NEAR-REAL-TIME EXPORT OF CYBER-SECURITY RISK INFORMATION

US 20170208086A1
Filed: 01/19/2016
Published: 07/20/2017
Est. Priority Date: 01/19/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

monitoring, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks;

detecting, by the risk manager system, a cyber-security risk to one or more of the devices being monitored;

identifying, by the risk manager system, an external system to be notified of the detected cyber-security risk; and

sending cyber-security risk data, by the risk manager system, to the external system according to the detected cyber-security risk and at least one filtering option.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides an apparatus and method for near-real-time export of cyber-security risk information, including but not limited to in industrial control systems and other systems. A method includes monitoring, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks. The method includes detecting a cyber-security risk to one or more of the devices being monitored. The method includes identifying an external system to be notified of the detected cyber-security risk. The method includes sending cyber-security risk data to the external system according to the detected cyber-security risk and at least one filtering option.

Citations

20 Claims

1. A method comprising:
- monitoring, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks;
  
  detecting, by the risk manager system, a cyber-security risk to one or more of the devices being monitored;
  
  identifying, by the risk manager system, an external system to be notified of the detected cyber-security risk; and
  
  sending cyber-security risk data, by the risk manager system, to the external system according to the detected cyber-security risk and at least one filtering option.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising receiving the at least one filtering option by the risk manager system.
  - 3. The method of claim 1, wherein the at least one filtering option specifies an output format of the cyber-security risk data.
  - 4. The method of claim 3, wherein the output format is one of an email message, a syslog service output, and a text messaging notification.
  - 5. The method of claim 3, wherein the output format is one of a comma-separated values format and a key-value pairs format.
  - 6. The method of claim 1, wherein the at least one filtering option specifies at least one of a source of the cyber-security risk, a severity of the cyber-security risk, the device affected by the identified cyber-security risk, or an affected zone(s) of the affected device.
  - 7. The method of claim 1, wherein the at least one filtering option specifies only sending data when the detected cyber-security risk crosses a defined threshold.

8. A risk manager system comprising:
- a controller; and
  
  a memory, the risk manager system configured to;
  
  monitor a plurality of connected devices that are vulnerable to cyber-security risks;
  
  detect a cyber-security risk to one or more of the devices being monitored;
  
  identify an external system to be notified of the detected cyber-security risk; and
  
  send cyber-security risk data to the external system according to the detected cyber-security risk and at least one filtering option.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The risk manager system of claim 8, wherein the risk manager system is further configured to receive the at least one filtering option by the risk manager system.
  - 10. The risk manager system of claim 8, wherein the at least one filtering option specifies an output format of the cyber-security risk data.
  - 11. The risk manager system of claim 10, wherein the output format is one of an email message, a syslog service output, a text messaging notification.
  - 12. The risk manager system of claim 10, wherein the output format is one of a comma-separated values format and a key-value pairs format.
  - 13. The risk manager system of claim 8, wherein the at least one filtering option specifies at least one of a source of the cyber-security risk, a severity of the cyber-security risk, the device affected by the identified cyber-security risk, or an affected zone(s) of the affected device.
  - 14. The risk manager system of claim 8, wherein the at least one filtering option specifies only sending data when the detected cyber-security risk crosses a defined threshold.

15. A non-transitory machine-readable medium encoded with executable instructions that, when executed, cause one or more processors of a risk manager system to:
- monitor a plurality of connected devices that are vulnerable to cyber-security risks;
  
  detect a cyber-security risk to one or more of the devices being monitored;
  
  identify an external system to be notified of the detected cyber-security risk; and
  
  send cyber-security risk data to the external system according to the detected cyber-security risk and at least one filtering option.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the non-transitory machine-readable medium is further encoded with instructions to receive the at least one filtering option by the risk manager system.
  - 17. The non-transitory machine-readable medium of claim 15, wherein the at least one filtering option specifies an output format of the cyber-security risk data.
  - 18. The non-transitory machine-readable medium of claim 17, wherein the output format is at least one of an email message, a syslog service output, a text messaging notification, a comma-separated values format, or a key-value pairs format.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the at least one filtering option specifies at least one of a source of the cyber-security risk, a severity of the cyber-security risk, the device affected by the identified cyber-security risk, or an affected zone(s) of the affected device.
  - 20. The non-transitory machine-readable medium of claim 15, wherein the at least one filtering option specifies only sending data when the detected cyber-security risk crosses a defined threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Carpenter, Seth G., Knapp, Eric D.

Granted Patent

US 10,135,855 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1433   Vulnerability analysis

H04L 67/12   specially adapted for propr...

NEAR-REAL-TIME EXPORT OF CYBER-SECURITY RISK INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NEAR-REAL-TIME EXPORT OF CYBER-SECURITY RISK INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links