CA2526759A1 - Event monitoring and management - Google Patents

Event monitoring and management Download PDF

Info

Publication number
CA2526759A1
CA2526759A1 CA002526759A CA2526759A CA2526759A1 CA 2526759 A1 CA2526759 A1 CA 2526759A1 CA 002526759 A CA002526759 A CA 002526759A CA 2526759 A CA2526759 A CA 2526759A CA 2526759 A1 CA2526759 A1 CA 2526759A1
Authority
CA
Canada
Prior art keywords
program product
computer program
network
agent
reporting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002526759A
Other languages
French (fr)
Other versions
CA2526759C (en
Inventor
Andrew Ginter
Kegan Kawano
Tom Hutchinson
Rui Manuel Martins Lopes
Erik P. Hope
Brad Mcmillan
Adam Muegge
Andy G. Mah
Brett Jensen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Capgemini America Inc
Original Assignee
Verano, Inc.
Andrew Ginter
Kegan Kawano
Tom Hutchinson
Rui Manuel Martins Lopes
Erik P. Hope
Brad Mcmillan
Adam Muegge
Andy G. Mah
Brett Jensen
Industrial Defender, Inc.
Lockheed Martin Industrial Defender, Inc.
Leidos Cyber, Inc.
Capgemini Cyber, Inc.
Capgemini America, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verano, Inc., Andrew Ginter, Kegan Kawano, Tom Hutchinson, Rui Manuel Martins Lopes, Erik P. Hope, Brad Mcmillan, Adam Muegge, Andy G. Mah, Brett Jensen, Industrial Defender, Inc., Lockheed Martin Industrial Defender, Inc., Leidos Cyber, Inc., Capgemini Cyber, Inc., Capgemini America, Inc. filed Critical Verano, Inc.
Publication of CA2526759A1 publication Critical patent/CA2526759A1/en
Application granted granted Critical
Publication of CA2526759C publication Critical patent/CA2526759C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Abstract

Described are techniques used in monitoring the performance, security and health of a system used in an industrial application. Agents included in the industrial network report data to an appliance or server. The appliance stores the data and determines when an alarm condition has occurred. Notifications are sent upon detecting an alarm condition. The alarm thresholds may be user defined. A threat thermostat controller determines a threat level used to control the connectivity of a network used in the industrial application.

Claims (174)

1. A method for controlling connectivity in a network comprising:
receiving one or more inputs;
determining a threat level indicator in accordance with said one or more inputs;
and selecting, for use in said network, a firewall configuration in accordance with said threat level indicator.
2. The method of Claim 1, wherein said firewall configuration is selected from a plurality of firewall configurations each associated with a different threat level indicator.
3. The method of Claim 2, wherein a first firewall configuration associated with a first threat level indicator provides for more restrictive connectivity of said network than a second firewall configuration associated with a second threat level indicator when said first threat level indicator is a higher threat level than said second threat level indicator.
4. The method of Claim 3, wherein, a firewall configuration associated with a highest threat level indicator provides for disconnecting said network from all other less-trusted networks.
5. The method of Claim 4, wherein said disconnecting includes physically disconnecting said network from other networks.
6. The method of Claim 4, wherein said network is reconnected to said less trusted networks when a current threat level is a level other than said highest threat level indicator.
7. The method of Claim 1, further comprising:
automatically loading said firewall configuration as a current firewall configuration in use in said network.
8. The method of Claim 1, wherein said one or more inputs includes at least one of: a manual input, a metric about a system in said network, a metric about said network, a derived value determined using a plurality of weighted metrics including one metric about said network, a derived value determined using a plurality of metrics, and an external source from said network.
9. The method of Claim 8, wherein, if said manual input is specified, said manual input determines the threat level indicator overriding all other indicators.
10. The method of Claim 8, wherein said plurality of weighted metrics includes a metric about at least one of: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a high level of privileges.
11. The method of Claim 10, wherein said high level of privileges corresponds to one of: administrator privileges and root user privileges.
12. The method of Claim 1, wherein said selecting additionally selects one or more of the following: an antivirus configuration, an intrusion prevention configuration, and an intrusion detection configuration.
13. A computer program product for controlling connectivity in a network comprising code that:
receives one or more inputs;
determines a threat level indicator in accordance with said one or more inputs;
and selects, for use in said network, a firewall configuration in accordance with said threat level indicator.
14. The computer program product of Claim 13, wherein said firewall configuration is selected from a plurality of firewall configurations each associated with a different threat level indicator.
15. The computer program product of Claim 14, wherein a first firewall configuration associated with a first threat level indicator provides for more restrictive connectivity of said network than a second firewall configuration associated with a second threat level indicator when said first threat level indicator is a higher threat level than said second threat level indicator.
16. The computer program product of Claim 15, wherein, a firewall configuration associated with a highest threat level indicator provides for disconnecting said network from all other less-trusted networks.
17. The computer program product of Claim 16, wherein said code that disconnects includes physically disconnecting said network from other networks.
18. The computer program product of Claim 16, wherein said network is reconnected to said less trusted networks when a current threat level is a level other than said highest threat level indicator.
19. The computer program product of Claim 13, further comprising code that:

automatically loads said firewall configuration as a current firewall configuration in use in said network.
20. The computer program product of Claim 13, wherein said one or more inputs includes at least one o~ a manual input, a metric about a system in said network, a metric about said network, a derived value determined using a plurality of weighted metrics including one metric about said network, a derived value determined using a plurality of metrics, and an external source from said network.
21. The computer program product of Claim 20, wherein, if said manual input is specified, said manual input determines the threat level indicator overriding all other indicators.
22. The computer program product of Claim 20, wherein said plurality of weighted metrics includes a metric about at least one of: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a high level of privileges.
23. The computer program product of Claim 22, wherein said high level of privileges corresponds to one of administrator privileges and root user privileges.
24. The computer program product of Claim 13, wherein said code that selects additionally selects one or more of the following: an antivirus configuration, an intrusion prevention configuration, and an intrusion detection configuration.
25. A method of event reporting by an agent comprising:
receiving data;
determining if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting;
reporting said first occurrence of an event if said determining determines said data indicates said first occurrence; and reporting a summary including said metric in a periodic report at a first point in time.
26. The method of Claim 25, wherein said reporting of said first occurrence and said reporting of said summary are performed without a request for a report.
27. The method of Claim 25, wherein data for said reporting of said first occurrence and said reporting of said summary are performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
28. The method of Claim 27, wherein said reporting of said first occurrence and said summary further comprising:
opening a communication connection;
sending data to said reporting destination; and closing said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
29. The method of Claim 28, wherein said communication connection is a TCP
or UDP socket.
30. The method of Claim 25, wherein said periodic report includes a summary of a selected set of one or more data sources and associated values for a time interval since a last periodic report was sent to a reporting destination.
31. The method of Claim 30, wherein said selected set of one or more metrics is a first level of reporting information and said periodic report includes a second level of reporting information used to perform one at least one of the following:
determine a cause of a problem, and take a corrective action to a problem.
32. The method of Claim 25, wherein said reporting of said first occurrence and said summary includes transmitting messages from said agent to a reporting destination, each of said messages being a fixed maximum size.
33. The method of Claim 32, wherein a time interval at which said periodic report is sent by said agent and data included in each of said messages are determined in accordance with at least one of: resources available on a computer system and a network in which said agent is included.
34. The method of Claim 33, wherein said agent executes on a first computer system and reports data to another computer system.
35. The method of Claim 31, further comprising:
monitoring a log file; and extracting said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.
36. The method of Claim 28, wherein said agent transmits an XML
communication to said reporting destination using said communication connection.
37. The method of Claim 25, wherein a threshold is specified for an amount of data that said agent can report in a fixed reporting interval, said threshold being equal to or greater than a fixed maximum size for each summary report sent by said agent.
38. The method of Claim 25, wherein a report sent for any of said reporting includes an encrypted checksum preventing modifications of said report while said report is being communicated from an agent to a receiver in a network.
39. The method of Claim 25, wherein said reporting is performed by an agent that sends a report, said report including one of: a timestamp which increases with time duration, and a sequence number which increases with time duration, used by a receiver of said report.
40. The method of Claim 39, wherein said receiver uses said one of said timestamp or said sequence number in authenticating a report received by said receiver as being sent by said agent, said receiver processing received reports having said one of a timestamp or sequence number which is greater than another one of a timestamp or sequence number associated with a last report received from said agent.
41. The method of Claim 31, wherein said second level of reporting information identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
42. A method of event reporting by an agent comprising:
receiving data;
determining if said data corresponds to an event of interest associated with at least one security metric; and sending a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection.
43. The method of Claim 42, wherein said agent only sends data on said one-way communication connection to said reporting destination without reading any communication from said communication connection.
44. The method of Claim 42, wherein said report includes at least one performance metric in accordance with said data received.
45. A method of event reporting by an agent comprising:
receiving data;
determining if said data indicates a security event of interest; and reporting a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval.
46. The method of Claim 45, wherein said reporting of said summary is performed without a request for a report.
47. The method of Claim 45, wherein data for said reporting of said summary is performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
48. The method of Claim 47, wherein said reporting of said summary further comprises:
opening a communication connection;
sending data to a said reporting destination; and closing said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
49. The method of Claim 48, wherein said communication connection is a TCP
or UDP socket.
50. The method of Claim 48, wherein said agent transmits an XML
communication to said reporting destination using said communication connection.
51. The method of Claim 25, wherein said reporting of said summary includes transmitting periodic messages from said agent to a reporting destination, each of said message having a fixed maximum size.
52. A computer program product for event reporting by an agent comprising code that:
receives data;
determines if said data indicates a first occurrence of an event of interest associated with a metric since a previous periodic reporting;
reports said first occurrence of an event if said code that determines that said data indicates said first occurrence; and reports a summary including said metric in a periodic report at a first point in time.
53. The computer program product of Claim 52, wherein said code that reports said first occurrence and said code that reports said summary are performed without a request for a report.
54. The computer program product of Claim 52, wherein data for said code that reports said first occurrence and said code that reports said summary are performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
55. The computer program product of Claim 54, wherein at least one of said code that reports said first occurrence and said code that reports said summary further comprise code that:
opens a communication connection;
sends data to said reporting destination; and closes said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
56. The computer program product of Claim 55, wherein said communication connection is a TCP or UDP socket.
57. The computer program product of Claim 52, wherein said periodic report includes a summary of a selected set of one or more data sources and associated values for a time interval since a last periodic report was sent to a reporting destination.
58. The computer program product of Claim 57, wherein said selected set of one or more metrics is a first level of reporting information and said periodic report includes a second level of reporting information used to perform one at least one of the following:
determine a cause of a problem, and take a corrective action to a problem.
59. The computer program product of Claim 52, wherein said code that reports said first occurrence and said code that reports said summary includes code that transmits messages from said agent to a reporting destination, each of said messages being a fixed maximum size.
60. The computer program product of Claim 59, wherein a time interval at which said periodic report is sent by said agent and data included in each of said messages are determined in accordance with at least one of: resources available on a computer system and a network in which said agent is included.
61. The computer program product of Claim 60, wherein said agent executes on a first computer system and reports data to another computer system.
62. The computer program product of Claim 58, further comprising code that:
monitors a log file; and extracts said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.
63. The computer program product of Claim 55, wherein said agent transmits an XML communication to said reporting destination using said communication connection.
64. The computer program product of Claim 52, wherein a threshold is specified for an amount of data that said agent can report in a fixed reporting interval, said threshold being equal to or greater than a fixed maximum size for each summary report sent by said agent.
65. The computer program product of Claim 52, wherein a report sent for any of said code that reports uses an encrypted checksum preventing modifications of said report while said report is being communicated from an agent to a receiver in a network.
66. The computer program product of Claim 52, wherein said code that reports is performed by an agent that sends a report, said report including one of: a timestamp which increases with time duration; and a sequence number which increases with time duration, used by a receiver of said report.
67. The computer program product of Claim 66, wherein said receiver uses said one of said timestamp or said sequence number in authenticating a report received by said receiver as being sent by said agent, said receiver processing received reports having said one of a timestamp or sequence number which is greater than another one of a timestamp or sequence number associated with a last report received from said agent.
68. The computer program product of Claim 58, wherein said second level of reporting information identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
69. A computer program product for event reporting by an agent comprising code that:
receives data;
determines if said data corresponds to an event of interest associated with at least one security metric; and sends a report to a reporting destination, said report including said at least one security metric for a fixed time interval, wherein said report is sent from said agent communicating data at an application level to said reporting destination using a one-way communication connection.
70. The computer program product of Claim 69, wherein said agent only sends data on said one-way communication connection to said reporting destination without reading any communication from said communication connection.
71. The computer program product of Claim 69, wherein said report includes at least one performance metric in accordance with said data received.
72. A computer program product for event reporting by an agent comprising code that:
receives data;
determines if said data indicates a security event of interest; and reports a summary including information on a plurality of occurrences of said security event of interest occurring within a fixed time interval, said summary being sent at a predetermined time interval.
73. The computer program product of Claim 72, wherein said code that reports said summary is performed without a request for a report.
74. The computer program product of Claim 72, wherein data for said code that reports said summary is performed by said agent communicating data at an application level to a reporting destination using a one-way communication connection.
75. The computer program product of Claim 74, wherein said code that reports said summary further comprises code that:
opens a communication connection;
sends data to a said reporting destination; and closes said communication connection, said agent only sending data to said reporting destination without reading any communication from said communication connection.
76. The computer program product of Claim 75, wherein said communication connection is a TCP or UDP socket.
77. The computer program product of Claim 75, wherein said agent transmits an XML communication to said reporting destination using said communication connection.
78. The computer program product of Claim 52, wherein said code that reports said summary includes code that transmits periodic messages from said agent to a reporting destination, each of said message having a fixed maximum size.
79. A method of event notification comprising:
receiving a first report of a condition;
sending a first notification message about said first report of said condition;
sending a second notification message about said condition at a first notification interval;
receiving subsequent reports at fixed time intervals;
sending a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval.
80. The method of Claim 79, wherein said first report is sent from a reporting agent on a first computer system reporting about one of said first computer system and a network including said first computer system, and said notification messages are sent from a notification server on a second computer system.
81. The method of Claim 79, wherein notification messages are sent to a notification point at successive notification intervals wherein each of said successive notification intervals increases approximately exponentially with respect to an immediately prior notification interval.
82. The method of Claim 80, wherein said condition is associated with an alarm condition and an alarm condition is set when a current level of a metric is not in accordance with a predetermined threshold value.
83. The method of Claim 79, wherein each of said notification messages includes a first level of information about said condition and a second level of information used to perform at least one of the following: determine a cause of said condition, and take a corrective action for said condition.
84. The method of Claim 83, wherein an option is included in a reporting agent to enable and disable reporting of said second level of information to a notification server from said agent sending said first report.
85. The method of Claim 83, wherein an option is used to enable and disable condition notification messages including said second level of information.
86. The method of Claim 82, wherein an alarm condition is associated with a first level alarm and an alarm state of said first level is maintained when a current level of a metric is in accordance with said predetermined threshold value until an acknowledgement of said alarm state at said first level is received by said notification server.
87. The method of Claim 86, wherein said alarm condition transitions to a second level alarm when said current level is not in accordance with said predetermined threshold and another threshold associated with a second level, and said second level alarm is maintained when a current level of a metric is in accordance with one of: said predetermined threshold and said other threshold until acknowledgement of said second level alarm is received by said notification server.
88. The method of Claim 79, wherein reports are sent from a reporting agent executing on a computer system in an industrial network to an appliance included in said industrial network and each of said reports includes events occurring within said industrial network.
89. The method of Claim 82, wherein an alarm condition is determined in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
90. A method of event notification comprising:
receiving a first report of a condition at a reporting destination; and sending a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
91. The method of Claim 90, wherein said summary identifies at least one source associated with an attack, wherein said source is one of a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
92. The method of Claim 90, wherein said summary identifies at least one target associated with an attack, wherein said target is one of a user, a machine, an application, and a port, said percentage indicating a percentage of events associated with said at least one target for a type of attack.
93. The method of Claim 90, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
94. A method of event notification comprising:
receiving report of a potential cyber-attack condition at fixed time intervals; and sending a notification message about said conditions when said conditions exceed a notification threshold.
95. The method of Claim 94, wherein a notification threshold is determined using an alarm condition in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
96. The method of Claim 94, wherein said notification message includes a summary of information about events occurring in a fixed time interval, said summary identifying at least one of: a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
97. The method of Claim 96, wherein said summary identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
98. The method of Claim 96, wherein said summary identifies at least one target associated with an attack, wherein said target is one of a user, a machine, an application, and a port, said percentage indicating a percentage of events associated with said at least one target for a type of attack.
99. The method of Claim 96, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
100. A computer program product for event notification comprising code that:
receives a first report of a condition;
sends a first notification message about said first report of said condition;
sends a second notification message about said condition at a first notification interval;
receives subsequent reports at fixed time intervals; and sends a subsequent notification message at a second notification interval if said condition is still ongoing during said second notification interval, wherein said second notification interval has a length which is a multiple of said first notification interval.
101. The computer program product of Claim 100, wherein said first report is sent from a reporting agent on a first computer system reporting about one of:
said first computer system and a network including said first computer system, and said notification messages are sent from a notification server on a second computer system.
102. The computer program product of Claim 100, wherein notification messages are sent to a notification point at successive notification intervals wherein each of said successive notification intervals increases approximately exponentially with respect to an immediately prior notification interval.
103. The computer program product of Claim 101, wherein said condition is associated with an alarm condition and an alarm condition is set when a current level of a metric is not in accordance with a predetermined threshold value.
104. The computer program product of Claim 100, wherein each of said notification messages includes a first level of information about said condition and a second level of information used to perform at least one of the following:
determine a cause of said condition, and take a corrective action for said condition.
105. The computer program product of Claim 104, wherein an option is included in a reporting agent to enable and disable reporting of said second level of information to a notification server from said agent sending said first report.
106. The computer program product of Claim 104, wherein an option is used to enable and disable condition notification messages including said second level of information.
107. The computer program product of Claim 103, wherein an alarm condition is associated with a first level alarm and an alarm state of said first level is maintained when a current level of a metric is in accordance with said predetermined threshold value until an acknowledgement of said alarm state at said first level is received by said notification server.
108. The computer program product of Claim 107, wherein said alarm condition transitions to a second level alarm when said current level is not in accordance with said predetermined threshold and another threshold associated with a second level, and said second level alarm is maintained when a current level of a metric is in accordance with one of: said predetermined threshold and said other threshold until acknowledgement of said second level alarm is received by said notification server.
109. The computer program product of Claim 100, wherein reports are sent from a reporting agent executing on a computer system in an industrial network to an appliance included in said industrial network and each of said reports includes events occurring within said industrial network.
110. The computer program product of Claim 103, wherein an alarm condition is determined in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about: a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
111. A computer program product for event notification comprising code that:
receives a first report of a condition at a reporting destination; and sends a notification message from said reporting destination to a notification destination, said notification message including a summary of information about events occurring in a fixed time interval, said summary identifying at least one of:
a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
112. The computer program product of Claim 111, wherein said summary identifies at least one source associated with an attack, wherein said source is one of a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
113. The computer program product of Claim 111, wherein said summary identifies at least one target associated with an attack, wherein said target is one of: a user, a machine, an application, and a port, said percentage indicating a percentage of events associated with said at least one target for a type of attack.
114. The computer program product of Claim 111, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
115. A computer program product for event notification comprising code that:
receives report of a potential cyber-attack condition at fixed time intervals;
and sends a notification message about said conditions when said conditions exceed a notification threshold.
116. The computer program product of Claim 115, wherein a notification threshold is determined using an alarm condition in accordance with a plurality of weighted metrics, said plurality of weighted metrics including at least one metric about:
a network intrusion detection, a network intrusion prevention, a number of failed login attempts, a number of users with a level of privileges greater than a level associated with a user-level account.
117. The computer program product of Claim 115, wherein said notification message includes a summary of information about events occurring in a fixed time interval, said summary identifying at least one of: a source and a target associated with an attack occurring within said fixed time interval, and a percentage of events associated with said at least one of said source and said target.
118. The computer program product of Claim 117, wherein said summary identifies at least one source associated with an attack, wherein said source is one of: a user, a machine, and an application, said percentage indicating a percentage of events associated with said at least one source for a type of attack.
119. The computer program product of Claim 117, wherein said summary identifies at least one target associated with an attack, wherein said target is one of: a user, a machine, an application, and a port, said percentage indicating a percentage of, events associated with said at least one target for a type of attack.
120. The computer program product of Claim 117, wherein said summary identifies a portion of a type of attack represents with respect to all attacks in said fixed time interval.
121. A method for monitoring an industrial network comprising:
reporting first data about a first computer system by a first agent executing on said first computer system in said industrial network, said first computer system performing at least one of: monitoring or controlling a physical process of said industrial network, said first data including information about software used in connection with said physical process.
122. The method of Claim 121, further comprising:
reporting second data about communications on a connection between said industrial network and another network by a second agent executing on a second computer system.
123. The method of Claim 122, wherein said second data reported by said second agent is included in an appliance to which said first data is sent.
124. The method of Claim 121, wherein said first agent reports on at least one of:
critical file monitoring, log file for said first computer system, hardware and operating system of said first computer system, password and login, a specific application executing on said computer system wherein said application is in accordance with a particular industrial application of said industrial network.
125. The method of Claim 124, wherein a plurality of agents execute on said first computer system monitoring said first computer system.
126. The method of Claim 125, wherein said plurality of agents includes a master agent and other agents performing a predetermined set of monitoring tasks, said master agent controlling execution of said other agents.
127. The method of Claim 126, wherein said plurality of agents report data at predetermined intervals to one of: an appliance and said second computer system.
128. The method of Claim 127, further comprising performing, by at least one of said plurality of agents:
obtaining data from a data source;
parsing said data;
performing pattern matching on said parsed data to determine events of interest;
recording any events of interest;
reporting any events of interest in accordance with occurrences of selected events in a tune interval;
creating a message including said summary at predetermined time intervals; and encrypting at least one of: said message and a checksum of said message.
129. The method of Claim 121, wherein said first data includes at least one of the following metrics: a number of open listen connections and a number of abnormal process terminations.
130. The method of Claim 129, wherein, when a number of open listen connections falls below a first level, an event corresponding to a component failure is determined.
131. The method of Claim 129, wherein, when a number of open listen connections is above a second level, an event corresponding to a new component or unauthorized component is determined.
132. The method of Claim 122, wherein said second agent reports on network activity in accordance with a set of rules, said rules including at least one rule indicating that events in a business network are flagged as suspicious in said industrial network.
133. The method of Claim 132, wherein said events include at least one of: an event associated with a web browser, and an event associated with e-mail.
134. The method of Claim 122, wherein said second agent reports on an address binding of a physical device identifier to a network address if the physical device identifier of a component was not previously known, or said network address in the address binding is a reassignment of said network address within a predetermined time period since said network address was last included in an address binding.
135. The method of Claim 122, wherein said second agent reports second data about a firewall, and said second data includes at least one of: a change to a saved firewall configuration corresponding to a predetermined threat level, a change to a current set of firewall configuration rules currently controlling operations between said industrial network and said other network.
136. The method of Claim 135, wherein log files associated with said firewall are stored remotely at a location on said second computer system with log files for said second computer system activity.
137. The method of Claim 122, wherein said second data includes at least one threat assessment from a source external to said industrial network.
138. The method of Claim 137, wherein said second data includes at least one of:

a threat level indicator from a corporate network connected to said industrial network, a threat level indicator from a public network source, and a threat level indicator that is manually input.
139. The method of Claim 121, further comprising:

receiving at least said first data by a receiver;
authenticating said first data as being sent by said first agent; and processing, in response to said authenticating, said first data by said receiver.
140. The method of Claim 139, wherein said authenticating includes at least one of: verifying use of said first agent's encryption key, and checking validity of a message checksum, and using a timestamp or sequence number to detect invalid reports received by said receiver as being sent from said first agent.
141. The method of Claim 121, wherein said reporting is performed in accordance with a threshold size indicates an amount of data that said first agent is permitted to transmit in a fixed periodic reporting interval.
142. A computer program product for monitoring an industrial network comprising code that:

reports first data about a first computer system by a first agent executing on said first computer system in said industrial network, said first computer system performing at least one of: monitoring or controlling a physical process of said industrial network, said first data including information about software used in connection with said physical process.
143. The computer program product of Claim 142, further comprising code that:

reports second data about communications on a connection between said industrial network and another network by a second agent executing on a second computer system.
144. The computer program product of Claim 143, wherein said second data reported by said second agent is included in an appliance to which said first data is sent.
145. The computer program product of Claim 142, wherein said first agent reports on at least one of: critical file monitoring, log file for said first computer system, hardware and operating system of said first computer system, password and login, a specific application executing on said computer system wherein said application is in accordance with a particular industrial application of said industrial network.
146. The computer program product of Claim 145, wherein a plurality of agents execute on said first computer system monitoring said first computer system.
147. The computer program product of Claim 146, wherein said plurality of agents includes a master agent and other agents performing a predetermined set of monitoring tasks, said master agent controlling execution of said other agents.
148. The computer program product of Claim 147, wherein said plurality of agents report data at predetermined intervals to one of: an appliance and said second computer system.
149. The computer program product of Claim 148, further comprising code for performing, by at least one of said plurality of agents:

obtaining data from a data source;
parsing said data;
performing pattern matching on said parsed data to determine events of interest;
recording any events of interest;
reporting any events of interest in accordance with occurrences of selected events in a time interval;
creating a message including said summary at predetermined time intervals; and encrypting at least one of: said message and a checksum of said message.
150. The computer program product of Claim 142, wherein said first data includes at least one of the following metrics: a number of open listen connections and a number of abnormal process terminations.
151. The computer program product of Claim 150, wherein, when a number of open listen connections falls below a first level, an event corresponding to a component failure is determined.
152. The computer program product of Claim 150, wherein, when a number of open listen connections is above a second level, an event corresponding to a new component or unauthorized component is determined.
153. The computer program product of Claim 143, wherein said second agent reports on network activity in accordance with a set of rules, said rules including at least one rule indicating that events in a business network are flagged as suspicious in said industrial network.
154. The computer program product of Claim 153, wherein said events include at least one of: an event associated with a web browser, and an event associated with e-mail.
155. The computer program product of Claim 143, wherein said second agent reports on an address binding of a physical device identifier to a network address if the physical device identifier of a component was not previously known, or said network address in the address binding is a reassignment of said network address within a predetermined time period since said network address was last included in an address binding.
156. The computer program product of Claim 143, wherein said second agent reports second data about a firewall, and said second data includes at least one of: a change to a saved firewall configuration corresponding to a predetermined threat level, a change to a current set of firewall configuration rules currently controlling operations between said industrial network and said other network.
157. The computer program product of Claim 156, wherein log files associated with said firewall are stored remotely at a location on said second computer system with log files for said second computer system activity.
158. The computer program product of Claim 143, wherein said second data includes at least one threat assessment from a source external to said industrial network.
159. The computer program product of Claim 158, wherein said second data includes at least one of: a threat level indicator from a corporate network connected to said industrial network, a threat level indicator from a public network source, and a threat level indicator that is manually input.
160. The computer program product of Claim 142, further comprising code that:

receives at least said first data by a receiver;
authenticates said first data as being sent by said first agent; and processes, in response to said code that authenticates, said first data by said receiver.
161. The computer program product of Claim 160, wherein said code that authenticates includes at least one of code that verifies use of said first agent's encryption key and checks validity of a message checksum, and code that uses a timestamp or sequence number to detect invalid reports received by said receiver as being sent from said first agent.
162. The computer program product of Claim 142, wherein said code that reports uses a threshold size indicating an amount of data that said first agent is permitted to transmit in a fixed periodic reporting interval.
163. A method for detecting undesirable messages in a network comprising:

receiving a message in said network;
determining if said message is undesirable in accordance with at least one rule defining an acceptable message in said network; and reporting said message as undesirable if said message is not determined to be in accordance with said at least one rule.
164. The method of Claim 163, further comprising:

defining another rule for use in said determining if an additional message type is determined to be acceptable in said network.
165. A computer program product for detecting undesirable messages in a network comprising code that:

receives a message in said network;
determines if said message is undesirable in accordance with at least one rule defining an acceptable message in said network; and reports said message as undesirable if said message is not determined to be in accordance with said at least one rule.
166. The computer program product of Claim 165, further comprising code that:

defines another rule for use in said determining if an additional message type is determined to be acceptable in said network.
167. A method for performing periodic filesystem integrity checks comprising:

receiving two or more sets of filesystem entries, each set representing a grouping of one or more filesystem entries;
selecting zero or more entries from each set; and performing integrity checking for each selected entry from each set during a reporting period.
168. The method of Claim 167, wherein each of said two or more sets correspond to a predetermined classification level.
169. The method of Claim 168, wherein if a first classification level is more important than a second classification level, said first classification level includes less entries than said second classification level.
170. The method of Claim 168, wherein a number of entries from each set is determined in accordance with a level of importance associated with said set.
171. A computer program product for performing periodic filesystem integrity checks comprising code that:
receives two or more sets of filesystem entries, each set representing a grouping of one or more filesystem entries;
selects zero or more entries from each set; and performs integrity checking for each selected entry from each set during a reporting period.
172. The computer program product of Claim 171, wherein each of said two or more sets correspond to a predetermined classification level.
173. The computer program product of Claim 172, wherein if a first classification level is more important than a second classification level, said first classification level includes less entries than said second classification level.
174. The computer program product of Claim 172, wherein a number of entries from each set is determined in accordance with a level of importance associated with said set.
CA2526759A 2003-06-09 2004-06-08 Event monitoring and management Active CA2526759C (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US47708803P 2003-06-09 2003-06-09
US60/477,088 2003-06-09
US10/815,222 2004-03-31
US10/815,222 US7246156B2 (en) 2003-06-09 2004-03-31 Method and computer program product for monitoring an industrial network
PCT/US2004/018118 WO2004111785A2 (en) 2003-06-09 2004-06-08 Event monitoring and management

Publications (2)

Publication Number Publication Date
CA2526759A1 true CA2526759A1 (en) 2004-12-23
CA2526759C CA2526759C (en) 2011-08-16

Family

ID=33555439

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2526759A Active CA2526759C (en) 2003-06-09 2004-06-08 Event monitoring and management

Country Status (5)

Country Link
US (4) US7246156B2 (en)
EP (1) EP1636704A4 (en)
AU (1) AU2004248605B2 (en)
CA (1) CA2526759C (en)
WO (1) WO2004111785A2 (en)

Families Citing this family (597)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8564661B2 (en) * 2000-10-24 2013-10-22 Objectvideo, Inc. Video analytic rule detection system and method
US9892606B2 (en) * 2001-11-15 2018-02-13 Avigilon Fortress Corporation Video surveillance system employing video primitives
US7720727B2 (en) * 2001-03-01 2010-05-18 Fisher-Rosemount Systems, Inc. Economic calculations in process control system
US8073967B2 (en) * 2002-04-15 2011-12-06 Fisher-Rosemount Systems, Inc. Web services-based communications for use with process control systems
US7389204B2 (en) * 2001-03-01 2008-06-17 Fisher-Rosemount Systems, Inc. Data presentation system for abnormal situation prevention in a process plant
US7587481B1 (en) * 2001-04-05 2009-09-08 Dj Inventions, Llc Enterprise server for SCADA system with security interface
US20020191102A1 (en) * 2001-05-31 2002-12-19 Casio Computer Co., Ltd. Light emitting device, camera with light emitting device, and image pickup method
US7657935B2 (en) * 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US7818797B1 (en) * 2001-10-11 2010-10-19 The Trustees Of Columbia University In The City Of New York Methods for cost-sensitive modeling for intrusion detection and response
US8544087B1 (en) 2001-12-14 2013-09-24 The Trustess Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US9306966B2 (en) 2001-12-14 2016-04-05 The Trustees Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US7225343B1 (en) 2002-01-25 2007-05-29 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusions in computer systems
US8910241B2 (en) * 2002-04-25 2014-12-09 Citrix Systems, Inc. Computer security system
US7420929B1 (en) 2002-07-02 2008-09-02 Juniper Networks, Inc. Adaptive network flow analysis
JP2004318552A (en) * 2003-04-17 2004-11-11 Kddi Corp Device, method and program for supporting ids log analysis
US9069666B2 (en) * 2003-05-21 2015-06-30 Hewlett-Packard Development Company, L.P. Systems and methods for controlling error reporting and resolution
CA2527501A1 (en) * 2003-05-28 2004-12-09 Caymas Systems, Inc. Multilayer access control security system
US7246156B2 (en) * 2003-06-09 2007-07-17 Industrial Defender, Inc. Method and computer program product for monitoring an industrial network
US20090271504A1 (en) * 2003-06-09 2009-10-29 Andrew Francis Ginter Techniques for agent configuration
US20050033701A1 (en) * 2003-08-08 2005-02-10 International Business Machines Corporation System and method for verifying the identity of a remote meter transmitting utility usage data
US7712083B2 (en) * 2003-08-20 2010-05-04 Igt Method and apparatus for monitoring and updating system software
US20050050357A1 (en) * 2003-09-02 2005-03-03 Su-Huei Jeng Method and system for detecting unauthorized hardware devices
EP1682990B1 (en) 2003-11-12 2013-05-29 The Trustees of Columbia University in the City of New York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US7590726B2 (en) * 2003-11-25 2009-09-15 Microsoft Corporation Systems and methods for unifying and/or utilizing state information for managing networked systems
US7613804B2 (en) * 2003-11-25 2009-11-03 Microsoft Corporation Systems and methods for state management of networked systems
US7430598B2 (en) * 2003-11-25 2008-09-30 Microsoft Corporation Systems and methods for health monitor alert management for networked systems
US7599939B2 (en) * 2003-11-26 2009-10-06 Loglogic, Inc. System and method for storing raw log data
US20050114505A1 (en) * 2003-11-26 2005-05-26 Destefano Jason M. Method and apparatus for retrieving and combining summarized log data in a distributed log data processing system
US8234256B2 (en) * 2003-11-26 2012-07-31 Loglogic, Inc. System and method for parsing, summarizing and reporting log data
US20050114707A1 (en) * 2003-11-26 2005-05-26 Destefano Jason Michael Method for processing log data from local and remote log-producing devices
US20050114321A1 (en) * 2003-11-26 2005-05-26 Destefano Jason M. Method and apparatus for storing and reporting summarized log data
US8190723B2 (en) * 2003-12-14 2012-05-29 Cisco Technology, Inc. Method and system for automatically determining commands for a network element
US7359339B2 (en) * 2003-12-23 2008-04-15 Lenovo Singapore Pte Ltd Smart access point
US7584382B2 (en) * 2004-02-19 2009-09-01 Microsoft Corporation Method and system for troubleshooting a misconfiguration of a computer system based on configurations of other computer systems
US7392295B2 (en) * 2004-02-19 2008-06-24 Microsoft Corporation Method and system for collecting information from computer systems based on a trusted relationship
US20050198099A1 (en) * 2004-02-24 2005-09-08 Covelight Systems, Inc. Methods, systems and computer program products for monitoring protocol responses for a server application
US7676287B2 (en) * 2004-03-03 2010-03-09 Fisher-Rosemount Systems, Inc. Configuration system and method for abnormal situation prevention in a process plant
US7079984B2 (en) * 2004-03-03 2006-07-18 Fisher-Rosemount Systems, Inc. Abnormal situation prevention in a process plant
US8224937B2 (en) * 2004-03-04 2012-07-17 International Business Machines Corporation Event ownership assigner with failover for multiple event server system
US20050234988A1 (en) * 2004-04-16 2005-10-20 Messick Randall E Message-based method and system for managing a storage area network
WO2005104798A2 (en) * 2004-04-28 2005-11-10 Openlogic, Inc. Tools for stacking uncoordinated software projects
DE102004021031A1 (en) * 2004-04-29 2005-11-24 Siemens Ag Method for generating and managing templates for event management
US7664855B1 (en) * 2004-05-05 2010-02-16 Juniper Networks, Inc. Port scanning mitigation within a network through establishment of an a prior network connection
EP1754127A2 (en) * 2004-05-19 2007-02-21 Computer Associates Think, Inc. Systems and methods for minimizing security logs
US20050259657A1 (en) * 2004-05-19 2005-11-24 Paul Gassoway Using address ranges to detect malicious activity
US20050271128A1 (en) * 2004-06-02 2005-12-08 Williams Jeffery D Distributed SCADA system for remote monitoring and control of access points utilizing an intelligent uninterruptible power supply system for a WISP network
US20050289232A1 (en) * 2004-06-07 2005-12-29 Rudiger Ebert Method, apparatus, and system for monitoring performance remotely from a user
US20060021021A1 (en) * 2004-06-08 2006-01-26 Rajesh Patel Security event data normalization
US8010952B2 (en) * 2004-06-08 2011-08-30 Cisco Technology, Inc. Method and apparatus for configuration syntax and semantic validation
US20060015591A1 (en) * 2004-06-08 2006-01-19 Datla Krishnam R Apparatus and method for intelligent configuration editor
US7735140B2 (en) * 2004-06-08 2010-06-08 Cisco Technology, Inc. Method and apparatus providing unified compliant network audit
US7721304B2 (en) * 2004-06-08 2010-05-18 Cisco Technology, Inc. Method and apparatus providing programmable network intelligence
JP2006013737A (en) * 2004-06-24 2006-01-12 Fujitsu Ltd Device for eliminating abnormal traffic
US10284571B2 (en) * 2004-06-28 2019-05-07 Riverbed Technology, Inc. Rule based alerting in anomaly detection
US8458783B2 (en) * 2004-06-30 2013-06-04 Citrix Systems, Inc. Using application gateways to protect unauthorized transmission of confidential data via web applications
US7343624B1 (en) * 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment
US9154511B1 (en) 2004-07-13 2015-10-06 Dell Software Inc. Time zero detection of infectious messages
US8589531B2 (en) * 2004-07-14 2013-11-19 Riverbed Technology, Inc. Network difference reporting
ES2289970T3 (en) * 2004-07-21 2011-12-30 Iternity Gmbh MEMORY SYSTEM WITH PROBATORY AND FAST VALUE BASED ON A HARD DISK.
US7546635B1 (en) 2004-08-11 2009-06-09 Juniper Networks, Inc. Stateful firewall protection for control plane traffic within a network device
US20060034305A1 (en) * 2004-08-13 2006-02-16 Honeywell International Inc. Anomaly-based intrusion detection
US7778228B2 (en) * 2004-09-16 2010-08-17 The Boeing Company “Wireless ISLAND” mobile LAN-to-LAN tunneling solution
US7280030B1 (en) * 2004-09-24 2007-10-09 Sielox, Llc System and method for adjusting access control based on homeland security levels
US8499337B1 (en) * 2004-10-06 2013-07-30 Mcafee, Inc. Systems and methods for delegation and notification of administration of internet access
US8433768B1 (en) * 2004-10-14 2013-04-30 Lockheed Martin Corporation Embedded model interaction within attack projection framework of information system
US7408441B2 (en) * 2004-10-25 2008-08-05 Electronic Data Systems Corporation System and method for analyzing user-generated event information and message information from network devices
US7408440B2 (en) 2004-10-25 2008-08-05 Electronics Data Systems Corporation System and method for analyzing message information from diverse network devices
US20060168170A1 (en) * 2004-10-25 2006-07-27 Korzeniowski Richard W System and method for analyzing information relating to network devices
JP4938233B2 (en) * 2004-11-09 2012-05-23 キヤノン電子株式会社 Management server, information processing apparatus, control method therefor, network management system, computer program, and computer-readable storage medium
JP4422595B2 (en) * 2004-11-26 2010-02-24 富士通株式会社 Monitoring system, monitored device, monitoring device, and monitoring method
US8756682B2 (en) * 2004-12-20 2014-06-17 Hewlett-Packard Development Company, L.P. Method and system for network intrusion prevention
US8974304B2 (en) * 2004-12-22 2015-03-10 Wms Gaming Inc. System, method, and apparatus for detecting abnormal behavior of a wagering game machine
US8266320B1 (en) * 2005-01-27 2012-09-11 Science Applications International Corporation Computer network defense
US9325728B1 (en) 2005-01-27 2016-04-26 Leidos, Inc. Systems and methods for implementing and scoring computer network defense exercises
US7895167B2 (en) * 2005-02-16 2011-02-22 Xpolog Ltd. System and method for analysis and management of logs and events
US20060203736A1 (en) * 2005-03-10 2006-09-14 Stsn General Holdings Inc. Real-time mobile user network operations center
US8418226B2 (en) * 2005-03-18 2013-04-09 Absolute Software Corporation Persistent servicing agent
US9438683B2 (en) * 2005-04-04 2016-09-06 Aol Inc. Router-host logging
US7685292B1 (en) 2005-04-07 2010-03-23 Dell Marketing Usa L.P. Techniques for establishment and use of a point-to-point tunnel between source and target devices
US8140614B2 (en) * 2005-06-02 2012-03-20 International Business Machines Corporation Distributed computing environment with remote data collection management
JP4313336B2 (en) * 2005-06-03 2009-08-12 株式会社日立製作所 Monitoring system and monitoring method
US7184935B1 (en) * 2005-06-10 2007-02-27 Hewlett-Packard Development Company, L.P. Determining and annotating a signature of a computer resource
US8364841B2 (en) * 2005-06-16 2013-01-29 Infinera Corporation XML over TCP management protocol with tunneled proxy support and connection management
US7702780B2 (en) * 2005-06-22 2010-04-20 International Business Machines Corporation Monitoring method, system, and computer program based on severity and persistence of problems
US7295950B2 (en) * 2005-06-23 2007-11-13 International Business Machines Corporation Monitoring multiple channels of data from real time process to detect recent abnormal behavior
US20060294588A1 (en) * 2005-06-24 2006-12-28 International Business Machines Corporation System, method and program for identifying and preventing malicious intrusions
US7877803B2 (en) * 2005-06-27 2011-01-25 Hewlett-Packard Development Company, L.P. Automated immune response for a computer
US7664849B1 (en) * 2005-06-30 2010-02-16 Symantec Operating Corporation Method and apparatus for controlling finite impulse responses using alert definitions in policy-based automation
US7647634B2 (en) * 2005-06-30 2010-01-12 Microsoft Corporation Managing access to a network
CN100479575C (en) 2005-06-30 2009-04-15 华为技术有限公司 Method and apparatus for realizing scheduled operation in equipment management
US9418040B2 (en) * 2005-07-07 2016-08-16 Sciencelogic, Inc. Dynamically deployable self configuring distributed network management system
US7832006B2 (en) * 2005-08-09 2010-11-09 At&T Intellectual Property I, L.P. System and method for providing network security
US7818625B2 (en) * 2005-08-17 2010-10-19 Microsoft Corporation Techniques for performing memory diagnostics
US8769663B2 (en) * 2005-08-24 2014-07-01 Fortinet, Inc. Systems and methods for detecting undesirable network traffic content
US7899903B2 (en) * 2005-09-30 2011-03-01 Microsoft Corporation Template based management system
US20070168349A1 (en) * 2005-09-30 2007-07-19 Microsoft Corporation Schema for template based management system
CN102904749B (en) 2005-10-05 2015-12-09 拜尔斯安全公司 Adopt the method for safety means protecting network device, safety means and data network
US7502971B2 (en) * 2005-10-12 2009-03-10 Hewlett-Packard Development Company, L.P. Determining a recurrent problem of a computer resource using signatures
WO2007053708A2 (en) 2005-10-31 2007-05-10 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for securing communications between a first node and a second node
JP4459890B2 (en) * 2005-11-04 2010-04-28 株式会社日立製作所 Information processing apparatus, incident response apparatus control method, and program
WO2007062004A2 (en) 2005-11-22 2007-05-31 The Trustees Of Columbia University In The City Of New York Methods, media, and devices for moving a connection from one point of access to another point of access
US7966654B2 (en) 2005-11-22 2011-06-21 Fortinet, Inc. Computerized system and method for policy-based content filtering
IL172289A (en) * 2005-11-30 2011-07-31 Rafael Advanced Defense Sys Limited bandwidth surveillance system and method with rotation among monitors
US20070192344A1 (en) * 2005-12-29 2007-08-16 Microsoft Corporation Threats and countermeasures schema
US7890315B2 (en) * 2005-12-29 2011-02-15 Microsoft Corporation Performance engineering and the application life cycle
US20070157311A1 (en) * 2005-12-29 2007-07-05 Microsoft Corporation Security modeling and the application life cycle
US20070157316A1 (en) * 2005-12-30 2007-07-05 Intel Corporation Managing rogue IP traffic in a global enterprise
US20070180101A1 (en) * 2006-01-10 2007-08-02 A10 Networks Inc. System and method for storing data-network activity information
JP2007215162A (en) * 2006-01-11 2007-08-23 Canon Inc Information processing apparatus, control method thereof, program and recording medium
US8234361B2 (en) * 2006-01-13 2012-07-31 Fortinet, Inc. Computerized system and method for handling network traffic
US9183106B2 (en) * 2006-01-13 2015-11-10 Dell Products L.P. System and method for the automated generation of events within a server environment
US7818788B2 (en) * 2006-02-14 2010-10-19 Microsoft Corporation Web application security frame
US7933986B2 (en) * 2006-02-16 2011-04-26 Microsoft Corporation Transferring command-lines as a message
US7712137B2 (en) * 2006-02-27 2010-05-04 Microsoft Corporation Configuring and organizing server security information
US7721157B2 (en) * 2006-03-08 2010-05-18 Omneon Video Networks Multi-node computer system component proactive monitoring and proactive repair
US7996895B2 (en) * 2006-03-27 2011-08-09 Avaya Inc. Method and apparatus for protecting networks from unauthorized applications
US8831011B1 (en) 2006-04-13 2014-09-09 Xceedium, Inc. Point to multi-point connections
US7675867B1 (en) 2006-04-19 2010-03-09 Owl Computing Technologies, Inc. One-way data transfer system with built-in data verification mechanism
US8151322B2 (en) 2006-05-16 2012-04-03 A10 Networks, Inc. Systems and methods for user access authentication based on network access point
US8065666B2 (en) 2006-06-02 2011-11-22 Rockwell Automation Technologies, Inc. Change management methodologies for industrial automation and information systems
US8117441B2 (en) * 2006-06-20 2012-02-14 Microsoft Corporation Integrating security protection tools with computer device integrity and privacy policy
US7913245B2 (en) * 2006-06-21 2011-03-22 International Business Machines Corporation Apparatus, system and method for modular distribution and maintenance of non-“object code only” dynamic components
US20070300312A1 (en) * 2006-06-22 2007-12-27 Microsoft Corporation Microsoft Patent Group User presence detection for altering operation of a computing system
US9762536B2 (en) * 2006-06-27 2017-09-12 Waterfall Security Solutions Ltd. One way secure link
US20080004763A1 (en) * 2006-06-30 2008-01-03 Caterpillar Inc. Method and system for preventing excessive tire wear on machines
US20130276109A1 (en) * 2006-07-11 2013-10-17 Mcafee, Inc. System, method and computer program product for detecting activity in association with program resources that has at least a potential of an unwanted effect on the program
US7536276B2 (en) * 2006-07-27 2009-05-19 Siemens Buildings Technologies, Inc. Method and apparatus for equipment health monitoring
US8869262B2 (en) * 2006-08-03 2014-10-21 Citrix Systems, Inc. Systems and methods for application based interception of SSL/VPN traffic
US8484718B2 (en) * 2006-08-03 2013-07-09 Citrix System, Inc. Systems and methods for enabling assured records using fine grained auditing of virtual private network traffic
US8495181B2 (en) * 2006-08-03 2013-07-23 Citrix Systems, Inc Systems and methods for application based interception SSI/VPN traffic
US7843912B2 (en) * 2006-08-03 2010-11-30 Citrix Systems, Inc. Systems and methods of fine grained interception of network communications on a virtual private network
US7571349B2 (en) * 2006-08-18 2009-08-04 Microsoft Corporation Configuration replication for system recovery and migration
US20080052508A1 (en) * 2006-08-25 2008-02-28 Huotari Allen J Network security status indicators
US8903968B2 (en) * 2006-08-29 2014-12-02 International Business Machines Corporation Distributed computing environment
IL177756A (en) * 2006-08-29 2014-11-30 Lior Frenkel Encryption-based attack prevention
US8522304B2 (en) * 2006-09-08 2013-08-27 Ibahn General Holdings Corporation Monitoring and reporting policy compliance of home networks
US20120284790A1 (en) * 2006-09-11 2012-11-08 Decision-Zone Inc. Live service anomaly detection system for providing cyber protection for the electric grid
US8984579B2 (en) * 2006-09-19 2015-03-17 The Innovation Science Fund I, LLC Evaluation systems and methods for coordinating software agents
US8627402B2 (en) 2006-09-19 2014-01-07 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
US8601530B2 (en) * 2006-09-19 2013-12-03 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
US8607336B2 (en) * 2006-09-19 2013-12-10 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
US20080125887A1 (en) * 2006-09-27 2008-05-29 Rockwell Automation Technologies, Inc. Event context data and aggregation for industrial control systems
US8112425B2 (en) 2006-10-05 2012-02-07 Splunk Inc. Time series search engine
US8312507B2 (en) 2006-10-17 2012-11-13 A10 Networks, Inc. System and method to apply network traffic policy to an application session
US7716378B2 (en) 2006-10-17 2010-05-11 A10 Networks, Inc. System and method to associate a private user identity with a public user identity
US8544071B1 (en) * 2006-10-19 2013-09-24 United Services Automobile Association (Usaa) Systems and methods for software application security management
US8055904B1 (en) 2006-10-19 2011-11-08 United Services Automobile Assocation (USAA) Systems and methods for software application security management
US8214889B2 (en) * 2006-11-03 2012-07-03 Microsoft Corporation Selective auto-revocation of firewall security settings
US20080126884A1 (en) * 2006-11-28 2008-05-29 Siemens Aktiengesellschaft Method for providing detailed information and support regarding an event message
US7415385B2 (en) * 2006-11-29 2008-08-19 Mitsubishi Electric Research Laboratories, Inc. System and method for measuring performances of surveillance systems
IL180020A (en) * 2006-12-12 2013-03-24 Waterfall Security Solutions Ltd Encryption -and decryption-enabled interfaces
US8055760B1 (en) * 2006-12-18 2011-11-08 Sprint Communications Company L.P. Firewall doctor
US7944357B2 (en) * 2006-12-18 2011-05-17 Cummings Engineering Consultants, Inc. Method and system for a grass roots intelligence program
US8640086B2 (en) * 2006-12-29 2014-01-28 Sap Ag Graphical user interface system and method for presenting objects
IL180748A (en) * 2007-01-16 2013-03-24 Waterfall Security Solutions Ltd Secure archive
US8254882B2 (en) * 2007-01-29 2012-08-28 Cisco Technology, Inc. Intrusion prevention system for wireless networks
US8312135B2 (en) * 2007-02-02 2012-11-13 Microsoft Corporation Computing system infrastructure to administer distress messages
JP4905165B2 (en) * 2007-02-07 2012-03-28 富士通株式会社 Monitoring support program, monitoring method and monitoring system
US8856782B2 (en) * 2007-03-01 2014-10-07 George Mason Research Foundation, Inc. On-demand disposable virtual work system
US7853679B2 (en) * 2007-03-12 2010-12-14 Citrix Systems, Inc. Systems and methods for configuring handling of undefined policy events
US7865589B2 (en) 2007-03-12 2011-01-04 Citrix Systems, Inc. Systems and methods for providing structured policy expressions to represent unstructured data in a network appliance
US8631147B2 (en) 2007-03-12 2014-01-14 Citrix Systems, Inc. Systems and methods for configuring policy bank invocations
US7870277B2 (en) * 2007-03-12 2011-01-11 Citrix Systems, Inc. Systems and methods for using object oriented expressions to configure application security policies
US7853678B2 (en) * 2007-03-12 2010-12-14 Citrix Systems, Inc. Systems and methods for configuring flow control of policy expressions
WO2008112769A2 (en) 2007-03-12 2008-09-18 Citrix Systems, Inc. Systems and methods for configuring, applying and managing object-oriented policy expressions for a network device
US8490148B2 (en) 2007-03-12 2013-07-16 Citrix Systems, Inc Systems and methods for managing application security profiles
US9922323B2 (en) 2007-03-16 2018-03-20 Visa International Service Association System and method for automated analysis comparing a wireless device location with another geographic location
US9185123B2 (en) 2008-02-12 2015-11-10 Finsphere Corporation System and method for mobile identity protection for online user authentication
US9432845B2 (en) 2007-03-16 2016-08-30 Visa International Service Association System and method for automated analysis comparing a wireless device location with another geographic location
US9420448B2 (en) 2007-03-16 2016-08-16 Visa International Service Association System and method for automated analysis comparing a wireless device location with another geographic location
US8280348B2 (en) 2007-03-16 2012-10-02 Finsphere Corporation System and method for identity protection using mobile device signaling network derived location pattern recognition
EP2143063A4 (en) * 2007-03-26 2012-10-17 Bpl Global Ltd System and method for integrated asset protection
WO2008118976A1 (en) * 2007-03-26 2008-10-02 The Trustees Of Culumbia University In The City Of New York Methods and media for exchanging data between nodes of disconnected networks
US9083712B2 (en) * 2007-04-04 2015-07-14 Sri International Method and apparatus for generating highly predictive blacklists
KR101397147B1 (en) * 2007-04-11 2014-05-19 엘지전자 주식회사 Mobile communication device having web alarm function and operating method thereof
US8068415B2 (en) 2007-04-18 2011-11-29 Owl Computing Technologies, Inc. Secure one-way data transfer using communication interface circuitry
US7941526B1 (en) 2007-04-19 2011-05-10 Owl Computing Technologies, Inc. Transmission of syslog messages over a one-way data link
US8352450B1 (en) 2007-04-19 2013-01-08 Owl Computing Technologies, Inc. Database update through a one-way data link
US8139581B1 (en) 2007-04-19 2012-03-20 Owl Computing Technologies, Inc. Concurrent data transfer involving two or more transport layer protocols over a single one-way data link
US20080270469A1 (en) * 2007-04-26 2008-10-30 Microsoft Corporation Business metrics aggregated by custom hierarchy
US8234240B2 (en) * 2007-04-26 2012-07-31 Microsoft Corporation Framework for providing metrics from any datasource
US7966660B2 (en) * 2007-05-23 2011-06-21 Honeywell International Inc. Apparatus and method for deploying a wireless network intrusion detection system to resource-constrained devices
DE102008024668A1 (en) * 2007-05-24 2008-11-27 ABB Inc., Norwalk Inventory monitor for fieldbus devices
US8108924B1 (en) * 2007-05-24 2012-01-31 Sprint Communications Company L.P. Providing a firewall's connection data in a comprehendible format
US8533821B2 (en) * 2007-05-25 2013-09-10 International Business Machines Corporation Detecting and defending against man-in-the-middle attacks
US20080313228A1 (en) * 2007-06-15 2008-12-18 Rockwell Automation Technologies, Inc. Controller log and log aggregation
WO2009006937A1 (en) * 2007-07-09 2009-01-15 Abb Research Ltd Data recording apparatus
US8132248B2 (en) * 2007-07-18 2012-03-06 Trend Micro Incorporated Managing configurations of a firewall
US7992209B1 (en) 2007-07-19 2011-08-02 Owl Computing Technologies, Inc. Bilateral communication using multiple one-way data links
US9336387B2 (en) * 2007-07-30 2016-05-10 Stroz Friedberg, Inc. System, method, and computer program product for detecting access to a memory device
US8024802B1 (en) * 2007-07-31 2011-09-20 Hewlett-Packard Development Company, L.P. Methods and systems for using state ranges for processing regular expressions in intrusion-prevention systems
US8301676B2 (en) * 2007-08-23 2012-10-30 Fisher-Rosemount Systems, Inc. Field device with capability of calculating digital filter coefficients
US8239922B2 (en) * 2007-08-27 2012-08-07 Honeywell International Inc. Remote HVAC control with user privilege setup
US7702401B2 (en) 2007-09-05 2010-04-20 Fisher-Rosemount Systems, Inc. System for preserving and displaying process control data associated with an abnormal situation
IL187492A0 (en) * 2007-09-06 2008-02-09 Human Interface Security Ltd Information protection device
US8074278B2 (en) * 2007-09-14 2011-12-06 Fisher-Rosemount Systems, Inc. Apparatus and methods for intrusion protection in safety instrumented process control systems
DE102007046079A1 (en) * 2007-09-26 2009-04-02 Siemens Ag A method for establishing a secure connection from a service technician to an incident affected component of a remote diagnosable and / or remote controllable automation environment
US20090088883A1 (en) * 2007-09-27 2009-04-02 Rockwell Automation Technologies, Inc. Surface-based computing in an industrial automation environment
US8296414B1 (en) * 2007-09-28 2012-10-23 Emc Corporation Techniques for automated application discovery
US8224942B1 (en) 2007-10-02 2012-07-17 Google Inc. Network failure detection
US8055479B2 (en) 2007-10-10 2011-11-08 Fisher-Rosemount Systems, Inc. Simplified algorithm for abnormal situation prevention in load following applications including plugged line diagnostics in a dynamic process
US20090100430A1 (en) * 2007-10-15 2009-04-16 Marco Valentin Method and system for a task automation tool
US8223205B2 (en) * 2007-10-24 2012-07-17 Waterfall Solutions Ltd. Secure implementation of network-based sensors
US8959624B2 (en) * 2007-10-31 2015-02-17 Bank Of America Corporation Executable download tracking system
US9282005B1 (en) * 2007-11-01 2016-03-08 Emc Corporation IT infrastructure policy breach investigation interface
US8516539B2 (en) * 2007-11-09 2013-08-20 Citrix Systems, Inc System and method for inferring access policies from access event records
US8990910B2 (en) * 2007-11-13 2015-03-24 Citrix Systems, Inc. System and method using globally unique identities
US20090150513A1 (en) * 2007-12-10 2009-06-11 At&T Knowledge Ventures, Lp Method and System for Gathering Network Data
KR20090065183A (en) * 2007-12-17 2009-06-22 한국전자통신연구원 Apparatus and method automatically generating security policy of selinux based on selt
US8095938B1 (en) * 2007-12-21 2012-01-10 Emc Corporation Managing alert generation
US20090204702A1 (en) * 2008-02-08 2009-08-13 Autiq As System and method for network management using self-discovering thin agents
US9336385B1 (en) * 2008-02-11 2016-05-10 Adaptive Cyber Security Instruments, Inc. System for real-time threat detection and management
TWI406151B (en) * 2008-02-27 2013-08-21 Asustek Comp Inc Antivirus protection method and electronic device with antivirus protection
US20090228838A1 (en) * 2008-03-04 2009-09-10 Ryan Christopher N Content design tool
US8839460B2 (en) * 2008-03-07 2014-09-16 Qualcomm Incorporated Method for securely communicating information about the location of a compromised computing device
US8606686B1 (en) * 2008-03-07 2013-12-10 Versify Solutions, Inc. System and method for gathering and performing complex analyses on power data from multiple remote sources
US8850568B2 (en) * 2008-03-07 2014-09-30 Qualcomm Incorporated Method and apparatus for detecting unauthorized access to a computing device and securely communicating information about such unauthorized access
US8965719B1 (en) * 2008-03-07 2015-02-24 Versify Solutions, Inc. Universal performance monitor for power generators
US9240945B2 (en) * 2008-03-19 2016-01-19 Citrix Systems, Inc. Access, priority and bandwidth management based on application identity
US20090254970A1 (en) * 2008-04-04 2009-10-08 Avaya Inc. Multi-tier security event correlation and mitigation
WO2009128905A1 (en) 2008-04-17 2009-10-22 Siemens Energy, Inc. Method and system for cyber security management of industrial control systems
US8761948B1 (en) 2008-04-25 2014-06-24 Versify Solutions, Inc. System and method for managing and monitoring renewable energy power generation
US8943575B2 (en) 2008-04-30 2015-01-27 Citrix Systems, Inc. Method and system for policy simulation
US20090276469A1 (en) * 2008-05-01 2009-11-05 International Business Machines Corporation Method for transactional behavior extaction in distributed applications
US20090276852A1 (en) * 2008-05-01 2009-11-05 International Business Machines Corporation Statistical worm discovery within a security information management architecture
US8339959B1 (en) 2008-05-20 2012-12-25 Juniper Networks, Inc. Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane
US8713177B2 (en) * 2008-05-30 2014-04-29 Red Hat, Inc. Remote management of networked systems using secure modular platform
US8122503B2 (en) * 2008-05-31 2012-02-21 Hewlett-Packard Development Company, L.P. Methods and systems for managing a potential security threat to a network
US20100042912A1 (en) * 2008-06-12 2010-02-18 Eva Whitaker Reminder and notification system for a parent
US8312540B1 (en) * 2008-06-13 2012-11-13 Juniper Networks, Inc. System for slowing password attacks
US8689335B2 (en) * 2008-06-25 2014-04-01 Microsoft Corporation Mapping between users and machines in an enterprise security assessment sharing system
WO2010008479A2 (en) 2008-06-25 2010-01-21 Versify Solutions, Llc Aggregator, monitor, and manager of distributed demand response
DE102008030939A1 (en) * 2008-07-02 2010-01-07 Deutsche Thomson Ohg Method and device for managing data transmission in a network
US20110087761A1 (en) * 2008-07-07 2011-04-14 Mo-Han Fong Power saving schemes for wireless systems
US8711747B2 (en) 2008-07-07 2014-04-29 Apple Inc. Power saving methods for wireless systems
US8745268B2 (en) * 2008-08-18 2014-06-03 Schneider Electric USA, Inc. In-line security device
US9100297B2 (en) 2008-08-20 2015-08-04 Red Hat, Inc. Registering new machines in a software provisioning environment
US8955107B2 (en) * 2008-09-12 2015-02-10 Juniper Networks, Inc. Hierarchical application of security services within a computer network
US9098698B2 (en) 2008-09-12 2015-08-04 George Mason Research Foundation, Inc. Methods and apparatus for application isolation
US20100088197A1 (en) * 2008-10-02 2010-04-08 Dehaan Michael Paul Systems and methods for generating remote system inventory capable of differential update reports
US8301759B2 (en) * 2008-10-24 2012-10-30 Microsoft Corporation Monitoring agent programs in a distributed computing platform
IL194943A0 (en) * 2008-10-27 2009-09-22 Human Interface Security Ltd Verification of data transmitted by computer
US8990573B2 (en) * 2008-11-10 2015-03-24 Citrix Systems, Inc. System and method for using variable security tag location in network communications
US9084937B2 (en) 2008-11-18 2015-07-21 Gtech Canada Ulc Faults and performance issue prediction
US8028196B2 (en) * 2008-11-18 2011-09-27 Gtech Corporation Predictive diagnostics and fault management
US8775574B2 (en) * 2008-11-26 2014-07-08 Red Hat, Inc. Remote network management having multi-node awareness
US8782204B2 (en) 2008-11-28 2014-07-15 Red Hat, Inc. Monitoring hardware resources in a software provisioning environment
US8578491B2 (en) * 2008-12-11 2013-11-05 Alcatel Lucent Network based malware detection and reporting
US7996713B2 (en) * 2008-12-15 2011-08-09 Juniper Networks, Inc. Server-to-server integrity checking
US8019860B2 (en) * 2008-12-22 2011-09-13 Sap Ag Service accounting method and apparatus for composite service
US8737398B2 (en) * 2008-12-31 2014-05-27 Schneider Electric USA, Inc. Communication module with network isolation and communication filter
US9558195B2 (en) 2009-02-27 2017-01-31 Red Hat, Inc. Depopulation of user data from network
US9313105B2 (en) * 2009-02-27 2016-04-12 Red Hat, Inc. Network management using secure mesh command and control framework
US8719392B2 (en) * 2009-02-27 2014-05-06 Red Hat, Inc. Searching a managed network for setting and configuration data
US8402267B1 (en) 2009-03-18 2013-03-19 University Of Louisville Research Foundation, Inc. Security enhanced network device and method for secure operation of same
US8868907B2 (en) 2009-03-18 2014-10-21 University Of Louisville Research Foundation, Inc. Device, method, and system for processing communications for secure operation of industrial control system field devices
US8935773B2 (en) 2009-04-09 2015-01-13 George Mason Research Foundation, Inc. Malware detector
US9305189B2 (en) 2009-04-14 2016-04-05 Owl Computing Technologies, Inc. Ruggedized, compact and integrated one-way controlled interface to enforce confidentiality of a secure enclave
US20100269162A1 (en) 2009-04-15 2010-10-21 Jose Bravo Website authentication
FR2944886B1 (en) * 2009-04-22 2011-07-15 Thales Sa INTEGRATED SUPERVISION AND COMMAND SYSTEM
US8914878B2 (en) 2009-04-29 2014-12-16 Juniper Networks, Inc. Detecting malicious network software agents
US8504636B2 (en) * 2009-05-08 2013-08-06 Raytheon Company Monitoring communications using a unified communications protocol
EP2252006A1 (en) * 2009-05-15 2010-11-17 Panda Security S.L. System and method for obtaining a classification of an identifier
US9134987B2 (en) 2009-05-29 2015-09-15 Red Hat, Inc. Retiring target machines by a provisioning server
US9280399B2 (en) * 2009-05-29 2016-03-08 Red Hat, Inc. Detecting, monitoring, and configuring services in a netwowk
US8566459B2 (en) * 2009-05-29 2013-10-22 Red Hat, Inc. Systems and methods for integrated console management interface
US9298583B2 (en) * 2009-06-04 2016-03-29 International Business Machines Corporation Network traffic based power consumption estimation of information technology systems
US8694905B2 (en) * 2009-06-10 2014-04-08 International Business Machines Corporation Model-driven display of metric annotations on a resource/relationship graph
US20100325687A1 (en) * 2009-06-22 2010-12-23 Iverson Gyle T Systems and Methods for Custom Device Automatic Password Management
US8863253B2 (en) 2009-06-22 2014-10-14 Beyondtrust Software, Inc. Systems and methods for automatic discovery of systems and accounts
US9160545B2 (en) * 2009-06-22 2015-10-13 Beyondtrust Software, Inc. Systems and methods for A2A and A2DB security using program authentication factors
US8839422B2 (en) 2009-06-30 2014-09-16 George Mason Research Foundation, Inc. Virtual browsing environment
US20110004589A1 (en) * 2009-07-06 2011-01-06 Rockwell Automation Technologies, Inc. Diagnostics in a distributed directory system
US11797997B2 (en) 2009-07-07 2023-10-24 Visa International Service Association Data verification in transactions in distributed network
US8752142B2 (en) 2009-07-17 2014-06-10 American Express Travel Related Services Company, Inc. Systems, methods, and computer program products for adapting the security measures of a communication network based on feedback
US8788652B2 (en) * 2009-07-27 2014-07-22 Ixia Real world network testing combining lower layer network tests, application layer tests and interdependent interactions
GB2484878B (en) 2009-08-13 2015-01-07 Ibm Automatic address range detection for IP networks
US8311987B2 (en) * 2009-08-17 2012-11-13 Sap Ag Data staging system and method
US9425976B2 (en) * 2009-08-19 2016-08-23 Hewlett Packard Enterprise Development Lp Reporting operational information of a network device
US20110047406A1 (en) * 2009-08-24 2011-02-24 General Devices Systems and methods for sending, receiving and managing electronic messages
US8607093B2 (en) * 2009-08-31 2013-12-10 Red Hat, Inc. Systems and methods for detecting machine faults in network using acoustic monitoring
US8166341B2 (en) * 2009-08-31 2012-04-24 Red Hat, Inc. Systems and methods for testing results of configuration management activity
US8914787B2 (en) * 2009-08-31 2014-12-16 Red Hat, Inc. Registering software management component types in a managed network
US8463885B2 (en) * 2009-08-31 2013-06-11 Red Hat, Inc. Systems and methods for generating management agent installations
US8789173B2 (en) * 2009-09-03 2014-07-22 Juniper Networks, Inc. Protecting against distributed network flood attacks
GB2474545B (en) * 2009-09-24 2015-06-24 Fisher Rosemount Systems Inc Integrated unified threat management for a process control system
US9967169B2 (en) * 2009-09-30 2018-05-08 Red Hat, Inc. Detecting network conditions based on correlation between trend lines
US8335989B2 (en) * 2009-10-26 2012-12-18 Nokia Corporation Method and apparatus for presenting polymorphic notes in a graphical user interface
US8719782B2 (en) 2009-10-29 2014-05-06 Red Hat, Inc. Integrated package development and machine configuration management
US20110106738A1 (en) * 2009-10-29 2011-05-05 Marianna Cheklin System and method for managing implementations
CN101714990B (en) * 2009-10-30 2013-06-05 清华大学 Network security safeguarding integrated system and control method thereof
US8369345B1 (en) 2009-11-13 2013-02-05 Juniper Networks, Inc. Multi-router system having shared network interfaces
US8302189B2 (en) * 2009-11-30 2012-10-30 At&T Intellectual Property I, L.P. Methods, devices, systems, and computer program products for edge driven communications network security monitoring
US8683609B2 (en) * 2009-12-04 2014-03-25 International Business Machines Corporation Mobile phone and IP address correlation service
US9756076B2 (en) * 2009-12-17 2017-09-05 American Express Travel Related Services Company, Inc. Dynamically reacting policies and protections for securing mobile financial transactions
US8621636B2 (en) 2009-12-17 2013-12-31 American Express Travel Related Services Company, Inc. Systems, methods, and computer program products for collecting and reporting sensor data in a communication network
US8832707B2 (en) * 2009-12-21 2014-09-09 International Business Machines Corporation Tunable error resilience computing
US8650129B2 (en) 2010-01-20 2014-02-11 American Express Travel Related Services Company, Inc. Dynamically reacting policies and protections for securing mobile financial transaction data in transit
US8793789B2 (en) 2010-07-22 2014-07-29 Bank Of America Corporation Insider threat correlation tool
US9038187B2 (en) * 2010-01-26 2015-05-19 Bank Of America Corporation Insider threat correlation tool
US8782209B2 (en) * 2010-01-26 2014-07-15 Bank Of America Corporation Insider threat correlation tool
US8800034B2 (en) * 2010-01-26 2014-08-05 Bank Of America Corporation Insider threat correlation tool
US8782794B2 (en) 2010-04-16 2014-07-15 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US8544100B2 (en) 2010-04-16 2013-09-24 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US20110258302A1 (en) * 2010-04-20 2011-10-20 No Limits Software, LLC System And Method For Remotely Determining Identification And Physical Location Of Equipment In A Rack
CN101848241B (en) * 2010-05-06 2012-12-19 安徽省电力公司合肥供电公司 Ies500 automatic real-time data and information system
WO2011143462A1 (en) 2010-05-14 2011-11-17 Harnischfeger Technologies, Inc. Remote monitoring of machine alarms
US8489525B2 (en) 2010-05-20 2013-07-16 International Business Machines Corporation Automatic model evolution
US8533319B2 (en) 2010-06-02 2013-09-10 Lockheed Martin Corporation Methods and systems for prioritizing network assets
CN102281164A (en) * 2010-06-08 2011-12-14 腾讯科技(深圳)有限公司 Method, equipment and system for monitoring data
US10360625B2 (en) 2010-06-22 2019-07-23 American Express Travel Related Services Company, Inc. Dynamically adaptive policy management for securing mobile financial transactions
US8850539B2 (en) 2010-06-22 2014-09-30 American Express Travel Related Services Company, Inc. Adaptive policies and protections for securing financial transaction data at rest
US8924296B2 (en) 2010-06-22 2014-12-30 American Express Travel Related Services Company, Inc. Dynamic pairing system for securing a trusted communication channel
US8498982B1 (en) 2010-07-07 2013-07-30 Openlogic, Inc. Noise reduction for content matching analysis results for protectable content
WO2012012266A2 (en) 2010-07-19 2012-01-26 Owl Computing Technologies. Inc. Secure acknowledgment device for one-way data transfer system
KR101377462B1 (en) * 2010-08-24 2014-03-25 한국전자통신연구원 Automated Control Method And Apparatus of DDos Attack Prevention Policy Using the status of CPU and Memory
US8423638B2 (en) * 2010-09-29 2013-04-16 International Business Machines Corporation Performance monitoring of a computer resource
US9355004B2 (en) * 2010-10-05 2016-05-31 Red Hat Israel, Ltd. Installing monitoring utilities using universal performance monitor
US9524224B2 (en) 2010-10-05 2016-12-20 Red Hat Israel, Ltd. Customized monitoring of system activities
US9363107B2 (en) 2010-10-05 2016-06-07 Red Hat Israel, Ltd. Accessing and processing monitoring data resulting from customized monitoring of system activities
JP5669507B2 (en) * 2010-10-05 2015-02-12 キヤノン株式会社 Management apparatus, management apparatus control method, and computer program
US9256488B2 (en) 2010-10-05 2016-02-09 Red Hat Israel, Ltd. Verification of template integrity of monitoring templates used for customized monitoring of system activities
US8683591B2 (en) 2010-11-18 2014-03-25 Nant Holdings Ip, Llc Vector-based anomaly detection
US8788654B2 (en) * 2010-12-07 2014-07-22 Cisco Technology, Inc. System and method for allocating resources based on events in a network environment
US8826437B2 (en) 2010-12-14 2014-09-02 General Electric Company Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in a communications network
TWI447574B (en) 2010-12-27 2014-08-01 Ibm Method,computer readable medium, appliance,and system for recording and prevevting crash in an appliance
US8499348B1 (en) * 2010-12-28 2013-07-30 Amazon Technologies, Inc. Detection of and responses to network attacks
RU2453917C1 (en) * 2010-12-30 2012-06-20 Закрытое акционерное общество "Лаборатория Касперского" System and method for optimising execution of antivirus tasks in local area network
US8935383B2 (en) * 2010-12-31 2015-01-13 Verisign, Inc. Systems, apparatus, and methods for network data analysis
US8935743B2 (en) * 2011-01-27 2015-01-13 Sap Se Web service security cockpit
US8800031B2 (en) 2011-02-03 2014-08-05 International Business Machines Corporation Controlling access to sensitive data based on changes in information classification
US8695095B2 (en) * 2011-03-11 2014-04-08 At&T Intellectual Property I, L.P. Mobile malicious software mitigation
US9058029B2 (en) * 2011-03-31 2015-06-16 Brad Radl System and method for creating a graphical control programming environment
US20120260251A1 (en) * 2011-04-05 2012-10-11 International Business Machines Corporation Prevention of event flooding
US8838988B2 (en) 2011-04-12 2014-09-16 International Business Machines Corporation Verification of transactional integrity
US20120272314A1 (en) * 2011-04-21 2012-10-25 Cybyl Technologies, Inc. Data collection system
EP2518969A1 (en) * 2011-04-27 2012-10-31 Siemens Aktiengesellschaft Method for operating an automation device
US9237127B2 (en) * 2011-05-12 2016-01-12 Airmagnet, Inc. Method and apparatus for dynamic host operating system firewall configuration
US9927788B2 (en) 2011-05-19 2018-03-27 Fisher-Rosemount Systems, Inc. Software lockout coordination between a process control system and an asset management system
US9665458B2 (en) 2011-06-01 2017-05-30 Data Security Solutions, Llc Method and system for providing information from third party applications to devices
US10229280B2 (en) * 2011-06-14 2019-03-12 International Business Machines Corporation System and method to protect a resource using an active avatar
US9065744B2 (en) * 2011-06-20 2015-06-23 Netscout Systems, Inc. Performance optimized and configurable state based heuristic for the classification of real-time transport protocol traffic
WO2012174603A1 (en) * 2011-06-24 2012-12-27 Honeywell International Inc. Systems and methods for presenting dvm system information
US8547975B2 (en) 2011-06-28 2013-10-01 Verisign, Inc. Parallel processing for multiple instance real-time monitoring
US8526470B2 (en) 2011-07-05 2013-09-03 Ixia Synchronized commands for network testing
US8943177B1 (en) * 2011-07-13 2015-01-27 Google Inc. Modifying a computer program configuration based on variable-bin histograms
US8688828B2 (en) * 2011-08-29 2014-04-01 Cisco Technology, Inc. Session layer for monitoring utility application traffic
US8533219B2 (en) * 2011-09-02 2013-09-10 Bbs Technologies, Inc. Adjusting one or more trace filters in a database system
US9298917B2 (en) * 2011-09-27 2016-03-29 Redwall Technologies, Llc Enhanced security SCADA systems and methods
JP5742635B2 (en) * 2011-09-29 2015-07-01 東京エレクトロン株式会社 Substrate processing apparatus, alarm management method for substrate processing apparatus, and storage medium
US20130086635A1 (en) * 2011-09-30 2013-04-04 General Electric Company System and method for communication in a network
US20130086680A1 (en) * 2011-09-30 2013-04-04 General Electric Company System and method for communication in a network
EP2575065A1 (en) * 2011-09-30 2013-04-03 General Electric Company Remote health monitoring system
US8856936B2 (en) 2011-10-14 2014-10-07 Albeado Inc. Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security
US8839089B2 (en) * 2011-11-01 2014-09-16 Microsoft Corporation Multi-dimensional data manipulation and presentation
US9081959B2 (en) 2011-12-02 2015-07-14 Invincea, Inc. Methods and apparatus for control and detection of malicious content using a sandbox environment
US9356839B2 (en) * 2011-12-09 2016-05-31 Riverbed Technology, Inc. Policy aggregation for computing network health
US8707100B2 (en) 2011-12-13 2014-04-22 Ixia Testing a network using randomly distributed commands
US9741003B2 (en) * 2011-12-19 2017-08-22 Microsoft Technology Licensing, Llc Method and system for providing centralized notifications to an administrator
CN102495619B (en) * 2011-12-29 2013-08-28 深圳市再丰达科技有限公司 Parking lot management system
US9251535B1 (en) 2012-01-05 2016-02-02 Juniper Networks, Inc. Offload of data transfer statistics from a mobile access gateway
AU2013200491B2 (en) 2012-01-30 2015-02-12 Joy Global Surface Mining Inc System and method for remote monitoring of drilling equipment
EP2624083A1 (en) * 2012-02-01 2013-08-07 ABB Research Ltd. Dynamic configuration of an industrial control system
WO2013154576A1 (en) * 2012-04-13 2013-10-17 Nokia Siemens Networks Oy Monitoring suspicious events in a cellular network
US8966321B2 (en) 2012-05-09 2015-02-24 Ixia Logical port and layer protocol test configuration resource manager
US8843953B1 (en) * 2012-06-24 2014-09-23 Time Warner Cable Enterprises Llc Methods and apparatus for providing parental or guardian control and visualization over communications to various devices in the home
US20220038483A1 (en) * 2012-06-26 2022-02-03 Aeris Communications, Inc. Methodology for intelligent pattern detection and anomaly detection in machine to machine communication network
US8917826B2 (en) 2012-07-31 2014-12-23 International Business Machines Corporation Detecting man-in-the-middle attacks in electronic transactions using prompts
US9392003B2 (en) 2012-08-23 2016-07-12 Raytheon Foreground Security, Inc. Internet security cyber threat reporting system and method
US9258321B2 (en) 2012-08-23 2016-02-09 Raytheon Foreground Security, Inc. Automated internet threat detection and mitigation system and associated methods
US9635037B2 (en) 2012-09-06 2017-04-25 Waterfall Security Solutions Ltd. Remote control of secure installations
US10394946B2 (en) 2012-09-07 2019-08-27 Splunk Inc. Refining extraction rules based on selected text within events
US9594814B2 (en) 2012-09-07 2017-03-14 Splunk Inc. Advanced field extractor with modification of an extracted field
US9047181B2 (en) 2012-09-07 2015-06-02 Splunk Inc. Visualization of data from clusters
US8751963B1 (en) 2013-01-23 2014-06-10 Splunk Inc. Real time indication of previously extracted data fields for regular expressions
US9753909B2 (en) 2012-09-07 2017-09-05 Splunk, Inc. Advanced field extractor with multiple positive examples
US8682906B1 (en) * 2013-01-23 2014-03-25 Splunk Inc. Real time display of data field values based on manual editing of regular expressions
US20140208217A1 (en) 2013-01-22 2014-07-24 Splunk Inc. Interface for managing splittable timestamps across event records
US11477068B2 (en) 2012-09-27 2022-10-18 Kaseya Limited Data network notification bar user interface
US9450819B2 (en) * 2012-10-12 2016-09-20 Cisco Technology, Inc. Autonomic network sentinels
US10025686B2 (en) * 2012-10-30 2018-07-17 Intel Corporation Generating and communicating platform event digests from a processor of a system
US9189644B2 (en) 2012-12-20 2015-11-17 Bank Of America Corporation Access requests at IAM system implementing IAM data model
US9529629B2 (en) * 2012-12-20 2016-12-27 Bank Of America Corporation Computing resource inventory system
US9177139B2 (en) * 2012-12-30 2015-11-03 Honeywell International Inc. Control system cyber security
EP2943843A4 (en) 2013-01-08 2016-10-26 Secure Nok As Method, device and computer program for monitoring an industrial control system
US9152929B2 (en) 2013-01-23 2015-10-06 Splunk Inc. Real time display of statistics and values for selected regular expressions
US9245147B1 (en) * 2013-01-30 2016-01-26 White Badger Group, LLC State machine reference monitor for information system security
US9143517B2 (en) 2013-01-31 2015-09-22 Hewlett-Packard Development Company, L.P. Threat exchange information protection
US9729505B2 (en) 2013-01-31 2017-08-08 Entit Software Llc Security threat analysis
US9456001B2 (en) 2013-01-31 2016-09-27 Hewlett Packard Enterprise Development Lp Attack notification
US9275348B2 (en) 2013-01-31 2016-03-01 Hewlett Packard Enterprise Development Lp Identifying participants for collaboration in a threat exchange community
WO2014120181A1 (en) 2013-01-31 2014-08-07 Hewlett-Packard Development Company, L.P. Targeted security alerts
CN103971056B (en) * 2013-01-31 2016-05-11 腾讯科技(深圳)有限公司 A kind ofly prevent the unloaded method and apparatus of application program in operating system
US9118603B2 (en) * 2013-03-08 2015-08-25 Edward Blake MILLER System and method for managing attempted access of objectionable content and/or tampering with a content filtering device
US9596245B2 (en) * 2013-04-04 2017-03-14 Owl Computing Technologies, Inc. Secure one-way interface for a network device
US9419975B2 (en) 2013-04-22 2016-08-16 Waterfall Security Solutions Ltd. Bi-directional communication over a one-way link
US10997191B2 (en) 2013-04-30 2021-05-04 Splunk Inc. Query-triggered processing of performance data and log data from an information technology environment
US10614132B2 (en) 2013-04-30 2020-04-07 Splunk Inc. GUI-triggered processing of performance data and log data from an information technology environment
US10225136B2 (en) 2013-04-30 2019-03-05 Splunk Inc. Processing of log data and performance data obtained via an application programming interface (API)
US10318541B2 (en) 2013-04-30 2019-06-11 Splunk Inc. Correlating log data with performance measurements having a specified relationship to a threshold value
US10353957B2 (en) 2013-04-30 2019-07-16 Splunk Inc. Processing of performance data and raw log data from an information technology environment
US10019496B2 (en) 2013-04-30 2018-07-10 Splunk Inc. Processing of performance data and log data from an information technology environment by using diverse data stores
US10346357B2 (en) 2013-04-30 2019-07-09 Splunk Inc. Processing of performance data and structure data from an information technology environment
US10031647B2 (en) 2013-05-14 2018-07-24 Google Llc System for universal remote media control in a multi-user, multi-platform, multi-device environment
US9331894B2 (en) * 2013-05-31 2016-05-03 International Business Machines Corporation Information exchange in data center systems
US20140359694A1 (en) * 2013-06-03 2014-12-04 eSentire, Inc. System and method for computer system security
US9122853B2 (en) 2013-06-24 2015-09-01 A10 Networks, Inc. Location determination for user authentication
US10574548B2 (en) * 2013-07-31 2020-02-25 Splunk Inc. Key indicators view
US20150061858A1 (en) * 2013-08-28 2015-03-05 Unisys Corporation Alert filter for defining rules for processing received alerts
US20150067762A1 (en) * 2013-09-03 2015-03-05 Samsung Electronics Co., Ltd. Method and system for configuring smart home gateway firewall
US9680794B2 (en) 2013-09-04 2017-06-13 Owl Computing Technologies, Llc Secure one-way interface for archestra data transfer
CN103439911B (en) * 2013-09-11 2016-05-04 北京四方继保自动化股份有限公司 A kind of industrial control system method for managing security of various dimensions
CN103501345B (en) * 2013-10-12 2016-11-09 成都阜特科技股份有限公司 A kind of control method of remote centralized control system
US9246935B2 (en) 2013-10-14 2016-01-26 Intuit Inc. Method and system for dynamic and comprehensive vulnerability management
US9148869B2 (en) 2013-10-15 2015-09-29 The Toronto-Dominion Bank Location-based account activity alerts
US8667589B1 (en) * 2013-10-27 2014-03-04 Konstantin Saprygin Protection against unauthorized access to automated system for control of technological processes
US8779919B1 (en) * 2013-11-03 2014-07-15 Instant Care, Inc. Event communication apparatus and method
WO2015063000A1 (en) * 2013-11-04 2015-05-07 Koninklijke Philips N.V. Method of notifying a user on a task on an apparatus
US11165770B1 (en) 2013-12-06 2021-11-02 A10 Networks, Inc. Biometric verification of a human internet user
US10436977B2 (en) 2013-12-11 2019-10-08 Ademco Inc. Building automation system setup using a remote control device
US9794278B1 (en) * 2013-12-19 2017-10-17 Symantec Corporation Network-based whitelisting approach for critical systems
US9501345B1 (en) 2013-12-23 2016-11-22 Intuit Inc. Method and system for creating enriched log data
US10225347B2 (en) * 2013-12-24 2019-03-05 Verizon Patent And Licensing Inc. Message controlled appliances
US9323926B2 (en) 2013-12-30 2016-04-26 Intuit Inc. Method and system for intrusion and extrusion detection
US9742624B2 (en) * 2014-01-21 2017-08-22 Oracle International Corporation Logging incident manager
US9311810B2 (en) 2014-01-23 2016-04-12 General Electric Company Implementing standardized behaviors in a hosting device
DE102014201592A1 (en) * 2014-01-29 2015-07-30 Siemens Aktiengesellschaft Methods and apparatus for detecting autonomous, self-propagating software
US20150304343A1 (en) 2014-04-18 2015-10-22 Intuit Inc. Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment
US9325726B2 (en) 2014-02-03 2016-04-26 Intuit Inc. Method and system for virtual asset assisted extrusion and intrusion detection in a cloud computing environment
EP2908195B1 (en) * 2014-02-13 2017-07-05 Siemens Aktiengesellschaft Method for monitoring security in an automation network, and automation network
US9866581B2 (en) 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
CN105934916B (en) * 2014-02-23 2021-01-08 英特尔公司 Orchestrating and managing services to deployed devices
US11405410B2 (en) * 2014-02-24 2022-08-02 Cyphort Inc. System and method for detecting lateral movement and data exfiltration
US9276945B2 (en) 2014-04-07 2016-03-01 Intuit Inc. Method and system for providing security aware applications
JP6252254B2 (en) * 2014-02-28 2017-12-27 富士通株式会社 Monitoring program, monitoring method and monitoring apparatus
WO2015134572A1 (en) * 2014-03-06 2015-09-11 Foreground Security Internet security cyber threat reporting
US9245117B2 (en) 2014-03-31 2016-01-26 Intuit Inc. Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US9374389B2 (en) 2014-04-25 2016-06-21 Intuit Inc. Method and system for ensuring an application conforms with security and regulatory controls prior to deployment
US9900322B2 (en) 2014-04-30 2018-02-20 Intuit Inc. Method and system for providing permissions management
US9235982B2 (en) * 2014-05-06 2016-01-12 International Business Machines Corporation Determining alert criteria in a network environment
US9330263B2 (en) 2014-05-27 2016-05-03 Intuit Inc. Method and apparatus for automating the building of threat models for the public cloud
US9634951B1 (en) * 2014-06-12 2017-04-25 Tripwire, Inc. Autonomous agent messaging
US10313257B1 (en) 2014-06-12 2019-06-04 Tripwire, Inc. Agent message delivery fairness
US10182046B1 (en) * 2015-06-23 2019-01-15 Amazon Technologies, Inc. Detecting a network crawler
US9575987B2 (en) 2014-06-23 2017-02-21 Owl Computing Technologies, Inc. System and method for providing assured database updates via a one-way data link
US9917759B2 (en) * 2014-07-21 2018-03-13 Ca, Inc. Incident-based adaptive monitoring of information in a distributed computing environment
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US9473481B2 (en) 2014-07-31 2016-10-18 Intuit Inc. Method and system for providing a virtual asset perimeter
US20160092045A1 (en) 2014-09-30 2016-03-31 Splunk, Inc. Event View Selector
US11231840B1 (en) 2014-10-05 2022-01-25 Splunk Inc. Statistics chart row mode drill down
US10795555B2 (en) 2014-10-05 2020-10-06 Splunk Inc. Statistics value chart interface row mode drill down
IL235175A (en) 2014-10-19 2017-08-31 Frenkel Lior Secure remote desktop
US9489517B2 (en) * 2014-10-21 2016-11-08 Fujitsu Limited Determining an attack surface of software
US9960975B1 (en) * 2014-11-05 2018-05-01 Amazon Technologies, Inc. Analyzing distributed datasets
DE102014226398A1 (en) * 2014-12-18 2016-06-23 Siemens Aktiengesellschaft Method and device for the feedback-free acquisition of data
US11023449B2 (en) * 2014-12-19 2021-06-01 EMC IP Holding Company LLC Method and system to search logs that contain a massive number of entries
US10021137B2 (en) * 2014-12-27 2018-07-10 Mcafee, Llc Real-time mobile security posture
WO2017078986A1 (en) 2014-12-29 2017-05-11 Cyence Inc. Diversity analysis with actionable feedback methodologies
US10341376B2 (en) 2014-12-29 2019-07-02 Guidewire Software, Inc. Diversity analysis with actionable feedback methodologies
US9699209B2 (en) 2014-12-29 2017-07-04 Cyence Inc. Cyber vulnerability scan analyses with actionable feedback
US11855768B2 (en) 2014-12-29 2023-12-26 Guidewire Software, Inc. Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information
US11863590B2 (en) 2014-12-29 2024-01-02 Guidewire Software, Inc. Inferential analysis using feedback for extracting and combining cyber risk information
US10050989B2 (en) 2014-12-29 2018-08-14 Guidewire Software, Inc. Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses
US10050990B2 (en) 2014-12-29 2018-08-14 Guidewire Software, Inc. Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information
US11817993B2 (en) 2015-01-27 2023-11-14 Dell Products L.P. System for decomposing events and unstructured data
US11362881B2 (en) * 2015-01-27 2022-06-14 Moogsoft Inc. Distributed system for self updating agents and provides security
US11924018B2 (en) 2015-01-27 2024-03-05 Dell Products L.P. System for decomposing events and unstructured data
US10061824B2 (en) 2015-01-30 2018-08-28 Splunk Inc. Cell-based table manipulation of event data
US9842160B2 (en) 2015-01-30 2017-12-12 Splunk, Inc. Defining fields from particular occurences of field labels in events
US10726037B2 (en) 2015-01-30 2020-07-28 Splunk Inc. Automatic field extraction from filed values
US9922082B2 (en) 2015-01-30 2018-03-20 Splunk Inc. Enforcing dependency between pipelines
US9916346B2 (en) 2015-01-30 2018-03-13 Splunk Inc. Interactive command entry list
US9977803B2 (en) 2015-01-30 2018-05-22 Splunk Inc. Column-based table manipulation of event data
US10013454B2 (en) 2015-01-30 2018-07-03 Splunk Inc. Text-based table manipulation of event data
US10915583B2 (en) 2015-01-30 2021-02-09 Splunk Inc. Suggested field extraction
US9922084B2 (en) 2015-01-30 2018-03-20 Splunk Inc. Events sets in a visually distinct display format
US11442924B2 (en) 2015-01-30 2022-09-13 Splunk Inc. Selective filtered summary graph
US11544248B2 (en) 2015-01-30 2023-01-03 Splunk Inc. Selective query loading across query interfaces
US11615073B2 (en) 2015-01-30 2023-03-28 Splunk Inc. Supplementing events displayed in a table format
EP3065076A1 (en) * 2015-03-04 2016-09-07 Secure-Nok AS System and method for responding to a cyber-attack-related incident against an industrial control system
US10404748B2 (en) 2015-03-31 2019-09-03 Guidewire Software, Inc. Cyber risk analysis and remediation using network monitored sensors and methods of use
US9350750B1 (en) * 2015-04-03 2016-05-24 Area 1 Security, Inc. Distribution of security rules among sensor computers
US10261489B2 (en) 2015-04-15 2019-04-16 Indegy Ltd. Detection of mis-configuration and hostile attacks in industrial control networks using active querying
US9917753B2 (en) * 2015-06-12 2018-03-13 Level 3 Communications, Llc Network operational flaw detection using metrics
US10290022B1 (en) 2015-06-23 2019-05-14 Amazon Technologies, Inc. Targeting content based on user characteristics
US10275320B2 (en) * 2015-06-26 2019-04-30 Commvault Systems, Inc. Incrementally accumulating in-process performance data and hierarchical reporting thereof for a data stream in a secondary copy operation
US9923758B2 (en) * 2015-06-30 2018-03-20 Ca, Inc. Alert damage index
US10305744B2 (en) * 2015-07-08 2019-05-28 Fedex Corporate Services, Inc. System, apparatus, and methods of event monitoring for an event candidate related to an ID node within a wireless node network
EP3281114A4 (en) * 2015-07-16 2018-03-14 Canfield, Raymond Cyber security system and method using intelligent agents
US10015178B2 (en) * 2015-07-28 2018-07-03 Sap Se Real-time contextual monitoring intrusion detection and prevention
US10419452B2 (en) 2015-07-28 2019-09-17 Sap Se Contextual monitoring and tracking of SSH sessions
US10158657B1 (en) * 2015-08-06 2018-12-18 Microsoft Technology Licensing Llc Rating IP addresses based on interactions between users and an online service
US9641544B1 (en) 2015-09-18 2017-05-02 Palo Alto Networks, Inc. Automated insider threat prevention
US20170093887A1 (en) * 2015-09-24 2017-03-30 General Electric Company Network command evaluation and response system
US10326789B1 (en) * 2015-09-25 2019-06-18 Amazon Technologies, Inc. Web Bot detection and human differentiation
EP3151152B1 (en) * 2015-09-30 2020-04-08 Secure-Nok AS Non-intrusive software agent for monitoring and detection of cyber security events and cyber-attacks in an industrial control system
US10375026B2 (en) * 2015-10-28 2019-08-06 Shape Security, Inc. Web transaction status tracking
US20210226927A1 (en) * 2015-10-28 2021-07-22 Qomplx, Inc. System and method for fingerprint-based network mapping of cyber-physical assets
US10324956B1 (en) 2015-11-11 2019-06-18 Microsoft Technology Licensing, Llc Automatically mapping organizations to addresses
US10955810B2 (en) * 2015-11-13 2021-03-23 International Business Machines Corporation Monitoring communications flow in an industrial system to detect and mitigate hazardous conditions
US9894036B2 (en) 2015-11-17 2018-02-13 Cyber Adapt, Inc. Cyber threat attenuation using multi-source threat data analysis
EP3171567B1 (en) * 2015-11-23 2018-10-24 Alcatel Lucent Advanced persistent threat detection
IL242808A0 (en) * 2015-11-26 2016-04-21 Rafael Advanced Defense Sys System and method for detecting a cyber-attack at scada/ics managed plants
US9929970B1 (en) 2015-12-03 2018-03-27 Innovium, Inc. Efficient resource tracking
US10366129B2 (en) 2015-12-04 2019-07-30 Bank Of America Corporation Data security threat control monitoring system
US10218589B1 (en) 2015-12-17 2019-02-26 Innovium, Inc. Efficient resource status reporting apparatuses
CN105607954B (en) * 2015-12-21 2019-05-14 华南师范大学 A kind of method and apparatus that stateful container migrates online
US10154046B2 (en) 2015-12-28 2018-12-11 Schneider Electric USA, Inc. System and method for evaluation and response to cyber security exposure in an embedded control device
IL250010B (en) 2016-02-14 2020-04-30 Waterfall Security Solutions Ltd Secure connection with protected facilities
US10432429B1 (en) 2016-02-16 2019-10-01 Innovium, Inc. Efficient traffic management
US10027699B2 (en) * 2016-03-10 2018-07-17 Siemens Aktiengesellschaft Production process knowledge-based intrusion detection for industrial control systems
US10135817B2 (en) 2016-03-28 2018-11-20 Bank Of America Corporation Enhancing authentication and source of proof through a dynamically updatable biometrics database
US10039113B2 (en) 2016-03-28 2018-07-31 Bank Of America Corporation Intelligent resource procurement system based on physical proximity to related resources
US9743272B1 (en) 2016-03-28 2017-08-22 Bank Of America Corporation Security implementation for resource distribution
US10080132B2 (en) 2016-03-28 2018-09-18 Bank Of America Corporation System for adaptation of multiple digital signatures in a distributed network
US11108793B2 (en) * 2016-04-29 2021-08-31 Vmware, Inc. Preemptive alerts in a connected environment
US10796253B2 (en) 2016-06-17 2020-10-06 Bank Of America Corporation System for resource use allocation and distribution
US10038607B2 (en) 2016-06-17 2018-07-31 Bank Of America Corporation System for aggregated machine-initiated resource distribution
US10103936B2 (en) 2016-06-21 2018-10-16 Bank Of America Corporation Computerized resource reallocation system for transferring resource blocks based on custodian event
US10334462B2 (en) * 2016-06-23 2019-06-25 Bank Of America Corporation Predictive analytics for resource development based on information communicated from inter-related communication devices
US10439913B2 (en) 2016-07-01 2019-10-08 Bank Of America Corporation Dynamic replacement and upgrade of existing resources based on resource utilization
JP6690469B2 (en) * 2016-08-26 2020-04-28 富士通株式会社 Control program, control method, and information processing apparatus
JP6786960B2 (en) 2016-08-26 2020-11-18 富士通株式会社 Cyber attack analysis support program, cyber attack analysis support method and cyber attack analysis support device
US10242187B1 (en) * 2016-09-14 2019-03-26 Symantec Corporation Systems and methods for providing integrated security management
US10685279B2 (en) 2016-09-26 2020-06-16 Splunk Inc. Automatically generating field extraction recommendations
US10909140B2 (en) * 2016-09-26 2021-02-02 Splunk Inc. Clustering events based on extraction rules
US10127400B2 (en) 2016-09-26 2018-11-13 Bank Of America Corporation Control device for aggregation and distribution of machine-initiated resource distribution
US10467632B1 (en) * 2016-12-13 2019-11-05 Massachusetts Mutual Life Insurance Company Systems and methods for a multi-tiered fraud alert review
US10771483B2 (en) * 2016-12-30 2020-09-08 British Telecommunications Public Limited Company Identifying an attacked computing device
US10572658B2 (en) * 2017-01-23 2020-02-25 Paypal, Inc. Identifying computer behavior using visual data organization and graphs
EP3373181A1 (en) * 2017-03-09 2018-09-12 Siemens Aktiengesellschaft Method and computers to control protection measures against cyber criminal threats
US10230690B2 (en) * 2017-03-23 2019-03-12 International Business Machines Corporation Digital media content distribution blocking
US10440037B2 (en) * 2017-03-31 2019-10-08 Mcafee, Llc Identifying malware-suspect end points through entropy changes in consolidated logs
US10826925B2 (en) * 2017-04-28 2020-11-03 Honeywell International Inc. Consolidated enterprise view of cybersecurity data from multiple sites
US10977361B2 (en) 2017-05-16 2021-04-13 Beyondtrust Software, Inc. Systems and methods for controlling privileged operations
RU2651196C1 (en) * 2017-06-16 2018-04-18 Акционерное общество "Лаборатория Касперского" Method of the anomalous events detecting by the event digest popularity
US10560487B2 (en) 2017-07-26 2020-02-11 International Business Machines Corporation Intrusion detection and mitigation in data processing
US10931637B2 (en) 2017-09-15 2021-02-23 Palo Alto Networks, Inc. Outbound/inbound lateral traffic punting based on process risk
US10855656B2 (en) 2017-09-15 2020-12-01 Palo Alto Networks, Inc. Fine-grained firewall policy enforcement using session app ID and endpoint process ID correlation
WO2019060326A1 (en) * 2017-09-20 2019-03-28 University Of Utah Research Foundation Parsing system event logs while streaming
EP3480672B1 (en) * 2017-11-06 2020-02-19 Siemens Aktiengesellschaft Method for identifying and indicating operator access to process objects and operator system
SE1751567A1 (en) * 2017-12-18 2019-06-19 Komatsu Forest Ab Work machine and method for monitoring a control system at a work machine
EP3525054A1 (en) * 2018-02-07 2019-08-14 Siemens Aktiengesellschaft An intrusion detection system for detection of intrusions in an automated infrastructure
AU2019201137B2 (en) * 2018-02-20 2023-11-16 Darktrace Holdings Limited A cyber security appliance for a cloud infrastructure
US11463457B2 (en) * 2018-02-20 2022-10-04 Darktrace Holdings Limited Artificial intelligence (AI) based cyber threat analyst to support a cyber security appliance
US10169135B1 (en) * 2018-03-02 2019-01-01 Uptake Technologies, Inc. Computer system and method of detecting manufacturing network anomalies
US10554518B1 (en) 2018-03-02 2020-02-04 Uptake Technologies, Inc. Computer system and method for evaluating health of nodes in a manufacturing network
JP7163593B2 (en) * 2018-03-09 2022-11-01 富士通株式会社 Fraud monitoring program, fraud monitoring method, and information processing device
WO2019197989A1 (en) * 2018-04-09 2019-10-17 Cervello Ltd. Methods systems devices circuits and functionally related machine executable instructions for transportation management network cybersecurity
US10999304B2 (en) 2018-04-11 2021-05-04 Palo Alto Networks (Israel Analytics) Ltd. Bind shell attack detection
US11122064B2 (en) * 2018-04-23 2021-09-14 Micro Focus Llc Unauthorized authentication event detection
US11700279B2 (en) * 2018-06-29 2023-07-11 Corvid Cyberdefense, Llc Integrated security and threat prevention and detection platform
US10602099B2 (en) * 2018-07-10 2020-03-24 Saudi Arabian Oil Company Cogen-mom integration using tabulated information recognition
US10986117B1 (en) * 2018-08-07 2021-04-20 Ca, Inc. Systems and methods for providing an integrated cyber threat defense exchange platform
US10740134B2 (en) 2018-08-20 2020-08-11 Interwise Ltd. Agentless personal network firewall in virtualized datacenters
US11212322B2 (en) * 2018-10-10 2021-12-28 Rockwelll Automation Technologies, Inc. Automated discovery of security policy from design data
US11025657B2 (en) * 2018-12-13 2021-06-01 Imperva, Inc. Selective database logging with smart sampling
US20200192572A1 (en) 2018-12-14 2020-06-18 Commvault Systems, Inc. Disk usage growth prediction system
US11184377B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Malicious port scan detection using source profiles
US11184378B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Scanner probe detection
US11184376B2 (en) 2019-01-30 2021-11-23 Palo Alto Networks (Israel Analytics) Ltd. Port scan detection using destination profiles
EP3924946A4 (en) * 2019-02-15 2023-11-01 AVEVA Software, LLC Process mapping and monitoring using artificial intelligence
US10949322B2 (en) * 2019-04-08 2021-03-16 Hewlett Packard Enterprise Development Lp Collecting performance metrics of a device
GB2584018B (en) 2019-04-26 2022-04-13 Beyondtrust Software Inc Root-level application selective configuration
EP3966648A1 (en) * 2019-05-09 2022-03-16 Dürr Systems AG Analysis method and devices therefor
KR20220007877A (en) 2019-05-09 2022-01-19 듀르 시스템스 아게 Workpiece control method, control system and machining system
EP3966649A1 (en) 2019-05-09 2022-03-16 Dürr Systems AG Analysis method and devices for same
CN110191017B (en) * 2019-05-28 2021-09-10 上海尚往网络科技有限公司 Monitoring system and method for monitoring routing equipment abnormity
CN114245897A (en) 2019-06-21 2022-03-25 赛姆普蒂夫技术公司 Method for preventing root level access attacks and measurable SLA security and compliance platform
CN110543452B (en) * 2019-08-07 2022-07-05 浙江大华技术股份有限公司 Data acquisition method and equipment
CA3168656A1 (en) * 2020-01-22 2021-07-29 Siemens Industry, Inc. Real-time and independent cyber-attack monitoring and automatic cyber-attack response system
US20210286879A1 (en) * 2020-03-13 2021-09-16 International Business Machines Corporation Displaying Cyber Threat Data in a Narrative
US11698845B2 (en) * 2020-03-20 2023-07-11 UncommonX Inc. Evaluation rating of a system or portion thereof
US11140553B1 (en) * 2020-05-21 2021-10-05 Motorola Solutions, Inc. Threat detection and mitigation for remote wireless communication network control systems
US11449407B2 (en) 2020-05-28 2022-09-20 Bank Of America Corporation System and method for monitoring computing platform parameters and dynamically generating and deploying monitoring packages
US10958523B1 (en) 2020-07-28 2021-03-23 Bank Of America Corporation Consistent deployment of monitoring configurations on multiple computing systems
US11188437B1 (en) 2020-07-30 2021-11-30 Bank Of America Corporation Remote deployment of monitoring agents on computing systems
US11341830B2 (en) 2020-08-06 2022-05-24 Saudi Arabian Oil Company Infrastructure construction digital integrated twin (ICDIT)
US11509680B2 (en) * 2020-09-30 2022-11-22 Palo Alto Networks (Israel Analytics) Ltd. Classification of cyber-alerts into security incidents
US11461166B2 (en) 2020-11-10 2022-10-04 Sap Se Intelligent integration error handling in enterprise systems
CN112887267A (en) * 2021-01-05 2021-06-01 天津七所精密机电技术有限公司 Network isolation system with message authentication function and method thereof
US11687053B2 (en) 2021-03-08 2023-06-27 Saudi Arabian Oil Company Intelligent safety motor control center (ISMCC)
CN112994990B (en) * 2021-05-20 2021-07-30 蚂蚁金服(杭州)网络技术有限公司 Loop detection method and device, electronic equipment and storage medium
FR3123527A1 (en) * 2021-05-28 2022-12-02 Orange Network monitoring method, associated device and system
CN113344554A (en) * 2021-08-06 2021-09-03 捷尔杰(天津)设备有限公司 Digital solution method and system for auditing hierarchical process of factory
CN113472821A (en) * 2021-09-06 2021-10-01 成都卡莱博尔信息技术股份有限公司 Data acquisition and management integrated method, system, device and storage medium
CA3130972C (en) 2021-09-16 2024-04-09 Cameron Mackenzie Clark Wearable device that provides spaced retrieval alerts to assist the wearer to remember desired information
US11936621B2 (en) * 2021-11-19 2024-03-19 The Bank Of New York Mellon Firewall drift monitoring and detection
US11777823B1 (en) 2021-11-24 2023-10-03 Amazon Technologies, Inc. Metric anomaly detection across high-scale data
CN114301712B (en) * 2021-12-31 2023-04-07 西安交通大学 Industrial internet alarm log correlation analysis method and system based on graph method
US11799880B2 (en) 2022-01-10 2023-10-24 Palo Alto Networks (Israel Analytics) Ltd. Network adaptive alert prioritization system
US11880266B2 (en) 2022-05-04 2024-01-23 Target Brands, Inc. Malfunction monitor for computing devices
WO2024063761A1 (en) * 2022-09-21 2024-03-28 Rakuten Mobile, Inc. Alarm tracking system and method
CN116149226B (en) * 2023-02-22 2023-11-10 山东中安电力科技有限公司 Switch cabinet remote control system based on data analysis
CN116722941B (en) * 2023-08-10 2023-10-20 南方电网数字电网研究院有限公司 Interactive verification method and device based on alarm information and secondary network data

Family Cites Families (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5144659A (en) * 1989-04-19 1992-09-01 Richard P. Jones Computer file protection system
US5050212A (en) * 1990-06-20 1991-09-17 Apple Computer, Inc. Method and apparatus for verifying the integrity of a file stored separately from a computer
US5475844A (en) * 1992-11-27 1995-12-12 Nec Corporation Heavily loaded resource evaluation system
JP2541460B2 (en) * 1993-07-30 1996-10-09 日本電気株式会社 User status broadcasting with transmission restrictions
US5619656A (en) 1994-05-05 1997-04-08 Openservice, Inc. System for uninterruptively displaying only relevant and non-redundant alert message of the highest severity for specific condition associated with group of computers being managed
US5608865A (en) * 1995-03-14 1997-03-04 Network Integrity, Inc. Stand-in Computer file server providing fast recovery from computer file server failures
US6181981B1 (en) * 1996-05-15 2001-01-30 Marconi Communications Limited Apparatus and method for improved vending machine inventory maintenance
US6119236A (en) * 1996-10-07 2000-09-12 Shipley; Peter M. Intelligent network security device and method
US6374305B1 (en) * 1997-07-21 2002-04-16 Oracle Corporation Web applications interface system in a mobile-based client-server system
US6279113B1 (en) * 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6914893B2 (en) * 1998-06-22 2005-07-05 Statsignal Ipc, Llc System and method for monitoring and controlling remote devices
US6615091B1 (en) * 1998-06-26 2003-09-02 Eveready Battery Company, Inc. Control system and method therefor
US6367034B1 (en) * 1998-09-21 2002-04-02 Microsoft Corporation Using query language for event filtering and aggregation
US6560611B1 (en) * 1998-10-13 2003-05-06 Netarx, Inc. Method, apparatus, and article of manufacture for a network monitoring system
US6574666B1 (en) 1998-10-22 2003-06-03 At&T Corp. System and method for dynamic retrieval loading and deletion of packet rules in a network firewall
US6550012B1 (en) 1998-12-11 2003-04-15 Network Associates, Inc. Active firewall system and methodology
US6361034B1 (en) * 1999-03-03 2002-03-26 Kurt Manufacturing Company, Inc. Magnetic insert in jaw plate for holding vise parallels
US6405318B1 (en) * 1999-03-12 2002-06-11 Psionic Software, Inc. Intrusion detection system
US6377955B1 (en) * 1999-03-30 2002-04-23 Cisco Technology, Inc. Method and apparatus for generating user-specified reports from radius information
US6438374B1 (en) * 1999-05-26 2002-08-20 Lucent Technologies Inc. Dynamic multi-step overload control for message processing in wireless communication service network
US6944774B2 (en) * 1999-06-18 2005-09-13 Zoom Telephonics, Inc. Data flow control unit
US6714977B1 (en) * 1999-10-27 2004-03-30 Netbotz, Inc. Method and system for monitoring computer networks and equipment
US20010044840A1 (en) * 1999-12-13 2001-11-22 Live Networking, Inc. Method and system for real-tme monitoring and administration of computer networks
AT412196B (en) * 2000-03-17 2004-11-25 Keba Ag METHOD FOR ASSIGNING A MOBILE OPERATING AND / OR OBSERVATION DEVICE TO A MACHINE AND OPERATING AND / OR OBSERVATION DEVICE THEREFOR
US6519703B1 (en) * 2000-04-14 2003-02-11 James B. Joyce Methods and apparatus for heuristic firewall
US6971018B1 (en) * 2000-04-28 2005-11-29 Microsoft Corporation File protection service for a computer system
US7134141B2 (en) * 2000-06-12 2006-11-07 Hewlett-Packard Development Company, L.P. System and method for host and network based intrusion detection and response
US20020032871A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for detecting, tracking and blocking denial of service attacks over a computer network
US20020066034A1 (en) * 2000-10-24 2002-05-30 Schlossberg Barry J. Distributed network security deception system
US20020065898A1 (en) * 2000-11-27 2002-05-30 Daniel Leontiev Remote Internet control of instruments
US20020078382A1 (en) * 2000-11-29 2002-06-20 Ali Sheikh Scalable system for monitoring network system and components and methodology therefore
US6973336B2 (en) * 2000-12-20 2005-12-06 Nokia Corp Method and apparatus for providing a notification of received message
US7296070B2 (en) * 2000-12-22 2007-11-13 Tier-3 Pty. Ltd. Integrated monitoring system
US7058710B2 (en) * 2001-02-22 2006-06-06 Koyo Musen Corporation Collecting, analyzing, consolidating, delivering and utilizing data relating to a current event
US7284267B1 (en) * 2001-03-08 2007-10-16 Mcafee, Inc. Automatically configuring a computer firewall based on network connection
US7747764B2 (en) * 2001-04-20 2010-06-29 Rockwell Automation Technologies, Inc. Web access for non-TCP/IP control devices of an industrial control system
US6609083B2 (en) * 2001-06-01 2003-08-19 Hewlett-Packard Development Company, L.P. Adaptive performance data measurement and collections
US6832332B2 (en) * 2001-06-22 2004-12-14 Honeywell International Inc. Automatic detection and correction of marginal data in polling loop system
US6912533B1 (en) * 2001-07-31 2005-06-28 Oracle International Corporation Data mining agents for efficient hardware utilization
US20030097557A1 (en) * 2001-10-31 2003-05-22 Tarquini Richard Paul Method, node and computer readable medium for performing multiple signature matching in an intrusion prevention system
US6973590B1 (en) * 2001-11-14 2005-12-06 Unisys Corporation Terminating a child process without risk of data corruption to a shared resource for subsequent processes
US7325248B2 (en) * 2001-11-19 2008-01-29 Stonesoft Corporation Personal firewall with location dependent functionality
US20030163608A1 (en) * 2002-02-21 2003-08-28 Ashutosh Tiwary Instrumentation and workload recording for a system for performance testing of N-tiered computer systems using recording and playback of workloads
US6880051B2 (en) * 2002-03-14 2005-04-12 International Business Machines Corporation Method, system, and program for maintaining backup copies of files in a backup storage device
US7484097B2 (en) * 2002-04-04 2009-01-27 Symantec Corporation Method and system for communicating data to and from network security devices
US7373666B2 (en) * 2002-07-01 2008-05-13 Microsoft Corporation Distributed threat management
US7376969B1 (en) * 2002-12-02 2008-05-20 Arcsight, Inc. Real time monitoring and analysis of events from multiple network security devices
US7043505B1 (en) * 2003-01-28 2006-05-09 Unisys Corporation Method variation for collecting stability data from proprietary systems
US8024795B2 (en) * 2003-05-09 2011-09-20 Q1 Labs, Inc. Network intelligence system
US7246156B2 (en) * 2003-06-09 2007-07-17 Industrial Defender, Inc. Method and computer program product for monitoring an industrial network
US20070050777A1 (en) * 2003-06-09 2007-03-01 Hutchinson Thomas W Duration of alerts and scanning of large data stores
US20050183143A1 (en) * 2004-02-13 2005-08-18 Anderholm Eric J. Methods and systems for monitoring user, application or device activity
WO2005109212A2 (en) * 2004-04-30 2005-11-17 Commvault Systems, Inc. Hierarchical systems providing unified of storage information
US7380171B2 (en) * 2004-12-06 2008-05-27 Microsoft Corporation Controlling software failure data reporting and responses
US7395187B2 (en) * 2006-02-06 2008-07-01 International Business Machines Corporation System and method for recording behavior history for abnormality detection

Also Published As

Publication number Publication date
CA2526759C (en) 2011-08-16
AU2004248605B2 (en) 2009-08-13
US7779119B2 (en) 2010-08-17
US20080209033A1 (en) 2008-08-28
WO2004111785A3 (en) 2005-12-22
US20050015624A1 (en) 2005-01-20
US20100023598A9 (en) 2010-01-28
US7246156B2 (en) 2007-07-17
US20100064039A9 (en) 2010-03-11
US20050182969A1 (en) 2005-08-18
EP1636704A2 (en) 2006-03-22
EP1636704A4 (en) 2008-06-11
US20070294369A1 (en) 2007-12-20
WO2004111785A2 (en) 2004-12-23
AU2004248605A1 (en) 2004-12-23

Similar Documents

Publication Publication Date Title
CA2526759A1 (en) Event monitoring and management
US9973520B2 (en) Explaining causes of network anomalies
US7024548B1 (en) Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device
US20030084322A1 (en) System and method of an OS-integrated intrusion detection and anti-virus system
US8256003B2 (en) Real-time network malware protection
US7937760B2 (en) System security agent authentication and alert distribution
US20090271504A1 (en) Techniques for agent configuration
US8904529B2 (en) Automated deployment of protection agents to devices connected to a computer network
US9928359B1 (en) System and methods for providing security to an endpoint device
WO2015193647A1 (en) Ineffective network equipment identification
WO2011084409A1 (en) Computer security process monitor
US8726384B2 (en) Apparatus, and system for determining and cautioning users of internet connected clients of potentially malicious software and method for operating such
CN105516081A (en) Method and system for issuing safety strategy by server and message queue middleware
US20120192272A1 (en) Mitigating multi-AET attacks
CN113449302A (en) Method for detecting malicious software
Peddireddy et al. Multiagent network security system using FIPA-OS
KR101343693B1 (en) Network security system and method for process thereof
CN114205169B (en) Network security defense method, device and system
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
Alim et al. IDSUDA: An Intrusion Detection System Using Distributed Agents
KR20140059403A (en) Linked network security system and method based on virtualization in the separate network environment
Allan Intrusion Detection Systems (IDSs): Perspective
CN109462503B (en) Data detection method and device
Shimamura et al. Using attack information to reduce false positives in network ids
CN111988333B (en) Proxy software work abnormality detection method, device and medium

Legal Events

Date Code Title Description
EEER Examination request