Device for Preventing, Detecting and Responding to Security Threats
First Claim
1. A device to prevent, detect and respond to one or more security threats between a controlled host and one or more services connected to the controlled host, the device comprisinga microcomputer;
- one or more communications ports for connecting the device tothe controlled host; and
the one or more services connected to the controlled host;
memory for storinginformation pertaining to one or more user permitted to use the controlled host; and
one or more configuration for communication between the controlled host and the one or more services;
input device for collecting information for authenticating a user of the controlled host;
a user authenticator; and
communications protocol for controlling communications between the controlled host and the one or more services.
4 Assignments
0 Petitions
Accused Products
Abstract
A device to prevent, detect and respond to one or more security threats between one or more controlled hosts and one or more services accessible from the controlled host. The device determines the authenticity of a user of a controlled host and activates user specific configurations under which the device monitors and controls all communications between the user, the controlled host and the services. As such, the device ensures the flow of only legitimate and authorized communications. Suspicious communications, such as those with malicious intent, malformed packets, among others, are stopped, reported for analysis and action. Additionally, upon detecting suspicious communication, the device modifies the activated user specific configurations under which the device monitors and controls the communications between the user, the controlled host and the services.
80 Citations
20 Claims
-
1. A device to prevent, detect and respond to one or more security threats between a controlled host and one or more services connected to the controlled host, the device comprising
a microcomputer; -
one or more communications ports for connecting the device to the controlled host; and the one or more services connected to the controlled host; memory for storing information pertaining to one or more user permitted to use the controlled host; and one or more configuration for communication between the controlled host and the one or more services; input device for collecting information for authenticating a user of the controlled host; a user authenticator; and communications protocol for controlling communications between the controlled host and the one or more services. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for preventing, detecting and responding to one or more security threats between a controlled host and one or more services connected to the controlled host, the method comprising the steps of
collecting information for authenticating a user of the controlled host; -
comparing the information of the user of the controlled host with information for one or more user permitted to use the controlled host; designating the user of the controlled host as one of an authorized user if the information pertaining to the user of the controlled host matches the information pertaining to the one or more user permitted to use the controlled host; and an unauthorized user if the information pertaining to the user of the controlled host does not match the information pertaining to the one or more user permitted to use the controlled host; activating one or more configurations for communication between the controlled host and the one or more services, wherein the one or more activated configuration comprises configurations associated with the user of the controlled host; configuration for preventing malicious intent; and configuration for one of the authorized user; and the unauthorized user. - View Dependent Claims (17, 18)
-
-
19. A device to prevent, detect and respond to one or more security threats between a controlled host and one or more services connected to the controlled host, the device comprising
means for collecting information for authenticating a user of the controlled host; -
means for comparing the information of the user of the controlled host with information for one or more user permitted to use the controlled host; means for designating the user of the controlled host as one of an authorized user if the information pertaining to the user of the controlled host matches the information pertaining to the one or more user permitted to use the controlled host; and an unauthorized user if the information pertaining to the user of the controlled host does not match the information pertaining to the one or more user permitted to use the controlled host; means for activating one or more configurations for communication between the controlled host and the one or more services, wherein the one or more activated configuration comprises configurations associated with the user of the controlled host; configuration for preventing malicious intent; and configuration for one of the authorized user; and the unauthorized user. - View Dependent Claims (20)
-
Specification