SITUATIONAL INTELLIGENCE

US 20120224057A1
Filed: 03/06/2012
Published: 09/06/2012
Est. Priority Date: 11/20/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus for situational awareness and video surveillance, comprising:

an alert action subsystem configured for providing geo-spatial monitoring and remediation of cross enterprise threats;

a workflow processor configured for providing visualization and automated remedial action scripts to help remediate the threats immediately;

an alert and event management processor configured for managing events that occur in one or more domains of an enterprise and correlating such events with each other;

a risk engine configured for promoting alignment between said one or more domains, including information technology (IT) functions; and

an integration framework in communication with and for gathering data from one or more IT resources, one or more physical access systems, and one or more industrial control systems, wherein said one or more physical access systems configured to provide video surveillance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is provided that includes techniques for providing complete solutions for role-based, rules-driven access enforcement, the techniques including situational awareness and video surveillance. An embodiment addresses blended risk assessment and security across logical systems, IT applications, databases, and physical systems from a single analytic dashboard, with auto-remediation capabilities. Further, an embodiment provides capability and functionality for co-relating seemingly innocent events and activities to detect real threats and risks, while providing powerful alerting and automated remedial action strategies for decisive action.

204 Citations

22 Claims

1. An apparatus for situational awareness and video surveillance, comprising:
- an alert action subsystem configured for providing geo-spatial monitoring and remediation of cross enterprise threats;
  
  a workflow processor configured for providing visualization and automated remedial action scripts to help remediate the threats immediately;
  
  an alert and event management processor configured for managing events that occur in one or more domains of an enterprise and correlating such events with each other;
  
  a risk engine configured for promoting alignment between said one or more domains, including information technology (IT) functions; and
  
  an integration framework in communication with and for gathering data from one or more IT resources, one or more physical access systems, and one or more industrial control systems, wherein said one or more physical access systems configured to provide video surveillance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, further comprising:
    - a video analytics subsystem that continuously receives and monitors video feeds from multiple cameras at a particular location, displays said video feeds in real-time, thereby allowing a manager to make a decision whether the particular situation is considered a risk.
  - 3. The apparatus of claim 1, further configured to integrate with and interact with physical systems, said physical systems comprising:
    - access card systems, industrial control systems, video surveillance biometric systems and proximity sensors, and radio frequency identification (RFID) integration servers.
  - 4. The apparatus of claim 3, wherein said configured to integrate with and interact with further comprises said apparatus configured for connecting to said physical systems via connectors and extracting data from said physical systems;
    - andsaid apparatus further configured to analyze said extracted data using risk assessment, said risk assessment unifying security and compliance processes.
  - 5. The apparatus of claim 1, further comprising:
    - a series of Application Programming Interfaces (APIs), said APIs specifying data characteristics from the sources to ensure quick and easy integration, wherein at least one of the APIs is configured for environmental interfaces, said environmental interfaces configured for any of;
      
      traffic feeds and vehicle tracking for field service scheduling;
      
      fire, earthquakes, weather, hurricane feeds for situational awareness;
      
      predictive path analysis of natural events; and
      
      impacted asset analysis.
  - 6. The apparatus of claim 1, further comprising:
    - a series of Application Programming Interfaces (APIs), said APIs specifying data characteristics from the sources to ensure quick and easy integration, wherein at least one of the APIs is configured for physical and cyber security risk analytics, said physical and cyber security risk analytics comprising any of;
      
      feeds from access control systems for instant identification of physical threats to critical infrastructure components; and
      
      live video feeds at key infrastructure facilities and providing visual threat identification.
  - 7. The apparatus of claim 1, further configured for:
    - providing to administrators or technicians highly privileged access for a predetermined duration;
      
      allowing said administrators or technicians to conduct emergency responses to incidents presently occurring, in response to receiving said highly privileged access;
      
      wherein said emergence responses comprise monitoring tasks, analyzing and logging data, thereby ensuring complete visibility and transparency; and
      
      automatically restoring normal restrictions to access when the tasks are complete.
  - 8. The apparatus of claim 7, further configured for providing a privileged user management subsystem, said subsystem configured for any of:
    - monitoring emergency access to all applications and assets;
      
      perusing large activity logs with search engine provider-like search capabilities;
      
      continuously monitoring super-user activity and enforcing policies;
      
      rich alerting and response activities including automated remediation; and
      
      logging and reporting for compliance and audit support.
  - 9. The apparatus of claim 1, further comprising:
    - a processor configured for developing an insider incident response plan that leverages existing IT and surveillance systems to provide real-time situational awareness to operational managers.
  - 10. The apparatus of claim 1, further configured for:
    - displaying a screen shot of a model control room of a facility overlaid by a video view of an actual control room and activity therein, the model control room having cameras and door locks therein associated with smart tags in an associated application;
      
      allowing situation managers to zoom inside said model control room;
      
      allowing said situation managers to click on a camera icon corresponding to said cameras to pull in live video from a corresponding surveillance system to allow said situation managers to verify one or more particular incidents; and
      
      allowing said situation managers to remotely lock any of said door locks in response to verifying said one or more particular incidents, andallowing said situation managers to inform first responders or law enforcement of said one or more particular incidents underway.
  - 11. The apparatus of claim 1, said alert action subsystem configured for:
    - providing a summary listing of active alerts;
      
      providing a line level item detail view of tasks associated with a particular alert of said active alerts;
      
      generating, storing, and executing remediation scripts associated with the alerts, said remediation scripts being configured to execute at a specified time or in response to a trigger based on a particular event;
      
      providing a line level summary of a particular task of said tasks associated with the particular alert is actionable;
      
      allowing a user to create a new task to associate with said particular alert;
      
      displaying a live video feed that provides a responder with crucial information to determine the nature of said particular alert and allowing said responder to take further action or to reject the particular alert to take no further steps, in response to viewing said displayed live video feed;
      
      providing status of completion of each item of said remediation scripts;
      
      providing a geo-spatial view of said particular alert;
      
      allowing the responder to drill down a geo spatial feed to render a complete scenario view on the particular alert;
      
      providing a visual interface a risk, which is detected and is associated with said particular alert, said visual interface displaying actionable tasks associated with said particular alert;
      
      providing a single interface by connecting a closed circuit television camera installed in a zone that is sabotaged, said zone of a particular location, said camera providing zoom capability; and
      
      allowing the responder to initiate a lockdown of the zone to isolate an incident associated with the particular alert and to contain any cascading effect of said incident.

12. A computer-implemented method for situational awareness and video surveillance, comprising:
- providing, by an alert action subsystem, geo-spatial monitoring and remediation of cross enterprise threats;
  
  providing, by a workflow processor, visualization and automated remedial action scripts to help remediate the threats immediately;
  
  managing, by an alert and event management processor, events that occur in one or more domains of an enterprise and correlating such events with each other;
  
  promoting, by a risk engine, alignment between said one or more domains, including information technology (IT) functions; and
  
  providing an integration framework in communication with and for gathering data from one or more IT resources, one or more physical access systems, and one or more industrial control systems, wherein said one or more physical access systems configured to provide video surveillance.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer-implemented method of claim 12, further comprising:
    - Providing a video analytics subsystem that continuously receives and monitors video feeds from multiple cameras at a particular location, displays said video feeds in real-time, thereby allowing a manager to make a decision whether the particular situation is considered a risk.
  - 14. The computer-implemented method of claim 12, further comprising integrating with and interacting with physical systems, said physical systems comprising:
    - access card systems, industrial control systems, video surveillance biometric systems and proximity sensors, and radio frequency identification (RFID) integration servers.
  - 15. The computer-implemented method of claim 14, wherein said integrating with and interacting with further comprises connecting to said physical systems via connectors and extracting data from said physical systems;
    - andanalyzing said extracted data using risk assessment, said risk assessment unifying security and compliance processes.
  - 16. The computer-implemented method of claim 12, further comprising:
    - providing a series of Application Programming Interfaces (APIs), said APIs specifying data characteristics from the sources to ensure quick and easy integration, wherein at least one of the APIs is configured for environmental interfaces, said environmental interfaces configured for any of;
      
      traffic feeds and vehicle tracking for field service scheduling;
      
      fire, earthquakes, weather, hurricane feeds for situational awareness;
      
      predictive path analysis of natural events; and
      
      impacted asset analysis.
  - 17. The computer-implemented method of claim 12, further comprising:
    - providing a series of Application Programming Interfaces (APIs), said APIs specifying data characteristics from the sources to ensure quick and easy integration, wherein at least one of the APIs is configured for physical and cyber security risk analytics, said physical and cyber security risk analytics comprising any of;
      
      feeds from access control systems for instant identification of physical threats to critical infrastructure components; and
      
      live video feeds at key infrastructure facilities and providing visual threat identification.
  - 18. The computer-implemented method of claim 12, further comprising:
    - providing to administrators or technicians highly privileged access for a predetermined duration;
      
      allowing said administrators or technicians to conduct emergency responses to incidents presently occurring, in response to receiving said highly privileged access;
      
      wherein said emergence responses comprise monitoring tasks, analyzing and logging data, thereby ensuring complete visibility and transparency; and
      
      automatically restoring normal restrictions to access when the tasks are complete.
  - 19. The computer-implemented method of claim 18, further comprising providing a privileged user management subsystem, said subsystem configured for any of:
    - monitoring emergency access to all applications and assets;
      
      perusing large activity logs with search engine provider-like search capabilities;
      
      continuously monitoring super-user activity and enforcing policies;
      
      rich alerting and response activities including automated remediation; and
      
      logging and reporting for compliance and audit support.
  - 20. The computer-implemented method of claim 12, further comprising:
    - developing, by a processor, an insider incident response plan that leverages existing IT and surveillance systems to provide real-time situational awareness to operational managers.
  - 21. The computer-implemented method of claim 12, further comprising:
    - displaying, by a display, a screen shot of a model control room of a facility overlaid by a video view of an actual control room and activity therein, the model control room having cameras and door locks therein associated with smart tags in an associated application;
      
      allowing, by a processor, situation managers to zoom inside said model control room;
      
      allowing, by a processor, said situation managers to click on a camera icon corresponding to said cameras to pull in live video from a corresponding surveillance system to allow said situation managers to verify one or more particular incidents; and
      
      allowing, by a processor, said situation managers to remotely lock any of said door locks in response to verifying said one or more particular incidents, and allowing, by a processor, said situation managers to inform first responders or law enforcement of said one or more particular incidents underway.
  - 22. The computer-implemented method of claim 12, wherein said alert action subsystem is configured for:
    - providing a summary listing of active alerts;
      
      providing a line level item detail view of tasks associated with a particular alert of said active alerts;
      
      generating, storing, and executing remediation scripts associated with the alerts, said remediation scripts being configured to execute at a specified time or in response to a trigger based on a particular event;
      
      providing a line level summary of a particular task of said tasks associated with the particular alert is actionable;
      
      allowing a user to create a new task to associate with said particular alert;
      
      displaying a live video feed that provides a responder with crucial information to determine the nature of said particular alert and allowing said responder to take further action or to reject the particular alert to take no further steps, in response to viewing said displayed live video feed;
      
      providing status of completion of each item of said remediation scripts;
      
      providing a geo-spatial view of said particular alert;
      
      allowing the responder to drill down a geo spatial feed to render a complete scenario view on the particular alert;
      
      providing a visual interface a risk, which is detected and is associated with said particular alert, said visual interface displaying actionable tasks associated with said particular alert;
      
      providing a single interface by connecting a closed circuit television camera installed in a zone that is sabotaged, said zone of a particular location, said camera providing zoom capability; and
      
      allowing the responder to initiate a lockdown of the zone to isolate an incident associated with the particular alert and to contain any cascading effect of said incident.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AlertEnterprise Incorporated
Original Assignee
AlertEnterprise Incorporated
Inventors
GILL, Jasvir Singh, Arora, Inderpal Ricky, Kakkera, Srinivasa, Singh, Subrat Narendra

Granted Patent

US 10,027,711 B2
Time in Patent Office

Days
Field of Search
US Class Current

348/143
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/06   Resources, workflows, human...

G06Q 10/063   Operations research, analys...

G06Q 10/103   Workflow collaboration or p...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

SITUATIONAL INTELLIGENCE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

204 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

SITUATIONAL INTELLIGENCE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

204 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others