METHOD AND SYSTEM FOR CONTROLLING CONTEXT-AWARE CYBERSECURITY TRAINING

US 20140199663A1
Filed: 03/17/2014
Published: 07/17/2014
Est. Priority Date: 04/08/2011
Status: Active Grant

First Claim

Patent Images

1. A cybersecurity training system, comprising:

a processor;

one or more data storage devices that store;

at least one training intervention, anda training needs model;

a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a policy manager that;

analyzes data relating to at least one user by applying the training needs model to the data to determine whether the at least one user may be at risk for a threat scenario, andidentifies, from the at least one training intervention, a set of one or more system-selected training interventions that are relevant to the threat scenario;

a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a system administrator interface that displays the set of one or more system-selected training interventions and receives a selection of an intervention in the set from an administrator; and

a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the administrator-selected training intervention to the at least one user.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A context-aware training system senses a user action that may expose the user to a threat, such as a cybersecurity threat. The system selects a training action from a collection of available training actions and causes the training action to be delivered to the user or a group of users. The system includes an administrator interface that enables an administrator to select, customize and/or assign constraints to the training action that will be delivered to the user(s).

334 Citations

28 Claims

1. A cybersecurity training system, comprising:
- a processor;
  
  one or more data storage devices that store;
  
  at least one training intervention, anda training needs model;
  
  a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a policy manager that;
  
  analyzes data relating to at least one user by applying the training needs model to the data to determine whether the at least one user may be at risk for a threat scenario, andidentifies, from the at least one training intervention, a set of one or more system-selected training interventions that are relevant to the threat scenario;
  
  a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a system administrator interface that displays the set of one or more system-selected training interventions and receives a selection of an intervention in the set from an administrator; and
  
  a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the administrator-selected training intervention to the at least one user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the instructions that implement the system administrator interface also comprise instructions to receive a customization of the administrator-selected training intervention from the administrator.
  - 3. The system of claim 1, wherein the instructions that implement the system administrator interface also comprise instructions to display parameters of the training needs model, and receive a customization of the training needs model from the administrator.
  - 4. The system of claim 1, wherein the instructions that implement the system administrator interface also comprise instructions to display logic of the policy manager, and receive a configuration of the policy manager from the administrator.
  - 5. The system of claim 1, wherein the instructions that implement the system administrator interface also comprise instructions to display analysis results from the policy manager and receive a manipulation of the analysis results from the administrator.
  - 6. The system of claim 1, wherein:
    - the instructions to implement the system administrator interface also comprise instructions to;
      
      display, via the system administrator interface, statistics for a plurality of additional users, andreceive, via the system administrator interface, a selected group of the additional users; and
      
      the system further comprises a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the administrator-selected training intervention to the selected group of the additional users.
  - 7. The system of claim 1, wherein:
    - the threat scenario comprises a mock SMS attack threat scenario; and
      
      the instructions to implement a system administrator interface that receives a customization for the administrator-selected training intervention comprise instructions to;
      
      display, via the system administrator interface, a plurality of mock SMS attack templates,receive an administrator selection of one of the displayed mock SMS attack templates, andapply the customization to the administrator-selected template so that the customization comprises one or more of any of the following;
      
      automatic insertion of the user'"'"'s name in the administrator-selected template;
      
      a selected start time or end time for the administrator-selected training intervention;
      
      information obtained from a social network or public profile that is relevant to the user;
      
      an administrator-selected link;
      
      oran administrator-edited SMS message.
  - 8. The system of claim 1, wherein:
    - the threat scenario comprises use of a malicious memory device; and
      
      the instructions to implement the system administrator interface that receives a customization for the administrator-selected training intervention comprise instructions to;
      
      display, via the system administrator interface, a plurality of mock malicious memory device attack templates,receive an administrator selection of one of the displayed mock malicious memory device attack templates, andapply the customization to the administrator-selected template so that the customization comprises a selection of mock malware to include on at least one memory device that will be used in the training intervention.
  - 9. The system of claim 8, wherein the instructions to implement the system administrator interface that receives a customization of the administrator-selected training intervention also comprise instructions to receive any the following:
    - one or more locations at which the devices are to be delivered;
      
      ora selection of mock malware to include on the devices.
  - 10. The system of claim 2, wherein:
    - the instructions to implement the system administrator interface also comprise instructions to;
      
      display, via the system administrator interface, identification information for a plurality of additional users,receive, via the system administrator interface, a selected group of the additional users, andreceive the customization such that different mock attacks are provided to various members of the selected group; and
      
      the system further comprises a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the administrator-selected training intervention with the customization to the selected group of additional users.
  - 11. The system of claim 1, wherein:
    - the instructions to implement the system administrator interface also comprise instructions to implement a user interface portion that enables the administrator to select;
      
      one or more scheduling constraints for the administrator-selected training intervention, andone or more additional users to whom the administrator-selected training intervention will be delivered; and
      
      the system further comprises a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the administrator-selected training intervention to the additional users in accordance with the scheduling constraints.

12. A method of providing an administrator interface for a cybersecurity training system, comprising:
- maintaining, on one or more data storage devices, one or more training interventions and a training needs model; and
  
  by a processor;
  
  receiving data relating to at least one user,applying the training needs model to the received data to determine whether the at least one user may be at risk of a threat scenario,identifying one or more of the training interventions that are relevant to the threat scenario,displaying, via the system administrator interface, the identified one or more training interventions,receiving, via the system administrator interface, an administrator selection of a displayed training intervention, andgenerating a command to deliver the administrator-selected training intervention to the at least one user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12, further comprising, by the processor:
    - receiving, via the system administrator interface, a customization for the administrator-selected training intervention; and
      
      when generating the command to deliver the administrator-selected training intervention to the user, including the customization in the delivering.
  - 14. The method of claim 12, further comprising, by the processor, causing the system administrator interface to perform one or more of the following:
    - display parameters of the training needs model, and receive a customization of the training needs model from the administrator;
      
      display logic of the policy manager, and receive a configuration of the policy manager from the administrator;
      
      ordisplay an output of data from the policy manager and receive a manipulation of the output data from the administrator.
  - 15. The method of claim 12, further comprising, by the processor:
    - causing the system administrator interface to;
      
      display, via the system administrator interface, statistics for a plurality of additional users, andreceive, via the system administrator interface, a selected group of the additional users; and
      
      generating a command to deliver the administrator-selected training intervention to the selected group of the additional users.
  - 16. The method of claim 15, further comprising, by the processor, causing the system administrator interface to display the statistics so that the administrator can have the statistics presented, sorted and/or compiled according to administrator-selected criteria
  - 17. The method of claim 12, wherein:
    - the threat scenario comprises a mock SMS attack threat scenario; and
      
      receiving the customization for the administrator-selected training intervention comprises;
      
      displaying, via the system administrator interface, a plurality of mock SMS attack templates,receiving an administrator selection of one of the displayed mock SMS attack templates, andapplying the customization to the administrator-selected template so that the customization comprises one or more of any of the following;
      
      automatic insertion of the at least one user'"'"'s name in the template;
      
      a selected start time or end time for the administrator-selected training intervention;
      
      information obtained from a social network or public profile that is relevant to the at least one user;
      
      oran administrator-edited SMS message.
  - 18. The method of claim 12, wherein:
    - the threat scenario comprises use of a malicious memory device; and
      
      receiving the customization for the administrator-selected training intervention comprises;
      
      displaying, via the system administrator interface, a plurality of mock malicious memory device attack training templates,receiving an administrator selection of one of the displayed mock malicious memory device attack training templates, andapplying the customization to the administrator-selected template so that the customization comprises a selection of mock malware to include on one or more memory devices that will be used in the training intervention.
  - 19. The method of claim 12, wherein receiving the customization for the administrator-selected training intervention also comprises receiving one or more of any the following:
    - one or more locations at which the one or more devices are to be delivered, ora selection of mock malware to include on the devices.
  - 20. The method of claim 12, further comprising:
    - displaying, via the system administrator interface, identification information for a plurality of additional users;
      
      receiving, via the system administrator interface, a selected group of the additional users;
      
      receiving the customization such that different mock attacks are provided to various members of the selected group; and
      
      generating a command to deliver the administrator-selected training intervention with the customization to the selected group of the additional users.
  - 21. The method of claim 12, further comprising implementing a portion of the system administrator interface that enables an authorized administrator to select:
    - one or more scheduling constraints for the administrator-selected training intervention; and
      
      one or more additional users to whom the administrator-selected training intervention will be delivered;
      
      wherein the instructions also include instructions to generate a command to deliver the administrator-selected training intervention to the at least one user in accordance with the scheduling constraints.

22. A method of providing an administrator interface for a security training system, comprising:
- maintaining, on one or more data storage devices, at least one training intervention; and
  
  by a processor;
  
  displaying, via a system administrator interface, a representation of a measurement of whether at least one user may be at risk of a threat scenario,identifying one or more of the training interventions that are relevant to the threat scenario,displaying, via the system administrator interface, the identified one or more training interventions,receiving an administrator selection of one of the displayed training interventions,receiving a customization for the administrator-selected training intervention, andgenerating a command to deliver the administrator-selected training intervention with the customization to the at least one user.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, further comprising:
    - displaying, via the system administrator interface, identification information for a plurality of additional users;
      
      receiving, via the system administrator interface, a selected group of the additional users; and
      
      generating a command to deliver the administrator-selected training intervention with the customization to the selected group of the additional users.
  - 24. The method of claim 22, further comprising implementing a user interface portion of the system administrator interface that enables an authorized administrator to select:
    - one or more scheduling constraints for the administrator-selected training intervention; and
      
      an identification of one or more additional users to whom the administrator-selected training intervention will be delivered;
      
      wherein the instructions also include instructions to generate a command to deliver the administrator-selected training intervention with the customization to the additional users in accordance with the scheduling constraints.

25. A cybersecurity training system, comprising:
- a processor;
  
  one or more data storage devices that store;
  
  at least one training intervention, anda training needs model;
  
  a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a policy manager that analyzes data relating to at least one user by applying the training needs model to the data to determine whether the at least one user may be at risk for a threat scenario; and
  
  a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a system administrator interface that is configured to perform at least one of the following actions;
  
  display parameters of the training needs model and receive a customization of the training needs model from the administrator, ordisplay logic of the policy manager and receive a configuration of the logic from the administrator;
  
  wherein the system is also configured to, upon completion of at least one of the actions of the system administrator interface;
  
  select one or more of the training interventions that are relevant to the threat scenario, andgenerate a command to deliver the selected training intervention to the at least one user.
- View Dependent Claims (26, 27, 28)
- - 26. The system of claim 25, wherein the system administrator interface is also configured to perform at least one of the following actions:
    - display the one or more selected training interventions and allow the administrator to select a subset to be delivered;
      
      orreceive from the administrator a customization of one of the training interventions to be delivered.
  - 27. The system of claim 25, wherein:
    - the instructions to implement the system administrator interface also comprise instructions to;
      
      display, via the system administrator interface, statistics for a plurality of additional users, andreceive, via the system administrator interface, a selected group of the additional users; and
      
      the instructions to generate the command also comprise instructions to generate a command to deliver the selected training intervention to the selected group of the additional users.
  - 28. The system of claim 27, wherein the instructions to implement the system administrator interface also comprise instructions to display the statistics so that the administrator can have the statistics presented, sorted and/or compiled according to administrator-selected criteria.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Wombat Security Technologies, Inc (Proofpoint Incorporated)
Inventors
Sadeh-Koniecpol, Norman, Wescoe, Kurt, Brubaker, Jason, Hong, Jason

Granted Patent

US 9,373,267 B2
Time in Patent Office

Days
Field of Search
US Class Current

434/118
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/562   Static detection

G06F 21/563   by source code analysis

G06F 21/564   by virus signature recognition

G06F 21/565   by checking file integrity

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G09B 19/00   Teaching not covered by oth...

G09B 5/00   Electrically-operated educa...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/1475 : Passive attacks, e.g. eaves...

H04L 63/1483 : service impersonation, e.g....

H04L 63/1491 : using deception as counterm...

View All

METHOD AND SYSTEM FOR CONTROLLING CONTEXT-AWARE CYBERSECURITY TRAINING

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

334 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM FOR CONTROLLING CONTEXT-AWARE CYBERSECURITY TRAINING

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

334 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others