Apparatus and a security node for use in determining security attacks
First Claim
Patent Images
1. Apparatus comprising:
- a processor configured to perform at least the following;
monitor said apparatus for security attacks and to store collected security related data comprising a full detail level logging functionality of events;
select and send at least some of the collected security related data from the full detail level logging functionality of events to a network security node, wherein the amount of the collected security related data selected and sent to said security node over the network is dependent on a security level of said apparatus, where said processor is operable in a pull mode of operation in response to a security alarm received from the network security node so as to send over the network, upon request of the network security node, the collected security related data at a requested level of detail, and where in response to a reception of a notification of an increase in security level from an initial security level at a certain point in time, said processor is further configured to operate in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus including functionality configured to monitor said apparatus for security attacks; and a reporter configured to send data to a security node, wherein the data sent to said security node is dependent on a security level of said apparatus.
10 Citations
26 Claims
-
1. Apparatus comprising:
-
a processor configured to perform at least the following; monitor said apparatus for security attacks and to store collected security related data comprising a full detail level logging functionality of events; select and send at least some of the collected security related data from the full detail level logging functionality of events to a network security node, wherein the amount of the collected security related data selected and sent to said security node over the network is dependent on a security level of said apparatus, where said processor is operable in a pull mode of operation in response to a security alarm received from the network security node so as to send over the network, upon request of the network security node, the collected security related data at a requested level of detail, and where in response to a reception of a notification of an increase in security level from an initial security level at a certain point in time, said processor is further configured to operate in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a processor configured to perform at least the following; receive collected security related data from a plurality of devices, the amount of collected security related data received being dependent on a security level of each device and comprising a portion of a full detail level logging functionality of events stored by each of the plurality of devices; correlate said received collected security related data to filter said received collected security related data; and determine security attacks from said received collected security related data and to send information to configure the security level of the plurality of devices;
where said processor is further configured to operate at least one of the plurality of devices in a pull mode of operation, in response to a security alarm sent to the at least one device, so as to receive over a network, upon request of the apparatus, the collected security related data at a requested level of detail, and where said processor is further configured, in response to a determined increase in security level from an initial security level at a certain point in time, to cause selected at least one of the plurality of devices to operate in a backtracking mode so as to cause the selected at least one device to send over the network and to the apparatus collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level. - View Dependent Claims (16, 17, 18)
-
-
19. A method comprising:
-
collecting with a processor security related data comprising a full detail level logging functionality of events; storing the collected security related data; selecting at least some of the collected security related data from the full detail level logging functionality of events; and sending at least some of said collected security related data to a security node in a network, the amount of the collected security related data selected and sent over the network being dependent on a security level, where in a pull mode of operation initiated in response to a security alarm received from the security node, sending the at least some of said collected security related data is performed upon request of the security node, and where in response to a reception of a notification of an increase in security level from an initial security level at a certain point in time, said processor is further configured to operate in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level. - View Dependent Claims (20)
-
-
21. A method comprising:
-
receiving collected security related data from a plurality of devices, the amount of collected security related data received being dependent on a security level of each device and comprising a portion of a full detail level logging functionality of events stored by each of the plurality of devices; correlating said received collected security related data to filter said received collected data; determining security attacks from said received collected security related data; sending information to set the security level of the plurality of devices, where in a pull mode of operation the receiving of the collected security related data from at least one of the plurality of devices is in response to sending a security alarm to the at least one device, and in response to a request that is sent to the at least one device to send the collected security related information; and in response to a determined increase in security level from an initial security level at a certain point in time, causing selected at least one of the plurality of devices to operate in a backtracking mode so as to cause the selected at least one device to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level; and receiving said collected security related data at said increased level of detail. - View Dependent Claims (22)
-
-
23. A computer program, embodied on a non-transitory computer readable medium, the computer program configured to control a processor to perform a method comprising:
-
collecting security related data comprising a full detail level logging functionality of events; storing the collected security related data, selecting at least some of the collected security related data; sending at least some of said collected security related data from the full detail level logging functionality of events to a network security node, the amount of the collected security related data selected and sent over the network being dependent on a security level, where in a pull mode of operation initiated in response to a security alarm received from the security node, sending the at least some of said collected security related data is performed upon request of the security node; and where in response to a reception of a notification from the security node of an increase in security level from an initial security level at a certain point in time, operating in a backtracking mode so as to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level. - View Dependent Claims (24)
-
-
25. A computer program embodied on a non-transitory computer readable medium, the computer program configured to control a processor to perform a method comprising:
-
receiving collected security related data from a plurality of devices, the amount of collected security related data received being dependent on a security level of each device and comprising a portion of a full detail level logging functionality of events stored by each of the plurality of devices; correlating said received collected security related data to filter said received collected security related data; and determining security attacks from said received collected security related data; and sending information to set the security level of the plurality of devices, where in a pull mode of operation the receiving of the collected security related data from at least one of the plurality of devices is in response to sending a security alarm to the at least one device, and in response to a request that is sent to the at least one device to send the collected security related information; in response to a determined increase in security level from an initial security level at a certain point in time, causing selected at least one of the plurality of devices to operate in a backtracking mode so as to cause the selected at least one device to send over the network collected security related data at an increased level of detail both for times subsequent to the point in time and for times preceding the point in time, the increased level of detail relative to a level of detail for the initial security level; and receiving said collected security related data at said increased level of detail. - View Dependent Claims (26)
-
Specification