Real-Time Model of States of Monitored Devices
First Claim
1. A system comprising:
- one or more processors;
a model which represents system components and events of a plurality of monitored devices as data objects, wherein each data object has a scope; and
one or more modules configured to be operated by the one or more processors to perform one of a plurality of different actions, wherein the one of the plurality of different actions is selected based the scope of the one of the data objects.
4 Assignments
0 Petitions
Accused Products
Abstract
A model representing system components and events of a plurality of monitored devices as data objects is described herein. The model resides on a security service cloud and is updated in substantially real-time, as security-relevant information about the system components and events is received by the security service cloud. Each data object in the model has a scope and different actions are taken by security service cloud modules depending on different data object scopes. Further, the security service cloud maintains a model specific to each monitored device built in substantially real-time as the security-relevant information from that device is received. The security service cloud utilizes these device-specific models to detect security concerns and respond to those concerns in substantially real-time.
61 Citations
25 Claims
-
1. A system comprising:
-
one or more processors; a model which represents system components and events of a plurality of monitored devices as data objects, wherein each data object has a scope; and one or more modules configured to be operated by the one or more processors to perform one of a plurality of different actions, wherein the one of the plurality of different actions is selected based the scope of the one of the data objects. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method implemented by one or more devices of a security service cloud, comprising:
-
receiving security-relevant information from a monitored device; representing the security-relevant information in a model specific to the monitored device in substantially real-time as the security information is received; detecting, in substantially real-time as the security relevant information is represented, a security concern associated with the security-relevant information represented in the model; and in response to detecting the security concern, taking an action, in substantially real-time as the security concern is detected, based at least in part on the security-relevant information represented in the model and on security-relevant information received from a plurality of monitored devices. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. One or more non-transitory computer-readable media having stored thereon a plurality of programming instructions which, when executed by one or more computing devices, cause the one or more computing devices to perform actions comprising:
-
receiving security-relevant information associated with system components or events of a plurality of monitored devices; in substantially real-time as the security-relevant information is received, updating a graph model representing the system components or events of the plurality of monitored devices as data objects; and in substantially real-time as the system component or events are represented, detecting a security concern associated with the represented system components or events, and representing the security concern as a detection data object in the graph model. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification