filesystem integrity checks comprising:
receiving two or more sets of filesystem entries, each set representing a grouping of one or more filesystem entries;
selecting zero or more entries from each set; and performing integrity checking for each selected entry from each set during a reporting period.
receiving two or more sets of filesystem entries, each set representing a grouping of one or more filesystem entries;
selecting zero or more entries from each set; and performing integrity checking for each selected entry from each set during a reporting period.
168. The method of Claim 167, wherein each of said two or more sets correspond to a predetermined classification level.
169. The method of Claim 168, wherein if a first classification level is more important than a second classification level, said first classification level includes less entries than said second classification level.
170. The method of Claim 168, wherein a number of entries from each set is determined in accordance with a level of importance associated with said set.
171. A computer program product for performing periodic filesystem integrity checks comprising code that:
receives two or more sets of filesystem entries, each set representing a grouping of one or more filesystem entries;
selects zero or more entries from each set; and performs integrity checking for each selected entry from each set during a reporting period.
receives two or more sets of filesystem entries, each set representing a grouping of one or more filesystem entries;
selects zero or more entries from each set; and performs integrity checking for each selected entry from each set during a reporting period.
172. The computer program product of Claim 171, wherein each of said two or more sets correspond to a predetermined classification level.
173. The computer program product of Claim 172, wherein if a first classification level is more important than a second classification level, said first classification level includes less entries than said second classification level.
174. The computer program product of Claim 172, wherein a number of entries from each set is determined in accordance with a level of importance associated with said set.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US47708803P | 2003-06-09 | 2003-06-09 | |
US60/477,088 | 2003-06-09 | ||
US10/815,222 | 2004-03-31 | ||
US10/815,222 US7246156B2 (en) | 2003-06-09 | 2004-03-31 | Method and computer program product for monitoring an industrial network |
PCT/US2004/018118 WO2004111785A2 (en) | 2003-06-09 | 2004-06-08 | Event monitoring and management |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2526759A1 true CA2526759A1 (en) | 2004-12-23 |
CA2526759C CA2526759C (en) | 2011-08-16 |
Family
ID=33555439
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2526759A Active CA2526759C (en) | 2003-06-09 | 2004-06-08 | Event monitoring and management |
Country Status (5)
Country | Link |
---|---|
US (4) | US7246156B2 (en) |
EP (1) | EP1636704A4 (en) |
AU (1) | AU2004248605B2 (en) |
CA (1) | CA2526759C (en) |
WO (1) | WO2004111785A2 (en) |
Families Citing this family (597)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8564661B2 (en) * | 2000-10-24 | 2013-10-22 | Objectvideo, Inc. | Video analytic rule detection system and method |
US9892606B2 (en) * | 2001-11-15 | 2018-02-13 | Avigilon Fortress Corporation | Video surveillance system employing video primitives |
US7720727B2 (en) * | 2001-03-01 | 2010-05-18 | Fisher-Rosemount Systems, Inc. | Economic calculations in process control system |
US8073967B2 (en) * | 2002-04-15 | 2011-12-06 | Fisher-Rosemount Systems, Inc. | Web services-based communications for use with process control systems |
US7389204B2 (en) * | 2001-03-01 | 2008-06-17 | Fisher-Rosemount Systems, Inc. | Data presentation system for abnormal situation prevention in a process plant |
US7587481B1 (en) * | 2001-04-05 | 2009-09-08 | Dj Inventions, Llc | Enterprise server for SCADA system with security interface |
US20020191102A1 (en) * | 2001-05-31 | 2002-12-19 | Casio Computer Co., Ltd. | Light emitting device, camera with light emitting device, and image pickup method |
US7657935B2 (en) * | 2001-08-16 | 2010-02-02 | The Trustees Of Columbia University In The City Of New York | System and methods for detecting malicious email transmission |
US7818797B1 (en) * | 2001-10-11 | 2010-10-19 | The Trustees Of Columbia University In The City Of New York | Methods for cost-sensitive modeling for intrusion detection and response |
US8544087B1 (en) | 2001-12-14 | 2013-09-24 | The Trustess Of Columbia University In The City Of New York | Methods of unsupervised anomaly detection using a geometric framework |
US9306966B2 (en) | 2001-12-14 | 2016-04-05 | The Trustees Of Columbia University In The City Of New York | Methods of unsupervised anomaly detection using a geometric framework |
US7225343B1 (en) | 2002-01-25 | 2007-05-29 | The Trustees Of Columbia University In The City Of New York | System and methods for adaptive model generation for detecting intrusions in computer systems |
US8910241B2 (en) * | 2002-04-25 | 2014-12-09 | Citrix Systems, Inc. | Computer security system |
US7420929B1 (en) | 2002-07-02 | 2008-09-02 | Juniper Networks, Inc. | Adaptive network flow analysis |
JP2004318552A (en) * | 2003-04-17 | 2004-11-11 | Kddi Corp | Device, method and program for supporting ids log analysis |
US9069666B2 (en) * | 2003-05-21 | 2015-06-30 | Hewlett-Packard Development Company, L.P. | Systems and methods for controlling error reporting and resolution |
CA2527501A1 (en) * | 2003-05-28 | 2004-12-09 | Caymas Systems, Inc. | Multilayer access control security system |
US7246156B2 (en) * | 2003-06-09 | 2007-07-17 | Industrial Defender, Inc. | Method and computer program product for monitoring an industrial network |
US20090271504A1 (en) * | 2003-06-09 | 2009-10-29 | Andrew Francis Ginter | Techniques for agent configuration |
US20050033701A1 (en) * | 2003-08-08 | 2005-02-10 | International Business Machines Corporation | System and method for verifying the identity of a remote meter transmitting utility usage data |
US7712083B2 (en) * | 2003-08-20 | 2010-05-04 | Igt | Method and apparatus for monitoring and updating system software |
US20050050357A1 (en) * | 2003-09-02 | 2005-03-03 | Su-Huei Jeng | Method and system for detecting unauthorized hardware devices |
EP1682990B1 (en) | 2003-11-12 | 2013-05-29 | The Trustees of Columbia University in the City of New York | Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data |
US7590726B2 (en) * | 2003-11-25 | 2009-09-15 | Microsoft Corporation | Systems and methods for unifying and/or utilizing state information for managing networked systems |
US7613804B2 (en) * | 2003-11-25 | 2009-11-03 | Microsoft Corporation | Systems and methods for state management of networked systems |
US7430598B2 (en) * | 2003-11-25 | 2008-09-30 | Microsoft Corporation | Systems and methods for health monitor alert management for networked systems |
US7599939B2 (en) * | 2003-11-26 | 2009-10-06 | Loglogic, Inc. | System and method for storing raw log data |
US20050114505A1 (en) * | 2003-11-26 | 2005-05-26 | Destefano Jason M. | Method and apparatus for retrieving and combining summarized log data in a distributed log data processing system |
US8234256B2 (en) * | 2003-11-26 | 2012-07-31 | Loglogic, Inc. | System and method for parsing, summarizing and reporting log data |
US20050114707A1 (en) * | 2003-11-26 | 2005-05-26 | Destefano Jason Michael | Method for processing log data from local and remote log-producing devices |
US20050114321A1 (en) * | 2003-11-26 | 2005-05-26 | Destefano Jason M. | Method and apparatus for storing and reporting summarized log data |
US8190723B2 (en) * | 2003-12-14 | 2012-05-29 | Cisco Technology, Inc. | Method and system for automatically determining commands for a network element |
US7359339B2 (en) * | 2003-12-23 | 2008-04-15 | Lenovo Singapore Pte Ltd | Smart access point |
US7584382B2 (en) * | 2004-02-19 | 2009-09-01 | Microsoft Corporation | Method and system for troubleshooting a misconfiguration of a computer system based on configurations of other computer systems |
US7392295B2 (en) * | 2004-02-19 | 2008-06-24 | Microsoft Corporation | Method and system for collecting information from computer systems based on a trusted relationship |
US20050198099A1 (en) * | 2004-02-24 | 2005-09-08 | Covelight Systems, Inc. | Methods, systems and computer program products for monitoring protocol responses for a server application |
US7676287B2 (en) * | 2004-03-03 | 2010-03-09 | Fisher-Rosemount Systems, Inc. | Configuration system and method for abnormal situation prevention in a process plant |
US7079984B2 (en) * | 2004-03-03 | 2006-07-18 | Fisher-Rosemount Systems, Inc. | Abnormal situation prevention in a process plant |
US8224937B2 (en) * | 2004-03-04 | 2012-07-17 | International Business Machines Corporation | Event ownership assigner with failover for multiple event server system |
US20050234988A1 (en) * | 2004-04-16 | 2005-10-20 | Messick Randall E | Message-based method and system for managing a storage area network |
WO2005104798A2 (en) * | 2004-04-28 | 2005-11-10 | Openlogic, Inc. | Tools for stacking uncoordinated software projects |
DE102004021031A1 (en) * | 2004-04-29 | 2005-11-24 | Siemens Ag | Method for generating and managing templates for event management |
US7664855B1 (en) * | 2004-05-05 | 2010-02-16 | Juniper Networks, Inc. | Port scanning mitigation within a network through establishment of an a prior network connection |
EP1754127A2 (en) * | 2004-05-19 | 2007-02-21 | Computer Associates Think, Inc. | Systems and methods for minimizing security logs |
US20050259657A1 (en) * | 2004-05-19 | 2005-11-24 | Paul Gassoway | Using address ranges to detect malicious activity |
US20050271128A1 (en) * | 2004-06-02 | 2005-12-08 | Williams Jeffery D | Distributed SCADA system for remote monitoring and control of access points utilizing an intelligent uninterruptible power supply system for a WISP network |
US20050289232A1 (en) * | 2004-06-07 | 2005-12-29 | Rudiger Ebert | Method, apparatus, and system for monitoring performance remotely from a user |
US20060021021A1 (en) * | 2004-06-08 | 2006-01-26 | Rajesh Patel | Security event data normalization |
US8010952B2 (en) * | 2004-06-08 | 2011-08-30 | Cisco Technology, Inc. | Method and apparatus for configuration syntax and semantic validation |
US20060015591A1 (en) * | 2004-06-08 | 2006-01-19 | Datla Krishnam R | Apparatus and method for intelligent configuration editor |
US7735140B2 (en) * | 2004-06-08 | 2010-06-08 | Cisco Technology, Inc. | Method and apparatus providing unified compliant network audit |
US7721304B2 (en) * | 2004-06-08 | 2010-05-18 | Cisco Technology, Inc. | Method and apparatus providing programmable network intelligence |
JP2006013737A (en) * | 2004-06-24 | 2006-01-12 | Fujitsu Ltd | Device for eliminating abnormal traffic |
US10284571B2 (en) * | 2004-06-28 | 2019-05-07 | Riverbed Technology, Inc. | Rule based alerting in anomaly detection |
US8458783B2 (en) * | 2004-06-30 | 2013-06-04 | Citrix Systems, Inc. | Using application gateways to protect unauthorized transmission of confidential data via web applications |
US7343624B1 (en) * | 2004-07-13 | 2008-03-11 | Sonicwall, Inc. | Managing infectious messages as identified by an attachment |
US9154511B1 (en) | 2004-07-13 | 2015-10-06 | Dell Software Inc. | Time zero detection of infectious messages |
US8589531B2 (en) * | 2004-07-14 | 2013-11-19 | Riverbed Technology, Inc. | Network difference reporting |
ES2289970T3 (en) * | 2004-07-21 | 2011-12-30 | Iternity Gmbh | MEMORY SYSTEM WITH PROBATORY AND FAST VALUE BASED ON A HARD DISK. |
US7546635B1 (en) | 2004-08-11 | 2009-06-09 | Juniper Networks, Inc. | Stateful firewall protection for control plane traffic within a network device |
US20060034305A1 (en) * | 2004-08-13 | 2006-02-16 | Honeywell International Inc. | Anomaly-based intrusion detection |
US7778228B2 (en) * | 2004-09-16 | 2010-08-17 | The Boeing Company | “Wireless ISLAND” mobile LAN-to-LAN tunneling solution |
US7280030B1 (en) * | 2004-09-24 | 2007-10-09 | Sielox, Llc | System and method for adjusting access control based on homeland security levels |
US8499337B1 (en) * | 2004-10-06 | 2013-07-30 | Mcafee, Inc. | Systems and methods for delegation and notification of administration of internet access |
US8433768B1 (en) * | 2004-10-14 | 2013-04-30 | Lockheed Martin Corporation | Embedded model interaction within attack projection framework of information system |
US7408441B2 (en) * | 2004-10-25 | 2008-08-05 | Electronic Data Systems Corporation | System and method for analyzing user-generated event information and message information from network devices |
US7408440B2 (en) | 2004-10-25 | 2008-08-05 | Electronics Data Systems Corporation | System and method for analyzing message information from diverse network devices |
US20060168170A1 (en) * | 2004-10-25 | 2006-07-27 | Korzeniowski Richard W | System and method for analyzing information relating to network devices |
JP4938233B2 (en) * | 2004-11-09 | 2012-05-23 | キヤノン電子株式会社 | Management server, information processing apparatus, control method therefor, network management system, computer program, and computer-readable storage medium |
JP4422595B2 (en) * | 2004-11-26 | 2010-02-24 | 富士通株式会社 | Monitoring system, monitored device, monitoring device, and monitoring method |
US8756682B2 (en) * | 2004-12-20 | 2014-06-17 | Hewlett-Packard Development Company, L.P. | Method and system for network intrusion prevention |
US8974304B2 (en) * | 2004-12-22 | 2015-03-10 | Wms Gaming Inc. | System, method, and apparatus for detecting abnormal behavior of a wagering game machine |
US8266320B1 (en) * | 2005-01-27 | 2012-09-11 | Science Applications International Corporation | Computer network defense |
US9325728B1 (en) | 2005-01-27 | 2016-04-26 | Leidos, Inc. | Systems and methods for implementing and scoring computer network defense exercises |
US7895167B2 (en) * | 2005-02-16 | 2011-02-22 | Xpolog Ltd. | System and method for analysis and management of logs and events |
US20060203736A1 (en) * | 2005-03-10 | 2006-09-14 | Stsn General Holdings Inc. | Real-time mobile user network operations center |
US8418226B2 (en) * | 2005-03-18 | 2013-04-09 | Absolute Software Corporation | Persistent servicing agent |
US9438683B2 (en) * | 2005-04-04 | 2016-09-06 | Aol Inc. | Router-host logging |
US7685292B1 (en) | 2005-04-07 | 2010-03-23 | Dell Marketing Usa L.P. | Techniques for establishment and use of a point-to-point tunnel between source and target devices |
US8140614B2 (en) * | 2005-06-02 | 2012-03-20 | International Business Machines Corporation | Distributed computing environment with remote data collection management |
JP4313336B2 (en) * | 2005-06-03 | 2009-08-12 | 株式会社日立製作所 | Monitoring system and monitoring method |
US7184935B1 (en) * | 2005-06-10 | 2007-02-27 | Hewlett-Packard Development Company, L.P. | Determining and annotating a signature of a computer resource |
US8364841B2 (en) * | 2005-06-16 | 2013-01-29 | Infinera Corporation | XML over TCP management protocol with tunneled proxy support and connection management |
US7702780B2 (en) * | 2005-06-22 | 2010-04-20 | International Business Machines Corporation | Monitoring method, system, and computer program based on severity and persistence of problems |
US7295950B2 (en) * | 2005-06-23 | 2007-11-13 | International Business Machines Corporation | Monitoring multiple channels of data from real time process to detect recent abnormal behavior |
US20060294588A1 (en) * | 2005-06-24 | 2006-12-28 | International Business Machines Corporation | System, method and program for identifying and preventing malicious intrusions |
US7877803B2 (en) * | 2005-06-27 | 2011-01-25 | Hewlett-Packard Development Company, L.P. | Automated immune response for a computer |
US7664849B1 (en) * | 2005-06-30 | 2010-02-16 | Symantec Operating Corporation | Method and apparatus for controlling finite impulse responses using alert definitions in policy-based automation |
US7647634B2 (en) * | 2005-06-30 | 2010-01-12 | Microsoft Corporation | Managing access to a network |
CN100479575C (en) | 2005-06-30 | 2009-04-15 | 华为技术有限公司 | Method and apparatus for realizing scheduled operation in equipment management |
US9418040B2 (en) * | 2005-07-07 | 2016-08-16 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US7832006B2 (en) * | 2005-08-09 | 2010-11-09 | At&T Intellectual Property I, L.P. | System and method for providing network security |
US7818625B2 (en) * | 2005-08-17 | 2010-10-19 | Microsoft Corporation | Techniques for performing memory diagnostics |
US8769663B2 (en) * | 2005-08-24 | 2014-07-01 | Fortinet, Inc. | Systems and methods for detecting undesirable network traffic content |
US7899903B2 (en) * | 2005-09-30 | 2011-03-01 | Microsoft Corporation | Template based management system |
US20070168349A1 (en) * | 2005-09-30 | 2007-07-19 | Microsoft Corporation | Schema for template based management system |
CN102904749B (en) | 2005-10-05 | 2015-12-09 | 拜尔斯安全公司 | Adopt the method for safety means protecting network device, safety means and data network |
US7502971B2 (en) * | 2005-10-12 | 2009-03-10 | Hewlett-Packard Development Company, L.P. | Determining a recurrent problem of a computer resource using signatures |
WO2007053708A2 (en) | 2005-10-31 | 2007-05-10 | The Trustees Of Columbia University In The City Of New York | Methods, media, and systems for securing communications between a first node and a second node |
JP4459890B2 (en) * | 2005-11-04 | 2010-04-28 | 株式会社日立製作所 | Information processing apparatus, incident response apparatus control method, and program |
WO2007062004A2 (en) | 2005-11-22 | 2007-05-31 | The Trustees Of Columbia University In The City Of New York | Methods, media, and devices for moving a connection from one point of access to another point of access |
US7966654B2 (en) | 2005-11-22 | 2011-06-21 | Fortinet, Inc. | Computerized system and method for policy-based content filtering |
IL172289A (en) * | 2005-11-30 | 2011-07-31 | Rafael Advanced Defense Sys | Limited bandwidth surveillance system and method with rotation among monitors |
US20070192344A1 (en) * | 2005-12-29 | 2007-08-16 | Microsoft Corporation | Threats and countermeasures schema |
US7890315B2 (en) * | 2005-12-29 | 2011-02-15 | Microsoft Corporation | Performance engineering and the application life cycle |
US20070157311A1 (en) * | 2005-12-29 | 2007-07-05 | Microsoft Corporation | Security modeling and the application life cycle |
US20070157316A1 (en) * | 2005-12-30 | 2007-07-05 | Intel Corporation | Managing rogue IP traffic in a global enterprise |
US20070180101A1 (en) * | 2006-01-10 | 2007-08-02 | A10 Networks Inc. | System and method for storing data-network activity information |
JP2007215162A (en) * | 2006-01-11 | 2007-08-23 | Canon Inc | Information processing apparatus, control method thereof, program and recording medium |
US8234361B2 (en) * | 2006-01-13 | 2012-07-31 | Fortinet, Inc. | Computerized system and method for handling network traffic |
US9183106B2 (en) * | 2006-01-13 | 2015-11-10 | Dell Products L.P. | System and method for the automated generation of events within a server environment |
US7818788B2 (en) * | 2006-02-14 | 2010-10-19 | Microsoft Corporation | Web application security frame |
US7933986B2 (en) * | 2006-02-16 | 2011-04-26 | Microsoft Corporation | Transferring command-lines as a message |
US7712137B2 (en) * | 2006-02-27 | 2010-05-04 | Microsoft Corporation | Configuring and organizing server security information |
US7721157B2 (en) * | 2006-03-08 | 2010-05-18 | Omneon Video Networks | Multi-node computer system component proactive monitoring and proactive repair |
US7996895B2 (en) * | 2006-03-27 | 2011-08-09 | Avaya Inc. | Method and apparatus for protecting networks from unauthorized applications |
US8831011B1 (en) | 2006-04-13 | 2014-09-09 | Xceedium, Inc. | Point to multi-point connections |
US7675867B1 (en) | 2006-04-19 | 2010-03-09 | Owl Computing Technologies, Inc. | One-way data transfer system with built-in data verification mechanism |
US8151322B2 (en) | 2006-05-16 | 2012-04-03 | A10 Networks, Inc. | Systems and methods for user access authentication based on network access point |
US8065666B2 (en) | 2006-06-02 | 2011-11-22 | Rockwell Automation Technologies, Inc. | Change management methodologies for industrial automation and information systems |
US8117441B2 (en) * | 2006-06-20 | 2012-02-14 | Microsoft Corporation | Integrating security protection tools with computer device integrity and privacy policy |
US7913245B2 (en) * | 2006-06-21 | 2011-03-22 | International Business Machines Corporation | Apparatus, system and method for modular distribution and maintenance of non-“object code only” dynamic components |
US20070300312A1 (en) * | 2006-06-22 | 2007-12-27 | Microsoft Corporation Microsoft Patent Group | User presence detection for altering operation of a computing system |
US9762536B2 (en) * | 2006-06-27 | 2017-09-12 | Waterfall Security Solutions Ltd. | One way secure link |
US20080004763A1 (en) * | 2006-06-30 | 2008-01-03 | Caterpillar Inc. | Method and system for preventing excessive tire wear on machines |
US20130276109A1 (en) * | 2006-07-11 | 2013-10-17 | Mcafee, Inc. | System, method and computer program product for detecting activity in association with program resources that has at least a potential of an unwanted effect on the program |
US7536276B2 (en) * | 2006-07-27 | 2009-05-19 | Siemens Buildings Technologies, Inc. | Method and apparatus for equipment health monitoring |
US8869262B2 (en) * | 2006-08-03 | 2014-10-21 | Citrix Systems, Inc. | Systems and methods for application based interception of SSL/VPN traffic |
US8484718B2 (en) * | 2006-08-03 | 2013-07-09 | Citrix System, Inc. | Systems and methods for enabling assured records using fine grained auditing of virtual private network traffic |
US8495181B2 (en) * | 2006-08-03 | 2013-07-23 | Citrix Systems, Inc | Systems and methods for application based interception SSI/VPN traffic |
US7843912B2 (en) * | 2006-08-03 | 2010-11-30 | Citrix Systems, Inc. | Systems and methods of fine grained interception of network communications on a virtual private network |
US7571349B2 (en) * | 2006-08-18 | 2009-08-04 | Microsoft Corporation | Configuration replication for system recovery and migration |
US20080052508A1 (en) * | 2006-08-25 | 2008-02-28 | Huotari Allen J | Network security status indicators |
US8903968B2 (en) * | 2006-08-29 | 2014-12-02 | International Business Machines Corporation | Distributed computing environment |
IL177756A (en) * | 2006-08-29 | 2014-11-30 | Lior Frenkel | Encryption-based attack prevention |
US8522304B2 (en) * | 2006-09-08 | 2013-08-27 | Ibahn General Holdings Corporation | Monitoring and reporting policy compliance of home networks |
US20120284790A1 (en) * | 2006-09-11 | 2012-11-08 | Decision-Zone Inc. | Live service anomaly detection system for providing cyber protection for the electric grid |
US8984579B2 (en) * | 2006-09-19 | 2015-03-17 | The Innovation Science Fund I, LLC | Evaluation systems and methods for coordinating software agents |
US8627402B2 (en) | 2006-09-19 | 2014-01-07 | The Invention Science Fund I, Llc | Evaluation systems and methods for coordinating software agents |
US8601530B2 (en) * | 2006-09-19 | 2013-12-03 | The Invention Science Fund I, Llc | Evaluation systems and methods for coordinating software agents |
US8607336B2 (en) * | 2006-09-19 | 2013-12-10 | The Invention Science Fund I, Llc | Evaluation systems and methods for coordinating software agents |
US20080125887A1 (en) * | 2006-09-27 | 2008-05-29 | Rockwell Automation Technologies, Inc. | Event context data and aggregation for industrial control systems |
US8112425B2 (en) | 2006-10-05 | 2012-02-07 | Splunk Inc. | Time series search engine |
US8312507B2 (en) | 2006-10-17 | 2012-11-13 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US7716378B2 (en) | 2006-10-17 | 2010-05-11 | A10 Networks, Inc. | System and method to associate a private user identity with a public user identity |
US8544071B1 (en) * | 2006-10-19 | 2013-09-24 | United Services Automobile Association (Usaa) | Systems and methods for software application security management |
US8055904B1 (en) | 2006-10-19 | 2011-11-08 | United Services Automobile Assocation (USAA) | Systems and methods for software application security management |
US8214889B2 (en) * | 2006-11-03 | 2012-07-03 | Microsoft Corporation | Selective auto-revocation of firewall security settings |
US20080126884A1 (en) * | 2006-11-28 | 2008-05-29 | Siemens Aktiengesellschaft | Method for providing detailed information and support regarding an event message |
US7415385B2 (en) * | 2006-11-29 | 2008-08-19 | Mitsubishi Electric Research Laboratories, Inc. | System and method for measuring performances of surveillance systems |
IL180020A (en) * | 2006-12-12 | 2013-03-24 | Waterfall Security Solutions Ltd | Encryption -and decryption-enabled interfaces |
US8055760B1 (en) * | 2006-12-18 | 2011-11-08 | Sprint Communications Company L.P. | Firewall doctor |
US7944357B2 (en) * | 2006-12-18 | 2011-05-17 | Cummings Engineering Consultants, Inc. | Method and system for a grass roots intelligence program |
US8640086B2 (en) * | 2006-12-29 | 2014-01-28 | Sap Ag | Graphical user interface system and method for presenting objects |
IL180748A (en) * | 2007-01-16 | 2013-03-24 | Waterfall Security Solutions Ltd | Secure archive |
US8254882B2 (en) * | 2007-01-29 | 2012-08-28 | Cisco Technology, Inc. | Intrusion prevention system for wireless networks |
US8312135B2 (en) * | 2007-02-02 | 2012-11-13 | Microsoft Corporation | Computing system infrastructure to administer distress messages |
JP4905165B2 (en) * | 2007-02-07 | 2012-03-28 | 富士通株式会社 | Monitoring support program, monitoring method and monitoring system |
US8856782B2 (en) * | 2007-03-01 | 2014-10-07 | George Mason Research Foundation, Inc. | On-demand disposable virtual work system |
US7853679B2 (en) * | 2007-03-12 | 2010-12-14 | Citrix Systems, Inc. | Systems and methods for configuring handling of undefined policy events |
US7865589B2 (en) | 2007-03-12 | 2011-01-04 | Citrix Systems, Inc. | Systems and methods for providing structured policy expressions to represent unstructured data in a network appliance |
US8631147B2 (en) | 2007-03-12 | 2014-01-14 | Citrix Systems, Inc. | Systems and methods for configuring policy bank invocations |
US7870277B2 (en) * | 2007-03-12 | 2011-01-11 | Citrix Systems, Inc. | Systems and methods for using object oriented expressions to configure application security policies |
US7853678B2 (en) * | 2007-03-12 | 2010-12-14 | Citrix Systems, Inc. | Systems and methods for configuring flow control of policy expressions |
WO2008112769A2 (en) | 2007-03-12 | 2008-09-18 | Citrix Systems, Inc. | Systems and methods for configuring, applying and managing object-oriented policy expressions for a network device |
US8490148B2 (en) | 2007-03-12 | 2013-07-16 | Citrix Systems, Inc | Systems and methods for managing application security profiles |
US9922323B2 (en) | 2007-03-16 | 2018-03-20 | Visa International Service Association | System and method for automated analysis comparing a wireless device location with another geographic location |
US9185123B2 (en) | 2008-02-12 | 2015-11-10 | Finsphere Corporation | System and method for mobile identity protection for online user authentication |
US9432845B2 (en) | 2007-03-16 | 2016-08-30 | Visa International Service Association | System and method for automated analysis comparing a wireless device location with another geographic location |
US9420448B2 (en) | 2007-03-16 | 2016-08-16 | Visa International Service Association | System and method for automated analysis comparing a wireless device location with another geographic location |
US8280348B2 (en) | 2007-03-16 | 2012-10-02 | Finsphere Corporation | System and method for identity protection using mobile device signaling network derived location pattern recognition |
EP2143063A4 (en) * | 2007-03-26 | 2012-10-17 | Bpl Global Ltd | System and method for integrated asset protection |
WO2008118976A1 (en) * | 2007-03-26 | 2008-10-02 | The Trustees Of Culumbia University In The City Of New York | Methods and media for exchanging data between nodes of disconnected networks |
US9083712B2 (en) * | 2007-04-04 | 2015-07-14 | Sri International | Method and apparatus for generating highly predictive blacklists |
KR101397147B1 (en) * | 2007-04-11 | 2014-05-19 | 엘지전자 주식회사 | Mobile communication device having web alarm function and operating method thereof |
US8068415B2 (en) | 2007-04-18 | 2011-11-29 | Owl Computing Technologies, Inc. | Secure one-way data transfer using communication interface circuitry |
US7941526B1 (en) | 2007-04-19 | 2011-05-10 | Owl Computing Technologies, Inc. | Transmission of syslog messages over a one-way data link |
US8352450B1 (en) | 2007-04-19 | 2013-01-08 | Owl Computing Technologies, Inc. | Database update through a one-way data link |
US8139581B1 (en) | 2007-04-19 | 2012-03-20 | Owl Computing Technologies, Inc. | Concurrent data transfer involving two or more transport layer protocols over a single one-way data link |
US20080270469A1 (en) * | 2007-04-26 | 2008-10-30 | Microsoft Corporation | Business metrics aggregated by custom hierarchy |
US8234240B2 (en) * | 2007-04-26 | 2012-07-31 | Microsoft Corporation | Framework for providing metrics from any datasource |
US7966660B2 (en) * | 2007-05-23 | 2011-06-21 | Honeywell International Inc. | Apparatus and method for deploying a wireless network intrusion detection system to resource-constrained devices |
DE102008024668A1 (en) * | 2007-05-24 | 2008-11-27 | ABB Inc., Norwalk | Inventory monitor for fieldbus devices |
US8108924B1 (en) * | 2007-05-24 | 2012-01-31 | Sprint Communications Company L.P. | Providing a firewall's connection data in a comprehendible format |
US8533821B2 (en) * | 2007-05-25 | 2013-09-10 | International Business Machines Corporation | Detecting and defending against man-in-the-middle attacks |
US20080313228A1 (en) * | 2007-06-15 | 2008-12-18 | Rockwell Automation Technologies, Inc. | Controller log and log aggregation |
WO2009006937A1 (en) * | 2007-07-09 | 2009-01-15 | Abb Research Ltd | Data recording apparatus |
US8132248B2 (en) * | 2007-07-18 | 2012-03-06 | Trend Micro Incorporated | Managing configurations of a firewall |
US7992209B1 (en) | 2007-07-19 | 2011-08-02 | Owl Computing Technologies, Inc. | Bilateral communication using multiple one-way data links |
US9336387B2 (en) * | 2007-07-30 | 2016-05-10 | Stroz Friedberg, Inc. | System, method, and computer program product for detecting access to a memory device |
US8024802B1 (en) * | 2007-07-31 | 2011-09-20 | Hewlett-Packard Development Company, L.P. | Methods and systems for using state ranges for processing regular expressions in intrusion-prevention systems |
US8301676B2 (en) * | 2007-08-23 | 2012-10-30 | Fisher-Rosemount Systems, Inc. | Field device with capability of calculating digital filter coefficients |
US8239922B2 (en) * | 2007-08-27 | 2012-08-07 | Honeywell International Inc. | Remote HVAC control with user privilege setup |
US7702401B2 (en) | 2007-09-05 | 2010-04-20 | Fisher-Rosemount Systems, Inc. | System for preserving and displaying process control data associated with an abnormal situation |
IL187492A0 (en) * | 2007-09-06 | 2008-02-09 | Human Interface Security Ltd | Information protection device |
US8074278B2 (en) * | 2007-09-14 | 2011-12-06 | Fisher-Rosemount Systems, Inc. | Apparatus and methods for intrusion protection in safety instrumented process control systems |
DE102007046079A1 (en) * | 2007-09-26 | 2009-04-02 | Siemens Ag | A method for establishing a secure connection from a service technician to an incident affected component of a remote diagnosable and / or remote controllable automation environment |
US20090088883A1 (en) * | 2007-09-27 | 2009-04-02 | Rockwell Automation Technologies, Inc. | Surface-based computing in an industrial automation environment |
US8296414B1 (en) * | 2007-09-28 | 2012-10-23 | Emc Corporation | Techniques for automated application discovery |
US8224942B1 (en) | 2007-10-02 | 2012-07-17 | Google Inc. | Network failure detection |
US8055479B2 (en) | 2007-10-10 | 2011-11-08 | Fisher-Rosemount Systems, Inc. | Simplified algorithm for abnormal situation prevention in load following applications including plugged line diagnostics in a dynamic process |
US20090100430A1 (en) * | 2007-10-15 | 2009-04-16 | Marco Valentin | Method and system for a task automation tool |
US8223205B2 (en) * | 2007-10-24 | 2012-07-17 | Waterfall Solutions Ltd. | Secure implementation of network-based sensors |
US8959624B2 (en) * | 2007-10-31 | 2015-02-17 | Bank Of America Corporation | Executable download tracking system |
US9282005B1 (en) * | 2007-11-01 | 2016-03-08 | Emc Corporation | IT infrastructure policy breach investigation interface |
US8516539B2 (en) * | 2007-11-09 | 2013-08-20 | Citrix Systems, Inc | System and method for inferring access policies from access event records |
US8990910B2 (en) * | 2007-11-13 | 2015-03-24 | Citrix Systems, Inc. | System and method using globally unique identities |
US20090150513A1 (en) * | 2007-12-10 | 2009-06-11 | At&T Knowledge Ventures, Lp | Method and System for Gathering Network Data |
KR20090065183A (en) * | 2007-12-17 | 2009-06-22 | 한국전자통신연구원 | Apparatus and method automatically generating security policy of selinux based on selt |
US8095938B1 (en) * | 2007-12-21 | 2012-01-10 | Emc Corporation | Managing alert generation |
US20090204702A1 (en) * | 2008-02-08 | 2009-08-13 | Autiq As | System and method for network management using self-discovering thin agents |
US9336385B1 (en) * | 2008-02-11 | 2016-05-10 | Adaptive Cyber Security Instruments, Inc. | System for real-time threat detection and management |
TWI406151B (en) * | 2008-02-27 | 2013-08-21 | Asustek Comp Inc | Antivirus protection method and electronic device with antivirus protection |
US20090228838A1 (en) * | 2008-03-04 | 2009-09-10 | Ryan Christopher N | Content design tool |
US8839460B2 (en) * | 2008-03-07 | 2014-09-16 | Qualcomm Incorporated | Method for securely communicating information about the location of a compromised computing device |
US8606686B1 (en) * | 2008-03-07 | 2013-12-10 | Versify Solutions, Inc. | System and method for gathering and performing complex analyses on power data from multiple remote sources |
US8850568B2 (en) * | 2008-03-07 | 2014-09-30 | Qualcomm Incorporated | Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access |
US8965719B1 (en) * | 2008-03-07 | 2015-02-24 | Versify Solutions, Inc. | Universal performance monitor for power generators |
US9240945B2 (en) * | 2008-03-19 | 2016-01-19 | Citrix Systems, Inc. | Access, priority and bandwidth management based on application identity |
US20090254970A1 (en) * | 2008-04-04 | 2009-10-08 | Avaya Inc. | Multi-tier security event correlation and mitigation |
WO2009128905A1 (en) | 2008-04-17 | 2009-10-22 | Siemens Energy, Inc. | Method and system for cyber security management of industrial control systems |
US8761948B1 (en) | 2008-04-25 | 2014-06-24 | Versify Solutions, Inc. | System and method for managing and monitoring renewable energy power generation |
US8943575B2 (en) | 2008-04-30 | 2015-01-27 | Citrix Systems, Inc. | Method and system for policy simulation |
US20090276469A1 (en) * | 2008-05-01 | 2009-11-05 | International Business Machines Corporation | Method for transactional behavior extaction in distributed applications |
US20090276852A1 (en) * | 2008-05-01 | 2009-11-05 | International Business Machines Corporation | Statistical worm discovery within a security information management architecture |
US8339959B1 (en) | 2008-05-20 | 2012-12-25 | Juniper Networks, Inc. | Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane |
US8713177B2 (en) * | 2008-05-30 | 2014-04-29 | Red Hat, Inc. | Remote management of networked systems using secure modular platform |
US8122503B2 (en) * | 2008-05-31 | 2012-02-21 | Hewlett-Packard Development Company, L.P. | Methods and systems for managing a potential security threat to a network |
US20100042912A1 (en) * | 2008-06-12 | 2010-02-18 | Eva Whitaker | Reminder and notification system for a parent |
US8312540B1 (en) * | 2008-06-13 | 2012-11-13 | Juniper Networks, Inc. | System for slowing password attacks |
US8689335B2 (en) * | 2008-06-25 | 2014-04-01 | Microsoft Corporation | Mapping between users and machines in an enterprise security assessment sharing system |
WO2010008479A2 (en) | 2008-06-25 | 2010-01-21 | Versify Solutions, Llc | Aggregator, monitor, and manager of distributed demand response |
DE102008030939A1 (en) * | 2008-07-02 | 2010-01-07 | Deutsche Thomson Ohg | Method and device for managing data transmission in a network |
US20110087761A1 (en) * | 2008-07-07 | 2011-04-14 | Mo-Han Fong | Power saving schemes for wireless systems |
US8711747B2 (en) | 2008-07-07 | 2014-04-29 | Apple Inc. | Power saving methods for wireless systems |
US8745268B2 (en) * | 2008-08-18 | 2014-06-03 | Schneider Electric USA, Inc. | In-line security device |
US9100297B2 (en) | 2008-08-20 | 2015-08-04 | Red Hat, Inc. | Registering new machines in a software provisioning environment |
US8955107B2 (en) * | 2008-09-12 | 2015-02-10 | Juniper Networks, Inc. | Hierarchical application of security services within a computer network |
US9098698B2 (en) | 2008-09-12 | 2015-08-04 | George Mason Research Foundation, Inc. | Methods and apparatus for application isolation |
US20100088197A1 (en) * | 2008-10-02 | 2010-04-08 | Dehaan Michael Paul | Systems and methods for generating remote system inventory capable of differential update reports |
US8301759B2 (en) * | 2008-10-24 | 2012-10-30 | Microsoft Corporation | Monitoring agent programs in a distributed computing platform |
IL194943A0 (en) * | 2008-10-27 | 2009-09-22 | Human Interface Security Ltd | Verification of data transmitted by computer |
US8990573B2 (en) * | 2008-11-10 | 2015-03-24 | Citrix Systems, Inc. | System and method for using variable security tag location in network communications |
US9084937B2 (en) | 2008-11-18 | 2015-07-21 | Gtech Canada Ulc | Faults and performance issue prediction |
US8028196B2 (en) * | 2008-11-18 | 2011-09-27 | Gtech Corporation | Predictive diagnostics and fault management |
US8775574B2 (en) * | 2008-11-26 | 2014-07-08 | Red Hat, Inc. | Remote network management having multi-node awareness |
US8782204B2 (en) | 2008-11-28 | 2014-07-15 | Red Hat, Inc. | Monitoring hardware resources in a software provisioning environment |
US8578491B2 (en) * | 2008-12-11 | 2013-11-05 | Alcatel Lucent | Network based malware detection and reporting |
US7996713B2 (en) * | 2008-12-15 | 2011-08-09 | Juniper Networks, Inc. | Server-to-server integrity checking |
US8019860B2 (en) * | 2008-12-22 | 2011-09-13 | Sap Ag | Service accounting method and apparatus for composite service |
US8737398B2 (en) * | 2008-12-31 | 2014-05-27 | Schneider Electric USA, Inc. | Communication module with network isolation and communication filter |
US9558195B2 (en) | 2009-02-27 | 2017-01-31 | Red Hat, Inc. | Depopulation of user data from network |
US9313105B2 (en) * | 2009-02-27 | 2016-04-12 | Red Hat, Inc. | Network management using secure mesh command and control framework |
US8719392B2 (en) * | 2009-02-27 | 2014-05-06 | Red Hat, Inc. | Searching a managed network for setting and configuration data |
US8402267B1 (en) | 2009-03-18 | 2013-03-19 | University Of Louisville Research Foundation, Inc. | Security enhanced network device and method for secure operation of same |
US8868907B2 (en) | 2009-03-18 | 2014-10-21 | University Of Louisville Research Foundation, Inc. | Device, method, and system for processing communications for secure operation of industrial control system field devices |
US8935773B2 (en) | 2009-04-09 | 2015-01-13 | George Mason Research Foundation, Inc. | Malware detector |
US9305189B2 (en) | 2009-04-14 | 2016-04-05 | Owl Computing Technologies, Inc. | Ruggedized, compact and integrated one-way controlled interface to enforce confidentiality of a secure enclave |
US20100269162A1 (en) | 2009-04-15 | 2010-10-21 | Jose Bravo | Website authentication |
FR2944886B1 (en) * | 2009-04-22 | 2011-07-15 | Thales Sa | INTEGRATED SUPERVISION AND COMMAND SYSTEM |
US8914878B2 (en) | 2009-04-29 | 2014-12-16 | Juniper Networks, Inc. | Detecting malicious network software agents |
US8504636B2 (en) * | 2009-05-08 | 2013-08-06 | Raytheon Company | Monitoring communications using a unified communications protocol |
EP2252006A1 (en) * | 2009-05-15 | 2010-11-17 | Panda Security S.L. | System and method for obtaining a classification of an identifier |
US9134987B2 (en) | 2009-05-29 | 2015-09-15 | Red Hat, Inc. | Retiring target machines by a provisioning server |
US9280399B2 (en) * | 2009-05-29 | 2016-03-08 | Red Hat, Inc. | Detecting, monitoring, and configuring services in a netwowk |
US8566459B2 (en) * | 2009-05-29 | 2013-10-22 | Red Hat, Inc. | Systems and methods for integrated console management interface |
US9298583B2 (en) * | 2009-06-04 | 2016-03-29 | International Business Machines Corporation | Network traffic based power consumption estimation of information technology systems |
US8694905B2 (en) * | 2009-06-10 | 2014-04-08 | International Business Machines Corporation | Model-driven display of metric annotations on a resource/relationship graph |
US20100325687A1 (en) * | 2009-06-22 | 2010-12-23 | Iverson Gyle T | Systems and Methods for Custom Device Automatic Password Management |
US8863253B2 (en) | 2009-06-22 | 2014-10-14 | Beyondtrust Software, Inc. | Systems and methods for automatic discovery of systems and accounts |
US9160545B2 (en) * | 2009-06-22 | 2015-10-13 | Beyondtrust Software, Inc. | Systems and methods for A2A and A2DB security using program authentication factors |
US8839422B2 (en) | 2009-06-30 | 2014-09-16 | George Mason Research Foundation, Inc. | Virtual browsing environment |
US20110004589A1 (en) * | 2009-07-06 | 2011-01-06 | Rockwell Automation Technologies, Inc. | Diagnostics in a distributed directory system |
US11797997B2 (en) | 2009-07-07 | 2023-10-24 | Visa International Service Association | Data verification in transactions in distributed network |
US8752142B2 (en) | 2009-07-17 | 2014-06-10 | American Express Travel Related Services Company, Inc. | Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback |
US8788652B2 (en) * | 2009-07-27 | 2014-07-22 | Ixia | Real world network testing combining lower layer network tests, application layer tests and interdependent interactions |
GB2484878B (en) | 2009-08-13 | 2015-01-07 | Ibm | Automatic address range detection for IP networks |
US8311987B2 (en) * | 2009-08-17 | 2012-11-13 | Sap Ag | Data staging system and method |
US9425976B2 (en) * | 2009-08-19 | 2016-08-23 | Hewlett Packard Enterprise Development Lp | Reporting operational information of a network device |
US20110047406A1 (en) * | 2009-08-24 | 2011-02-24 | General Devices | Systems and methods for sending, receiving and managing electronic messages |
US8607093B2 (en) * | 2009-08-31 | 2013-12-10 | Red Hat, Inc. | Systems and methods for detecting machine faults in network using acoustic monitoring |
US8166341B2 (en) * | 2009-08-31 | 2012-04-24 | Red Hat, Inc. | Systems and methods for testing results of configuration management activity |
US8914787B2 (en) * | 2009-08-31 | 2014-12-16 | Red Hat, Inc. | Registering software management component types in a managed network |
US8463885B2 (en) * | 2009-08-31 | 2013-06-11 | Red Hat, Inc. | Systems and methods for generating management agent installations |
US8789173B2 (en) * | 2009-09-03 | 2014-07-22 | Juniper Networks, Inc. | Protecting against distributed network flood attacks |
GB2474545B (en) * | 2009-09-24 | 2015-06-24 | Fisher Rosemount Systems Inc | Integrated unified threat management for a process control system |
US9967169B2 (en) * | 2009-09-30 | 2018-05-08 | Red Hat, Inc. | Detecting network conditions based on correlation between trend lines |
US8335989B2 (en) * | 2009-10-26 | 2012-12-18 | Nokia Corporation | Method and apparatus for presenting polymorphic notes in a graphical user interface |
US8719782B2 (en) | 2009-10-29 | 2014-05-06 | Red Hat, Inc. | Integrated package development and machine configuration management |
US20110106738A1 (en) * | 2009-10-29 | 2011-05-05 | Marianna Cheklin | System and method for managing implementations |
CN101714990B (en) * | 2009-10-30 | 2013-06-05 | 清华大学 | Network security safeguarding integrated system and control method thereof |
US8369345B1 (en) | 2009-11-13 | 2013-02-05 | Juniper Networks, Inc. | Multi-router system having shared network interfaces |
US8302189B2 (en) * | 2009-11-30 | 2012-10-30 | At&T Intellectual Property I, L.P. | Methods, devices, systems, and computer program products for edge driven communications network security monitoring |
US8683609B2 (en) * | 2009-12-04 | 2014-03-25 | International Business Machines Corporation | Mobile phone and IP address correlation service |
US9756076B2 (en) * | 2009-12-17 | 2017-09-05 | American Express Travel Related Services Company, Inc. | Dynamically reacting policies and protections for securing mobile financial transactions |
US8621636B2 (en) | 2009-12-17 | 2013-12-31 | American Express Travel Related Services Company, Inc. | Systems, methods, and computer program products for collecting and reporting sensor data in a communication network |
US8832707B2 (en) * | 2009-12-21 | 2014-09-09 | International Business Machines Corporation | Tunable error resilience computing |
US8650129B2 (en) | 2010-01-20 | 2014-02-11 | American Express Travel Related Services Company, Inc. | Dynamically reacting policies and protections for securing mobile financial transaction data in transit |
US8793789B2 (en) | 2010-07-22 | 2014-07-29 | Bank Of America Corporation | Insider threat correlation tool |
US9038187B2 (en) * | 2010-01-26 | 2015-05-19 | Bank Of America Corporation | Insider threat correlation tool |
US8782209B2 (en) * | 2010-01-26 | 2014-07-15 | Bank Of America Corporation | Insider threat correlation tool |
US8800034B2 (en) * | 2010-01-26 | 2014-08-05 | Bank Of America Corporation | Insider threat correlation tool |
US8782794B2 (en) | 2010-04-16 | 2014-07-15 | Bank Of America Corporation | Detecting secure or encrypted tunneling in a computer network |
US8544100B2 (en) | 2010-04-16 | 2013-09-24 | Bank Of America Corporation | Detecting secure or encrypted tunneling in a computer network |
US20110258302A1 (en) * | 2010-04-20 | 2011-10-20 | No Limits Software, LLC | System And Method For Remotely Determining Identification And Physical Location Of Equipment In A Rack |
CN101848241B (en) * | 2010-05-06 | 2012-12-19 | 安徽省电力公司合肥供电公司 | Ies500 automatic real-time data and information system |
WO2011143462A1 (en) | 2010-05-14 | 2011-11-17 | Harnischfeger Technologies, Inc. | Remote monitoring of machine alarms |
US8489525B2 (en) | 2010-05-20 | 2013-07-16 | International Business Machines Corporation | Automatic model evolution |
US8533319B2 (en) | 2010-06-02 | 2013-09-10 | Lockheed Martin Corporation | Methods and systems for prioritizing network assets |
CN102281164A (en) * | 2010-06-08 | 2011-12-14 | 腾讯科技(深圳)有限公司 | Method, equipment and system for monitoring data |
US10360625B2 (en) | 2010-06-22 | 2019-07-23 | American Express Travel Related Services Company, Inc. | Dynamically adaptive policy management for securing mobile financial transactions |
US8850539B2 (en) | 2010-06-22 | 2014-09-30 | American Express Travel Related Services Company, Inc. | Adaptive policies and protections for securing financial transaction data at rest |
US8924296B2 (en) | 2010-06-22 | 2014-12-30 | American Express Travel Related Services Company, Inc. | Dynamic pairing system for securing a trusted communication channel |
US8498982B1 (en) | 2010-07-07 | 2013-07-30 | Openlogic, Inc. | Noise reduction for content matching analysis results for protectable content |
WO2012012266A2 (en) | 2010-07-19 | 2012-01-26 | Owl Computing Technologies. Inc. | Secure acknowledgment device for one-way data transfer system |
KR101377462B1 (en) * | 2010-08-24 | 2014-03-25 | 한국전자통신연구원 | Automated Control Method And Apparatus of DDos Attack Prevention Policy Using the status of CPU and Memory |
US8423638B2 (en) * | 2010-09-29 | 2013-04-16 | International Business Machines Corporation | Performance monitoring of a computer resource |
US9355004B2 (en) * | 2010-10-05 | 2016-05-31 | Red Hat Israel, Ltd. | Installing monitoring utilities using universal performance monitor |
US9524224B2 (en) | 2010-10-05 | 2016-12-20 | Red Hat Israel, Ltd. | Customized monitoring of system activities |
US9363107B2 (en) | 2010-10-05 | 2016-06-07 | Red Hat Israel, Ltd. | Accessing and processing monitoring data resulting from customized monitoring of system activities |
JP5669507B2 (en) * | 2010-10-05 | 2015-02-12 | キヤノン株式会社 | Management apparatus, management apparatus control method, and computer program |
US9256488B2 (en) | 2010-10-05 | 2016-02-09 | Red Hat Israel, Ltd. | Verification of template integrity of monitoring templates used for customized monitoring of system activities |
US8683591B2 (en) | 2010-11-18 | 2014-03-25 | Nant Holdings Ip, Llc | Vector-based anomaly detection |
US8788654B2 (en) * | 2010-12-07 | 2014-07-22 | Cisco Technology, Inc. | System and method for allocating resources based on events in a network environment |
US8826437B2 (en) | 2010-12-14 | 2014-09-02 | General Electric Company | Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in a communications network |
TWI447574B (en) | 2010-12-27 | 2014-08-01 | Ibm | Method,computer readable medium, appliance,and system for recording and prevevting crash in an appliance |
US8499348B1 (en) * | 2010-12-28 | 2013-07-30 | Amazon Technologies, Inc. | Detection of and responses to network attacks |
RU2453917C1 (en) * | 2010-12-30 | 2012-06-20 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for optimising execution of antivirus tasks in local area network |
US8935383B2 (en) * | 2010-12-31 | 2015-01-13 | Verisign, Inc. | Systems, apparatus, and methods for network data analysis |
US8935743B2 (en) * | 2011-01-27 | 2015-01-13 | Sap Se | Web service security cockpit |
US8800031B2 (en) | 2011-02-03 | 2014-08-05 | International Business Machines Corporation | Controlling access to sensitive data based on changes in information classification |
US8695095B2 (en) * | 2011-03-11 | 2014-04-08 | At&T Intellectual Property I, L.P. | Mobile malicious software mitigation |
US9058029B2 (en) * | 2011-03-31 | 2015-06-16 | Brad Radl | System and method for creating a graphical control programming environment |
US20120260251A1 (en) * | 2011-04-05 | 2012-10-11 | International Business Machines Corporation | Prevention of event flooding |
US8838988B2 (en) | 2011-04-12 | 2014-09-16 | International Business Machines Corporation | Verification of transactional integrity |
US20120272314A1 (en) * | 2011-04-21 | 2012-10-25 | Cybyl Technologies, Inc. | Data collection system |
EP2518969A1 (en) * | 2011-04-27 | 2012-10-31 | Siemens Aktiengesellschaft | Method for operating an automation device |
US9237127B2 (en) * | 2011-05-12 | 2016-01-12 | Airmagnet, Inc. | Method and apparatus for dynamic host operating system firewall configuration |
US9927788B2 (en) | 2011-05-19 | 2018-03-27 | Fisher-Rosemount Systems, Inc. | Software lockout coordination between a process control system and an asset management system |
US9665458B2 (en) | 2011-06-01 | 2017-05-30 | Data Security Solutions, Llc | Method and system for providing information from third party applications to devices |
US10229280B2 (en) * | 2011-06-14 | 2019-03-12 | International Business Machines Corporation | System and method to protect a resource using an active avatar |
US9065744B2 (en) * | 2011-06-20 | 2015-06-23 | Netscout Systems, Inc. | Performance optimized and configurable state based heuristic for the classification of real-time transport protocol traffic |
WO2012174603A1 (en) * | 2011-06-24 | 2012-12-27 | Honeywell International Inc. | Systems and methods for presenting dvm system information |
US8547975B2 (en) | 2011-06-28 | 2013-10-01 | Verisign, Inc. | Parallel processing for multiple instance real-time monitoring |
US8526470B2 (en) | 2011-07-05 | 2013-09-03 | Ixia | Synchronized commands for network testing |
US8943177B1 (en) * | 2011-07-13 | 2015-01-27 | Google Inc. | Modifying a computer program configuration based on variable-bin histograms |
US8688828B2 (en) * | 2011-08-29 | 2014-04-01 | Cisco Technology, Inc. | Session layer for monitoring utility application traffic |
US8533219B2 (en) * | 2011-09-02 | 2013-09-10 | Bbs Technologies, Inc. | Adjusting one or more trace filters in a database system |
US9298917B2 (en) * | 2011-09-27 | 2016-03-29 | Redwall Technologies, Llc | Enhanced security SCADA systems and methods |
JP5742635B2 (en) * | 2011-09-29 | 2015-07-01 | 東京エレクトロン株式会社 | Substrate processing apparatus, alarm management method for substrate processing apparatus, and storage medium |
US20130086635A1 (en) * | 2011-09-30 | 2013-04-04 | General Electric Company | System and method for communication in a network |
US20130086680A1 (en) * | 2011-09-30 | 2013-04-04 | General Electric Company | System and method for communication in a network |
EP2575065A1 (en) * | 2011-09-30 | 2013-04-03 | General Electric Company | Remote health monitoring system |
US8856936B2 (en) | 2011-10-14 | 2014-10-07 | Albeado Inc. | Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security |
US8839089B2 (en) * | 2011-11-01 | 2014-09-16 | Microsoft Corporation | Multi-dimensional data manipulation and presentation |
US9081959B2 (en) | 2011-12-02 | 2015-07-14 | Invincea, Inc. | Methods and apparatus for control and detection of malicious content using a sandbox environment |
US9356839B2 (en) * | 2011-12-09 | 2016-05-31 | Riverbed Technology, Inc. | Policy aggregation for computing network health |
US8707100B2 (en) | 2011-12-13 | 2014-04-22 | Ixia | Testing a network using randomly distributed commands |
US9741003B2 (en) * | 2011-12-19 | 2017-08-22 | Microsoft Technology Licensing, Llc | Method and system for providing centralized notifications to an administrator |
CN102495619B (en) * | 2011-12-29 | 2013-08-28 | 深圳市再丰达科技有限公司 | Parking lot management system |
US9251535B1 (en) | 2012-01-05 | 2016-02-02 | Juniper Networks, Inc. | Offload of data transfer statistics from a mobile access gateway |
AU2013200491B2 (en) | 2012-01-30 | 2015-02-12 | Joy Global Surface Mining Inc | System and method for remote monitoring of drilling equipment |
EP2624083A1 (en) * | 2012-02-01 | 2013-08-07 | ABB Research Ltd. | Dynamic configuration of an industrial control system |
WO2013154576A1 (en) * | 2012-04-13 | 2013-10-17 | Nokia Siemens Networks Oy | Monitoring suspicious events in a cellular network |
US8966321B2 (en) | 2012-05-09 | 2015-02-24 | Ixia | Logical port and layer protocol test configuration resource manager |
US8843953B1 (en) * | 2012-06-24 | 2014-09-23 | Time Warner Cable Enterprises Llc | Methods and apparatus for providing parental or guardian control and visualization over communications to various devices in the home |
US20220038483A1 (en) * | 2012-06-26 | 2022-02-03 | Aeris Communications, Inc. | Methodology for intelligent pattern detection and anomaly detection in machine to machine communication network |
US8917826B2 (en) | 2012-07-31 | 2014-12-23 | International Business Machines Corporation | Detecting man-in-the-middle attacks in electronic transactions using prompts |
US9392003B2 (en) | 2012-08-23 | 2016-07-12 | Raytheon Foreground Security, Inc. | Internet security cyber threat reporting system and method |
US9258321B2 (en) | 2012-08-23 | 2016-02-09 | Raytheon Foreground Security, Inc. | Automated internet threat detection and mitigation system and associated methods |
US9635037B2 (en) | 2012-09-06 | 2017-04-25 | Waterfall Security Solutions Ltd. | Remote control of secure installations |
US10394946B2 (en) | 2012-09-07 | 2019-08-27 | Splunk Inc. | Refining extraction rules based on selected text within events |
US9594814B2 (en) | 2012-09-07 | 2017-03-14 | Splunk Inc. | Advanced field extractor with modification of an extracted field |
US9047181B2 (en) | 2012-09-07 | 2015-06-02 | Splunk Inc. | Visualization of data from clusters |
US8751963B1 (en) | 2013-01-23 | 2014-06-10 | Splunk Inc. | Real time indication of previously extracted data fields for regular expressions |
US9753909B2 (en) | 2012-09-07 | 2017-09-05 | Splunk, Inc. | Advanced field extractor with multiple positive examples |
US8682906B1 (en) * | 2013-01-23 | 2014-03-25 | Splunk Inc. | Real time display of data field values based on manual editing of regular expressions |
US20140208217A1 (en) | 2013-01-22 | 2014-07-24 | Splunk Inc. | Interface for managing splittable timestamps across event records |
US11477068B2 (en) | 2012-09-27 | 2022-10-18 | Kaseya Limited | Data network notification bar user interface |
US9450819B2 (en) * | 2012-10-12 | 2016-09-20 | Cisco Technology, Inc. | Autonomic network sentinels |
US10025686B2 (en) * | 2012-10-30 | 2018-07-17 | Intel Corporation | Generating and communicating platform event digests from a processor of a system |
US9189644B2 (en) | 2012-12-20 | 2015-11-17 | Bank Of America Corporation | Access requests at IAM system implementing IAM data model |
US9529629B2 (en) * | 2012-12-20 | 2016-12-27 | Bank Of America Corporation | Computing resource inventory system |
US9177139B2 (en) * | 2012-12-30 | 2015-11-03 | Honeywell International Inc. | Control system cyber security |
EP2943843A4 (en) | 2013-01-08 | 2016-10-26 | Secure Nok As | Method, device and computer program for monitoring an industrial control system |
US9152929B2 (en) | 2013-01-23 | 2015-10-06 | Splunk Inc. | Real time display of statistics and values for selected regular expressions |
US9245147B1 (en) * | 2013-01-30 | 2016-01-26 | White Badger Group, LLC | State machine reference monitor for information system security |
US9143517B2 (en) | 2013-01-31 | 2015-09-22 | Hewlett-Packard Development Company, L.P. | Threat exchange information protection |
US9729505B2 (en) | 2013-01-31 | 2017-08-08 | Entit Software Llc | Security threat analysis |
US9456001B2 (en) | 2013-01-31 | 2016-09-27 | Hewlett Packard Enterprise Development Lp | Attack notification |
US9275348B2 (en) | 2013-01-31 | 2016-03-01 | Hewlett Packard Enterprise Development Lp | Identifying participants for collaboration in a threat exchange community |
WO2014120181A1 (en) | 2013-01-31 | 2014-08-07 | Hewlett-Packard Development Company, L.P. | Targeted security alerts |
CN103971056B (en) * | 2013-01-31 | 2016-05-11 | 腾讯科技(深圳)有限公司 | A kind ofly prevent the unloaded method and apparatus of application program in operating system |
US9118603B2 (en) * | 2013-03-08 | 2015-08-25 | Edward Blake MILLER | System and method for managing attempted access of objectionable content and/or tampering with a content filtering device |
US9596245B2 (en) * | 2013-04-04 | 2017-03-14 | Owl Computing Technologies, Inc. | Secure one-way interface for a network device |
US9419975B2 (en) | 2013-04-22 | 2016-08-16 | Waterfall Security Solutions Ltd. | Bi-directional communication over a one-way link |
US10997191B2 (en) | 2013-04-30 | 2021-05-04 | Splunk Inc. | Query-triggered processing of performance data and log data from an information technology environment |
US10614132B2 (en) | 2013-04-30 | 2020-04-07 | Splunk Inc. | GUI-triggered processing of performance data and log data from an information technology environment |
US10225136B2 (en) | 2013-04-30 | 2019-03-05 | Splunk Inc. | Processing of log data and performance data obtained via an application programming interface (API) |
US10318541B2 (en) | 2013-04-30 | 2019-06-11 | Splunk Inc. | Correlating log data with performance measurements having a specified relationship to a threshold value |
US10353957B2 (en) | 2013-04-30 | 2019-07-16 | Splunk Inc. | Processing of performance data and raw log data from an information technology environment |
US10019496B2 (en) | 2013-04-30 | 2018-07-10 | Splunk Inc. | Processing of performance data and log data from an information technology environment by using diverse data stores |
US10346357B2 (en) | 2013-04-30 | 2019-07-09 | Splunk Inc. | Processing of performance data and structure data from an information technology environment |
US10031647B2 (en) | 2013-05-14 | 2018-07-24 | Google Llc | System for universal remote media control in a multi-user, multi-platform, multi-device environment |
US9331894B2 (en) * | 2013-05-31 | 2016-05-03 | International Business Machines Corporation | Information exchange in data center systems |
US20140359694A1 (en) * | 2013-06-03 | 2014-12-04 | eSentire, Inc. | System and method for computer system security |
US9122853B2 (en) | 2013-06-24 | 2015-09-01 | A10 Networks, Inc. | Location determination for user authentication |
US10574548B2 (en) * | 2013-07-31 | 2020-02-25 | Splunk Inc. | Key indicators view |
US20150061858A1 (en) * | 2013-08-28 | 2015-03-05 | Unisys Corporation | Alert filter for defining rules for processing received alerts |
US20150067762A1 (en) * | 2013-09-03 | 2015-03-05 | Samsung Electronics Co., Ltd. | Method and system for configuring smart home gateway firewall |
US9680794B2 (en) | 2013-09-04 | 2017-06-13 | Owl Computing Technologies, Llc | Secure one-way interface for archestra data transfer |
CN103439911B (en) * | 2013-09-11 | 2016-05-04 | 北京四方继保自动化股份有限公司 | A kind of industrial control system method for managing security of various dimensions |
CN103501345B (en) * | 2013-10-12 | 2016-11-09 | 成都阜特科技股份有限公司 | A kind of control method of remote centralized control system |
US9246935B2 (en) | 2013-10-14 | 2016-01-26 | Intuit Inc. | Method and system for dynamic and comprehensive vulnerability management |
US9148869B2 (en) | 2013-10-15 | 2015-09-29 | The Toronto-Dominion Bank | Location-based account activity alerts |
US8667589B1 (en) * | 2013-10-27 | 2014-03-04 | Konstantin Saprygin | Protection against unauthorized access to automated system for control of technological processes |
US8779919B1 (en) * | 2013-11-03 | 2014-07-15 | Instant Care, Inc. | Event communication apparatus and method |
WO2015063000A1 (en) * | 2013-11-04 | 2015-05-07 | Koninklijke Philips N.V. | Method of notifying a user on a task on an apparatus |
US11165770B1 (en) | 2013-12-06 | 2021-11-02 | A10 Networks, Inc. | Biometric verification of a human internet user |
US10436977B2 (en) | 2013-12-11 | 2019-10-08 | Ademco Inc. | Building automation system setup using a remote control device |
US9794278B1 (en) * | 2013-12-19 | 2017-10-17 | Symantec Corporation | Network-based whitelisting approach for critical systems |
US9501345B1 (en) | 2013-12-23 | 2016-11-22 | Intuit Inc. | Method and system for creating enriched log data |
US10225347B2 (en) * | 2013-12-24 | 2019-03-05 | Verizon Patent And Licensing Inc. | Message controlled appliances |
US9323926B2 (en) | 2013-12-30 | 2016-04-26 | Intuit Inc. | Method and system for intrusion and extrusion detection |
US9742624B2 (en) * | 2014-01-21 | 2017-08-22 | Oracle International Corporation | Logging incident manager |
US9311810B2 (en) | 2014-01-23 | 2016-04-12 | General Electric Company | Implementing standardized behaviors in a hosting device |
DE102014201592A1 (en) * | 2014-01-29 | 2015-07-30 | Siemens Aktiengesellschaft | Methods and apparatus for detecting autonomous, self-propagating software |
US20150304343A1 (en) | 2014-04-18 | 2015-10-22 | Intuit Inc. | Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment |
US9325726B2 (en) | 2014-02-03 | 2016-04-26 | Intuit Inc. | Method and system for virtual asset assisted extrusion and intrusion detection in a cloud computing environment |
EP2908195B1 (en) * | 2014-02-13 | 2017-07-05 | Siemens Aktiengesellschaft | Method for monitoring security in an automation network, and automation network |
US9866581B2 (en) | 2014-06-30 | 2018-01-09 | Intuit Inc. | Method and system for secure delivery of information to computing environments |
US10757133B2 (en) | 2014-02-21 | 2020-08-25 | Intuit Inc. | Method and system for creating and deploying virtual assets |
CN105934916B (en) * | 2014-02-23 | 2021-01-08 | 英特尔公司 | Orchestrating and managing services to deployed devices |
US11405410B2 (en) * | 2014-02-24 | 2022-08-02 | Cyphort Inc. | System and method for detecting lateral movement and data exfiltration |
US9276945B2 (en) | 2014-04-07 | 2016-03-01 | Intuit Inc. | Method and system for providing security aware applications |
JP6252254B2 (en) * | 2014-02-28 | 2017-12-27 | 富士通株式会社 | Monitoring program, monitoring method and monitoring apparatus |
WO2015134572A1 (en) * | 2014-03-06 | 2015-09-11 | Foreground Security | Internet security cyber threat reporting |
US9245117B2 (en) | 2014-03-31 | 2016-01-26 | Intuit Inc. | Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems |
US11294700B2 (en) | 2014-04-18 | 2022-04-05 | Intuit Inc. | Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets |
US9374389B2 (en) | 2014-04-25 | 2016-06-21 | Intuit Inc. | Method and system for ensuring an application conforms with security and regulatory controls prior to deployment |
US9900322B2 (en) | 2014-04-30 | 2018-02-20 | Intuit Inc. | Method and system for providing permissions management |
US9235982B2 (en) * | 2014-05-06 | 2016-01-12 | International Business Machines Corporation | Determining alert criteria in a network environment |
US9330263B2 (en) | 2014-05-27 | 2016-05-03 | Intuit Inc. | Method and apparatus for automating the building of threat models for the public cloud |
US9634951B1 (en) * | 2014-06-12 | 2017-04-25 | Tripwire, Inc. | Autonomous agent messaging |
US10313257B1 (en) | 2014-06-12 | 2019-06-04 | Tripwire, Inc. | Agent message delivery fairness |
US10182046B1 (en) * | 2015-06-23 | 2019-01-15 | Amazon Technologies, Inc. | Detecting a network crawler |
US9575987B2 (en) | 2014-06-23 | 2017-02-21 | Owl Computing Technologies, Inc. | System and method for providing assured database updates via a one-way data link |
US9917759B2 (en) * | 2014-07-21 | 2018-03-13 | Ca, Inc. | Incident-based adaptive monitoring of information in a distributed computing environment |
US10102082B2 (en) | 2014-07-31 | 2018-10-16 | Intuit Inc. | Method and system for providing automated self-healing virtual assets |
US9473481B2 (en) | 2014-07-31 | 2016-10-18 | Intuit Inc. | Method and system for providing a virtual asset perimeter |
US20160092045A1 (en) | 2014-09-30 | 2016-03-31 | Splunk, Inc. | Event View Selector |
US11231840B1 (en) | 2014-10-05 | 2022-01-25 | Splunk Inc. | Statistics chart row mode drill down |
US10795555B2 (en) | 2014-10-05 | 2020-10-06 | Splunk Inc. | Statistics value chart interface row mode drill down |
IL235175A (en) | 2014-10-19 | 2017-08-31 | Frenkel Lior | Secure remote desktop |
US9489517B2 (en) * | 2014-10-21 | 2016-11-08 | Fujitsu Limited | Determining an attack surface of software |
US9960975B1 (en) * | 2014-11-05 | 2018-05-01 | Amazon Technologies, Inc. | Analyzing distributed datasets |
DE102014226398A1 (en) * | 2014-12-18 | 2016-06-23 | Siemens Aktiengesellschaft | Method and device for the feedback-free acquisition of data |
US11023449B2 (en) * | 2014-12-19 | 2021-06-01 | EMC IP Holding Company LLC | Method and system to search logs that contain a massive number of entries |
US10021137B2 (en) * | 2014-12-27 | 2018-07-10 | Mcafee, Llc | Real-time mobile security posture |
WO2017078986A1 (en) | 2014-12-29 | 2017-05-11 | Cyence Inc. | Diversity analysis with actionable feedback methodologies |
US10341376B2 (en) | 2014-12-29 | 2019-07-02 | Guidewire Software, Inc. | Diversity analysis with actionable feedback methodologies |
US9699209B2 (en) | 2014-12-29 | 2017-07-04 | Cyence Inc. | Cyber vulnerability scan analyses with actionable feedback |
US11855768B2 (en) | 2014-12-29 | 2023-12-26 | Guidewire Software, Inc. | Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information |
US11863590B2 (en) | 2014-12-29 | 2024-01-02 | Guidewire Software, Inc. | Inferential analysis using feedback for extracting and combining cyber risk information |
US10050989B2 (en) | 2014-12-29 | 2018-08-14 | Guidewire Software, Inc. | Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses |
US10050990B2 (en) | 2014-12-29 | 2018-08-14 | Guidewire Software, Inc. | Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information |
US11817993B2 (en) | 2015-01-27 | 2023-11-14 | Dell Products L.P. | System for decomposing events and unstructured data |
US11362881B2 (en) * | 2015-01-27 | 2022-06-14 | Moogsoft Inc. | Distributed system for self updating agents and provides security |
US11924018B2 (en) | 2015-01-27 | 2024-03-05 | Dell Products L.P. | System for decomposing events and unstructured data |
US10061824B2 (en) | 2015-01-30 | 2018-08-28 | Splunk Inc. | Cell-based table manipulation of event data |
US9842160B2 (en) | 2015-01-30 | 2017-12-12 | Splunk, Inc. | Defining fields from particular occurences of field labels in events |
US10726037B2 (en) | 2015-01-30 | 2020-07-28 | Splunk Inc. | Automatic field extraction from filed values |
US9922082B2 (en) | 2015-01-30 | 2018-03-20 | Splunk Inc. | Enforcing dependency between pipelines |
US9916346B2 (en) | 2015-01-30 | 2018-03-13 | Splunk Inc. | Interactive command entry list |
US9977803B2 (en) | 2015-01-30 | 2018-05-22 | Splunk Inc. | Column-based table manipulation of event data |
US10013454B2 (en) | 2015-01-30 | 2018-07-03 | Splunk Inc. | Text-based table manipulation of event data |
US10915583B2 (en) | 2015-01-30 | 2021-02-09 | Splunk Inc. | Suggested field extraction |
US9922084B2 (en) | 2015-01-30 | 2018-03-20 | Splunk Inc. | Events sets in a visually distinct display format |
US11442924B2 (en) | 2015-01-30 | 2022-09-13 | Splunk Inc. | Selective filtered summary graph |
US11544248B2 (en) | 2015-01-30 | 2023-01-03 | Splunk Inc. | Selective query loading across query interfaces |
US11615073B2 (en) | 2015-01-30 | 2023-03-28 | Splunk Inc. | Supplementing events displayed in a table format |
EP3065076A1 (en) * | 2015-03-04 | 2016-09-07 | Secure-Nok AS | System and method for responding to a cyber-attack-related incident against an industrial control system |
US10404748B2 (en) | 2015-03-31 | 2019-09-03 | Guidewire Software, Inc. | Cyber risk analysis and remediation using network monitored sensors and methods of use |
US9350750B1 (en) * | 2015-04-03 | 2016-05-24 | Area 1 Security, Inc. | Distribution of security rules among sensor computers |
US10261489B2 (en) | 2015-04-15 | 2019-04-16 | Indegy Ltd. | Detection of mis-configuration and hostile attacks in industrial control networks using active querying |
US9917753B2 (en) * | 2015-06-12 | 2018-03-13 | Level 3 Communications, Llc | Network operational flaw detection using metrics |
US10290022B1 (en) | 2015-06-23 | 2019-05-14 | Amazon Technologies, Inc. | Targeting content based on user characteristics |
US10275320B2 (en) * | 2015-06-26 | 2019-04-30 | Commvault Systems, Inc. | Incrementally accumulating in-process performance data and hierarchical reporting thereof for a data stream in a secondary copy operation |
US9923758B2 (en) * | 2015-06-30 | 2018-03-20 | Ca, Inc. | Alert damage index |
US10305744B2 (en) * | 2015-07-08 | 2019-05-28 | Fedex Corporate Services, Inc. | System, apparatus, and methods of event monitoring for an event candidate related to an ID node within a wireless node network |
EP3281114A4 (en) * | 2015-07-16 | 2018-03-14 | Canfield, Raymond | Cyber security system and method using intelligent agents |
US10015178B2 (en) * | 2015-07-28 | 2018-07-03 | Sap Se | Real-time contextual monitoring intrusion detection and prevention |
US10419452B2 (en) | 2015-07-28 | 2019-09-17 | Sap Se | Contextual monitoring and tracking of SSH sessions |
US10158657B1 (en) * | 2015-08-06 | 2018-12-18 | Microsoft Technology Licensing Llc | Rating IP addresses based on interactions between users and an online service |
US9641544B1 (en) | 2015-09-18 | 2017-05-02 | Palo Alto Networks, Inc. | Automated insider threat prevention |
US20170093887A1 (en) * | 2015-09-24 | 2017-03-30 | General Electric Company | Network command evaluation and response system |
US10326789B1 (en) * | 2015-09-25 | 2019-06-18 | Amazon Technologies, Inc. | Web Bot detection and human differentiation |
EP3151152B1 (en) * | 2015-09-30 | 2020-04-08 | Secure-Nok AS | Non-intrusive software agent for monitoring and detection of cyber security events and cyber-attacks in an industrial control system |
US10375026B2 (en) * | 2015-10-28 | 2019-08-06 | Shape Security, Inc. | Web transaction status tracking |
US20210226927A1 (en) * | 2015-10-28 | 2021-07-22 | Qomplx, Inc. | System and method for fingerprint-based network mapping of cyber-physical assets |
US10324956B1 (en) | 2015-11-11 | 2019-06-18 | Microsoft Technology Licensing, Llc | Automatically mapping organizations to addresses |
US10955810B2 (en) * | 2015-11-13 | 2021-03-23 | International Business Machines Corporation | Monitoring communications flow in an industrial system to detect and mitigate hazardous conditions |
US9894036B2 (en) | 2015-11-17 | 2018-02-13 | Cyber Adapt, Inc. | Cyber threat attenuation using multi-source threat data analysis |
EP3171567B1 (en) * | 2015-11-23 | 2018-10-24 | Alcatel Lucent | Advanced persistent threat detection |
IL242808A0 (en) * | 2015-11-26 | 2016-04-21 | Rafael Advanced Defense Sys | System and method for detecting a cyber-attack at scada/ics managed plants |
US9929970B1 (en) | 2015-12-03 | 2018-03-27 | Innovium, Inc. | Efficient resource tracking |
US10366129B2 (en) | 2015-12-04 | 2019-07-30 | Bank Of America Corporation | Data security threat control monitoring system |
US10218589B1 (en) | 2015-12-17 | 2019-02-26 | Innovium, Inc. | Efficient resource status reporting apparatuses |
CN105607954B (en) * | 2015-12-21 | 2019-05-14 | 华南师范大学 | A kind of method and apparatus that stateful container migrates online |
US10154046B2 (en) | 2015-12-28 | 2018-12-11 | Schneider Electric USA, Inc. | System and method for evaluation and response to cyber security exposure in an embedded control device |
IL250010B (en) | 2016-02-14 | 2020-04-30 | Waterfall Security Solutions Ltd | Secure connection with protected facilities |
US10432429B1 (en) | 2016-02-16 | 2019-10-01 | Innovium, Inc. | Efficient traffic management |
US10027699B2 (en) * | 2016-03-10 | 2018-07-17 | Siemens Aktiengesellschaft | Production process knowledge-based intrusion detection for industrial control systems |
US10135817B2 (en) | 2016-03-28 | 2018-11-20 | Bank Of America Corporation | Enhancing authentication and source of proof through a dynamically updatable biometrics database |
US10039113B2 (en) | 2016-03-28 | 2018-07-31 | Bank Of America Corporation | Intelligent resource procurement system based on physical proximity to related resources |
US9743272B1 (en) | 2016-03-28 | 2017-08-22 | Bank Of America Corporation | Security implementation for resource distribution |
US10080132B2 (en) | 2016-03-28 | 2018-09-18 | Bank Of America Corporation | System for adaptation of multiple digital signatures in a distributed network |
US11108793B2 (en) * | 2016-04-29 | 2021-08-31 | Vmware, Inc. | Preemptive alerts in a connected environment |
US10796253B2 (en) | 2016-06-17 | 2020-10-06 | Bank Of America Corporation | System for resource use allocation and distribution |
US10038607B2 (en) | 2016-06-17 | 2018-07-31 | Bank Of America Corporation | System for aggregated machine-initiated resource distribution |
US10103936B2 (en) | 2016-06-21 | 2018-10-16 | Bank Of America Corporation | Computerized resource reallocation system for transferring resource blocks based on custodian event |
US10334462B2 (en) * | 2016-06-23 | 2019-06-25 | Bank Of America Corporation | Predictive analytics for resource development based on information communicated from inter-related communication devices |
US10439913B2 (en) | 2016-07-01 | 2019-10-08 | Bank Of America Corporation | Dynamic replacement and upgrade of existing resources based on resource utilization |
JP6690469B2 (en) * | 2016-08-26 | 2020-04-28 | 富士通株式会社 | Control program, control method, and information processing apparatus |
JP6786960B2 (en) | 2016-08-26 | 2020-11-18 | 富士通株式会社 | Cyber attack analysis support program, cyber attack analysis support method and cyber attack analysis support device |
US10242187B1 (en) * | 2016-09-14 | 2019-03-26 | Symantec Corporation | Systems and methods for providing integrated security management |
US10685279B2 (en) | 2016-09-26 | 2020-06-16 | Splunk Inc. | Automatically generating field extraction recommendations |
US10909140B2 (en) * | 2016-09-26 | 2021-02-02 | Splunk Inc. | Clustering events based on extraction rules |
US10127400B2 (en) | 2016-09-26 | 2018-11-13 | Bank Of America Corporation | Control device for aggregation and distribution of machine-initiated resource distribution |
US10467632B1 (en) * | 2016-12-13 | 2019-11-05 | Massachusetts Mutual Life Insurance Company | Systems and methods for a multi-tiered fraud alert review |
US10771483B2 (en) * | 2016-12-30 | 2020-09-08 | British Telecommunications Public Limited Company | Identifying an attacked computing device |
US10572658B2 (en) * | 2017-01-23 | 2020-02-25 | Paypal, Inc. | Identifying computer behavior using visual data organization and graphs |
EP3373181A1 (en) * | 2017-03-09 | 2018-09-12 | Siemens Aktiengesellschaft | Method and computers to control protection measures against cyber criminal threats |
US10230690B2 (en) * | 2017-03-23 | 2019-03-12 | International Business Machines Corporation | Digital media content distribution blocking |
US10440037B2 (en) * | 2017-03-31 | 2019-10-08 | Mcafee, Llc | Identifying malware-suspect end points through entropy changes in consolidated logs |
US10826925B2 (en) * | 2017-04-28 | 2020-11-03 | Honeywell International Inc. | Consolidated enterprise view of cybersecurity data from multiple sites |
US10977361B2 (en) | 2017-05-16 | 2021-04-13 | Beyondtrust Software, Inc. | Systems and methods for controlling privileged operations |
RU2651196C1 (en) * | 2017-06-16 | 2018-04-18 | Акционерное общество "Лаборатория Касперского" | Method of the anomalous events detecting by the event digest popularity |
US10560487B2 (en) | 2017-07-26 | 2020-02-11 | International Business Machines Corporation | Intrusion detection and mitigation in data processing |
US10931637B2 (en) | 2017-09-15 | 2021-02-23 | Palo Alto Networks, Inc. | Outbound/inbound lateral traffic punting based on process risk |
US10855656B2 (en) | 2017-09-15 | 2020-12-01 | Palo Alto Networks, Inc. | Fine-grained firewall policy enforcement using session app ID and endpoint process ID correlation |
WO2019060326A1 (en) * | 2017-09-20 | 2019-03-28 | University Of Utah Research Foundation | Parsing system event logs while streaming |
EP3480672B1 (en) * | 2017-11-06 | 2020-02-19 | Siemens Aktiengesellschaft | Method for identifying and indicating operator access to process objects and operator system |
SE1751567A1 (en) * | 2017-12-18 | 2019-06-19 | Komatsu Forest Ab | Work machine and method for monitoring a control system at a work machine |
EP3525054A1 (en) * | 2018-02-07 | 2019-08-14 | Siemens Aktiengesellschaft | An intrusion detection system for detection of intrusions in an automated infrastructure |
AU2019201137B2 (en) * | 2018-02-20 | 2023-11-16 | Darktrace Holdings Limited | A cyber security appliance for a cloud infrastructure |
US11463457B2 (en) * | 2018-02-20 | 2022-10-04 | Darktrace Holdings Limited | Artificial intelligence (AI) based cyber threat analyst to support a cyber security appliance |
US10169135B1 (en) * | 2018-03-02 | 2019-01-01 | Uptake Technologies, Inc. | Computer system and method of detecting manufacturing network anomalies |
US10554518B1 (en) | 2018-03-02 | 2020-02-04 | Uptake Technologies, Inc. | Computer system and method for evaluating health of nodes in a manufacturing network |
JP7163593B2 (en) * | 2018-03-09 | 2022-11-01 | 富士通株式会社 | Fraud monitoring program, fraud monitoring method, and information processing device |
WO2019197989A1 (en) * | 2018-04-09 | 2019-10-17 | Cervello Ltd. | Methods systems devices circuits and functionally related machine executable instructions for transportation management network cybersecurity |
US10999304B2 (en) | 2018-04-11 | 2021-05-04 | Palo Alto Networks (Israel Analytics) Ltd. | Bind shell attack detection |
US11122064B2 (en) * | 2018-04-23 | 2021-09-14 | Micro Focus Llc | Unauthorized authentication event detection |
US11700279B2 (en) * | 2018-06-29 | 2023-07-11 | Corvid Cyberdefense, Llc | Integrated security and threat prevention and detection platform |
US10602099B2 (en) * | 2018-07-10 | 2020-03-24 | Saudi Arabian Oil Company | Cogen-mom integration using tabulated information recognition |
US10986117B1 (en) * | 2018-08-07 | 2021-04-20 | Ca, Inc. | Systems and methods for providing an integrated cyber threat defense exchange platform |
US10740134B2 (en) | 2018-08-20 | 2020-08-11 | Interwise Ltd. | Agentless personal network firewall in virtualized datacenters |
US11212322B2 (en) * | 2018-10-10 | 2021-12-28 | Rockwelll Automation Technologies, Inc. | Automated discovery of security policy from design data |
US11025657B2 (en) * | 2018-12-13 | 2021-06-01 | Imperva, Inc. | Selective database logging with smart sampling |
US20200192572A1 (en) | 2018-12-14 | 2020-06-18 | Commvault Systems, Inc. | Disk usage growth prediction system |
US11184377B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Malicious port scan detection using source profiles |
US11184378B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Scanner probe detection |
US11184376B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Port scan detection using destination profiles |
EP3924946A4 (en) * | 2019-02-15 | 2023-11-01 | AVEVA Software, LLC | Process mapping and monitoring using artificial intelligence |
US10949322B2 (en) * | 2019-04-08 | 2021-03-16 | Hewlett Packard Enterprise Development Lp | Collecting performance metrics of a device |
GB2584018B (en) | 2019-04-26 | 2022-04-13 | Beyondtrust Software Inc | Root-level application selective configuration |
EP3966648A1 (en) * | 2019-05-09 | 2022-03-16 | Dürr Systems AG | Analysis method and devices therefor |
KR20220007877A (en) | 2019-05-09 | 2022-01-19 | 듀르 시스템스 아게 | Workpiece control method, control system and machining system |
EP3966649A1 (en) | 2019-05-09 | 2022-03-16 | Dürr Systems AG | Analysis method and devices for same |
CN110191017B (en) * | 2019-05-28 | 2021-09-10 | 上海尚往网络科技有限公司 | Monitoring system and method for monitoring routing equipment abnormity |
CN114245897A (en) | 2019-06-21 | 2022-03-25 | 赛姆普蒂夫技术公司 | Method for preventing root level access attacks and measurable SLA security and compliance platform |
CN110543452B (en) * | 2019-08-07 | 2022-07-05 | 浙江大华技术股份有限公司 | Data acquisition method and equipment |
CA3168656A1 (en) * | 2020-01-22 | 2021-07-29 | Siemens Industry, Inc. | Real-time and independent cyber-attack monitoring and automatic cyber-attack response system |
US20210286879A1 (en) * | 2020-03-13 | 2021-09-16 | International Business Machines Corporation | Displaying Cyber Threat Data in a Narrative |
US11698845B2 (en) * | 2020-03-20 | 2023-07-11 | UncommonX Inc. | Evaluation rating of a system or portion thereof |
US11140553B1 (en) * | 2020-05-21 | 2021-10-05 | Motorola Solutions, Inc. | Threat detection and mitigation for remote wireless communication network control systems |
US11449407B2 (en) | 2020-05-28 | 2022-09-20 | Bank Of America Corporation | System and method for monitoring computing platform parameters and dynamically generating and deploying monitoring packages |
US10958523B1 (en) | 2020-07-28 | 2021-03-23 | Bank Of America Corporation | Consistent deployment of monitoring configurations on multiple computing systems |
US11188437B1 (en) | 2020-07-30 | 2021-11-30 | Bank Of America Corporation | Remote deployment of monitoring agents on computing systems |
US11341830B2 (en) | 2020-08-06 | 2022-05-24 | Saudi Arabian Oil Company | Infrastructure construction digital integrated twin (ICDIT) |
US11509680B2 (en) * | 2020-09-30 | 2022-11-22 | Palo Alto Networks (Israel Analytics) Ltd. | Classification of cyber-alerts into security incidents |
US11461166B2 (en) | 2020-11-10 | 2022-10-04 | Sap Se | Intelligent integration error handling in enterprise systems |
CN112887267A (en) * | 2021-01-05 | 2021-06-01 | 天津七所精密机电技术有限公司 | Network isolation system with message authentication function and method thereof |
US11687053B2 (en) | 2021-03-08 | 2023-06-27 | Saudi Arabian Oil Company | Intelligent safety motor control center (ISMCC) |
CN112994990B (en) * | 2021-05-20 | 2021-07-30 | 蚂蚁金服(杭州)网络技术有限公司 | Loop detection method and device, electronic equipment and storage medium |
FR3123527A1 (en) * | 2021-05-28 | 2022-12-02 | Orange | Network monitoring method, associated device and system |
CN113344554A (en) * | 2021-08-06 | 2021-09-03 | 捷尔杰(天津)设备有限公司 | Digital solution method and system for auditing hierarchical process of factory |
CN113472821A (en) * | 2021-09-06 | 2021-10-01 | 成都卡莱博尔信息技术股份有限公司 | Data acquisition and management integrated method, system, device and storage medium |
CA3130972C (en) | 2021-09-16 | 2024-04-09 | Cameron Mackenzie Clark | Wearable device that provides spaced retrieval alerts to assist the wearer to remember desired information |
US11936621B2 (en) * | 2021-11-19 | 2024-03-19 | The Bank Of New York Mellon | Firewall drift monitoring and detection |
US11777823B1 (en) | 2021-11-24 | 2023-10-03 | Amazon Technologies, Inc. | Metric anomaly detection across high-scale data |
CN114301712B (en) * | 2021-12-31 | 2023-04-07 | 西安交通大学 | Industrial internet alarm log correlation analysis method and system based on graph method |
US11799880B2 (en) | 2022-01-10 | 2023-10-24 | Palo Alto Networks (Israel Analytics) Ltd. | Network adaptive alert prioritization system |
US11880266B2 (en) | 2022-05-04 | 2024-01-23 | Target Brands, Inc. | Malfunction monitor for computing devices |
WO2024063761A1 (en) * | 2022-09-21 | 2024-03-28 | Rakuten Mobile, Inc. | Alarm tracking system and method |
CN116149226B (en) * | 2023-02-22 | 2023-11-10 | 山东中安电力科技有限公司 | Switch cabinet remote control system based on data analysis |
CN116722941B (en) * | 2023-08-10 | 2023-10-20 | 南方电网数字电网研究院有限公司 | Interactive verification method and device based on alarm information and secondary network data |
Family Cites Families (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5144659A (en) * | 1989-04-19 | 1992-09-01 | Richard P. Jones | Computer file protection system |
US5050212A (en) * | 1990-06-20 | 1991-09-17 | Apple Computer, Inc. | Method and apparatus for verifying the integrity of a file stored separately from a computer |
US5475844A (en) * | 1992-11-27 | 1995-12-12 | Nec Corporation | Heavily loaded resource evaluation system |
JP2541460B2 (en) * | 1993-07-30 | 1996-10-09 | 日本電気株式会社 | User status broadcasting with transmission restrictions |
US5619656A (en) | 1994-05-05 | 1997-04-08 | Openservice, Inc. | System for uninterruptively displaying only relevant and non-redundant alert message of the highest severity for specific condition associated with group of computers being managed |
US5608865A (en) * | 1995-03-14 | 1997-03-04 | Network Integrity, Inc. | Stand-in Computer file server providing fast recovery from computer file server failures |
US6181981B1 (en) * | 1996-05-15 | 2001-01-30 | Marconi Communications Limited | Apparatus and method for improved vending machine inventory maintenance |
US6119236A (en) * | 1996-10-07 | 2000-09-12 | Shipley; Peter M. | Intelligent network security device and method |
US6374305B1 (en) * | 1997-07-21 | 2002-04-16 | Oracle Corporation | Web applications interface system in a mobile-based client-server system |
US6279113B1 (en) * | 1998-03-16 | 2001-08-21 | Internet Tools, Inc. | Dynamic signature inspection-based network intrusion detection |
US6914893B2 (en) * | 1998-06-22 | 2005-07-05 | Statsignal Ipc, Llc | System and method for monitoring and controlling remote devices |
US6615091B1 (en) * | 1998-06-26 | 2003-09-02 | Eveready Battery Company, Inc. | Control system and method therefor |
US6367034B1 (en) * | 1998-09-21 | 2002-04-02 | Microsoft Corporation | Using query language for event filtering and aggregation |
US6560611B1 (en) * | 1998-10-13 | 2003-05-06 | Netarx, Inc. | Method, apparatus, and article of manufacture for a network monitoring system |
US6574666B1 (en) | 1998-10-22 | 2003-06-03 | At&T Corp. | System and method for dynamic retrieval loading and deletion of packet rules in a network firewall |
US6550012B1 (en) | 1998-12-11 | 2003-04-15 | Network Associates, Inc. | Active firewall system and methodology |
US6361034B1 (en) * | 1999-03-03 | 2002-03-26 | Kurt Manufacturing Company, Inc. | Magnetic insert in jaw plate for holding vise parallels |
US6405318B1 (en) * | 1999-03-12 | 2002-06-11 | Psionic Software, Inc. | Intrusion detection system |
US6377955B1 (en) * | 1999-03-30 | 2002-04-23 | Cisco Technology, Inc. | Method and apparatus for generating user-specified reports from radius information |
US6438374B1 (en) * | 1999-05-26 | 2002-08-20 | Lucent Technologies Inc. | Dynamic multi-step overload control for message processing in wireless communication service network |
US6944774B2 (en) * | 1999-06-18 | 2005-09-13 | Zoom Telephonics, Inc. | Data flow control unit |
US6714977B1 (en) * | 1999-10-27 | 2004-03-30 | Netbotz, Inc. | Method and system for monitoring computer networks and equipment |
US20010044840A1 (en) * | 1999-12-13 | 2001-11-22 | Live Networking, Inc. | Method and system for real-tme monitoring and administration of computer networks |
AT412196B (en) * | 2000-03-17 | 2004-11-25 | Keba Ag | METHOD FOR ASSIGNING A MOBILE OPERATING AND / OR OBSERVATION DEVICE TO A MACHINE AND OPERATING AND / OR OBSERVATION DEVICE THEREFOR |
US6519703B1 (en) * | 2000-04-14 | 2003-02-11 | James B. Joyce | Methods and apparatus for heuristic firewall |
US6971018B1 (en) * | 2000-04-28 | 2005-11-29 | Microsoft Corporation | File protection service for a computer system |
US7134141B2 (en) * | 2000-06-12 | 2006-11-07 | Hewlett-Packard Development Company, L.P. | System and method for host and network based intrusion detection and response |
US20020032871A1 (en) * | 2000-09-08 | 2002-03-14 | The Regents Of The University Of Michigan | Method and system for detecting, tracking and blocking denial of service attacks over a computer network |
US20020066034A1 (en) * | 2000-10-24 | 2002-05-30 | Schlossberg Barry J. | Distributed network security deception system |
US20020065898A1 (en) * | 2000-11-27 | 2002-05-30 | Daniel Leontiev | Remote Internet control of instruments |
US20020078382A1 (en) * | 2000-11-29 | 2002-06-20 | Ali Sheikh | Scalable system for monitoring network system and components and methodology therefore |
US6973336B2 (en) * | 2000-12-20 | 2005-12-06 | Nokia Corp | Method and apparatus for providing a notification of received message |
US7296070B2 (en) * | 2000-12-22 | 2007-11-13 | Tier-3 Pty. Ltd. | Integrated monitoring system |
US7058710B2 (en) * | 2001-02-22 | 2006-06-06 | Koyo Musen Corporation | Collecting, analyzing, consolidating, delivering and utilizing data relating to a current event |
US7284267B1 (en) * | 2001-03-08 | 2007-10-16 | Mcafee, Inc. | Automatically configuring a computer firewall based on network connection |
US7747764B2 (en) * | 2001-04-20 | 2010-06-29 | Rockwell Automation Technologies, Inc. | Web access for non-TCP/IP control devices of an industrial control system |
US6609083B2 (en) * | 2001-06-01 | 2003-08-19 | Hewlett-Packard Development Company, L.P. | Adaptive performance data measurement and collections |
US6832332B2 (en) * | 2001-06-22 | 2004-12-14 | Honeywell International Inc. | Automatic detection and correction of marginal data in polling loop system |
US6912533B1 (en) * | 2001-07-31 | 2005-06-28 | Oracle International Corporation | Data mining agents for efficient hardware utilization |
US20030097557A1 (en) * | 2001-10-31 | 2003-05-22 | Tarquini Richard Paul | Method, node and computer readable medium for performing multiple signature matching in an intrusion prevention system |
US6973590B1 (en) * | 2001-11-14 | 2005-12-06 | Unisys Corporation | Terminating a child process without risk of data corruption to a shared resource for subsequent processes |
US7325248B2 (en) * | 2001-11-19 | 2008-01-29 | Stonesoft Corporation | Personal firewall with location dependent functionality |
US20030163608A1 (en) * | 2002-02-21 | 2003-08-28 | Ashutosh Tiwary | Instrumentation and workload recording for a system for performance testing of N-tiered computer systems using recording and playback of workloads |
US6880051B2 (en) * | 2002-03-14 | 2005-04-12 | International Business Machines Corporation | Method, system, and program for maintaining backup copies of files in a backup storage device |
US7484097B2 (en) * | 2002-04-04 | 2009-01-27 | Symantec Corporation | Method and system for communicating data to and from network security devices |
US7373666B2 (en) * | 2002-07-01 | 2008-05-13 | Microsoft Corporation | Distributed threat management |
US7376969B1 (en) * | 2002-12-02 | 2008-05-20 | Arcsight, Inc. | Real time monitoring and analysis of events from multiple network security devices |
US7043505B1 (en) * | 2003-01-28 | 2006-05-09 | Unisys Corporation | Method variation for collecting stability data from proprietary systems |
US8024795B2 (en) * | 2003-05-09 | 2011-09-20 | Q1 Labs, Inc. | Network intelligence system |
US7246156B2 (en) * | 2003-06-09 | 2007-07-17 | Industrial Defender, Inc. | Method and computer program product for monitoring an industrial network |
US20070050777A1 (en) * | 2003-06-09 | 2007-03-01 | Hutchinson Thomas W | Duration of alerts and scanning of large data stores |
US20050183143A1 (en) * | 2004-02-13 | 2005-08-18 | Anderholm Eric J. | Methods and systems for monitoring user, application or device activity |
WO2005109212A2 (en) * | 2004-04-30 | 2005-11-17 | Commvault Systems, Inc. | Hierarchical systems providing unified of storage information |
US7380171B2 (en) * | 2004-12-06 | 2008-05-27 | Microsoft Corporation | Controlling software failure data reporting and responses |
US7395187B2 (en) * | 2006-02-06 | 2008-07-01 | International Business Machines Corporation | System and method for recording behavior history for abnormality detection |
-
2004
- 2004-03-31 US US10/815,222 patent/US7246156B2/en not_active Expired - Lifetime
- 2004-06-08 EP EP04754670A patent/EP1636704A4/en not_active Withdrawn
- 2004-06-08 CA CA2526759A patent/CA2526759C/en active Active
- 2004-06-08 AU AU2004248605A patent/AU2004248605B2/en active Active
- 2004-06-08 WO PCT/US2004/018118 patent/WO2004111785A2/en active Application Filing
-
2005
- 2005-04-08 US US11/102,050 patent/US20050182969A1/en not_active Abandoned
-
2007
- 2007-05-30 US US11/807,699 patent/US7779119B2/en active Active
- 2007-05-30 US US11/807,877 patent/US20100023598A9/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
CA2526759C (en) | 2011-08-16 |
AU2004248605B2 (en) | 2009-08-13 |
US7779119B2 (en) | 2010-08-17 |
US20080209033A1 (en) | 2008-08-28 |
WO2004111785A3 (en) | 2005-12-22 |
US20050015624A1 (en) | 2005-01-20 |
US20100023598A9 (en) | 2010-01-28 |
US7246156B2 (en) | 2007-07-17 |
US20100064039A9 (en) | 2010-03-11 |
US20050182969A1 (en) | 2005-08-18 |
EP1636704A2 (en) | 2006-03-22 |
EP1636704A4 (en) | 2008-06-11 |
US20070294369A1 (en) | 2007-12-20 |
WO2004111785A2 (en) | 2004-12-23 |
AU2004248605A1 (en) | 2004-12-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2526759A1 (en) | Event monitoring and management | |
US9973520B2 (en) | Explaining causes of network anomalies | |
US7024548B1 (en) | Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device | |
US20030084322A1 (en) | System and method of an OS-integrated intrusion detection and anti-virus system | |
US8256003B2 (en) | Real-time network malware protection | |
US7937760B2 (en) | System security agent authentication and alert distribution | |
US20090271504A1 (en) | Techniques for agent configuration | |
US8904529B2 (en) | Automated deployment of protection agents to devices connected to a computer network | |
US9928359B1 (en) | System and methods for providing security to an endpoint device | |
WO2015193647A1 (en) | Ineffective network equipment identification | |
WO2011084409A1 (en) | Computer security process monitor | |
US8726384B2 (en) | Apparatus, and system for determining and cautioning users of internet connected clients of potentially malicious software and method for operating such | |
CN105516081A (en) | Method and system for issuing safety strategy by server and message queue middleware | |
US20120192272A1 (en) | Mitigating multi-AET attacks | |
CN113449302A (en) | Method for detecting malicious software | |
Peddireddy et al. | Multiagent network security system using FIPA-OS | |
KR101343693B1 (en) | Network security system and method for process thereof | |
CN114205169B (en) | Network security defense method, device and system | |
CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
Alim et al. | IDSUDA: An Intrusion Detection System Using Distributed Agents | |
KR20140059403A (en) | Linked network security system and method based on virtualization in the separate network environment | |
Allan | Intrusion Detection Systems (IDSs): Perspective | |
CN109462503B (en) | Data detection method and device | |
Shimamura et al. | Using attack information to reduce false positives in network ids | |
CN111988333B (en) | Proxy software work abnormality detection method, device and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request |