Isolated security monitoring system
First Claim
1. A computer device comprising:
- an integrated processing unit, the integrated processing unit comprising;
a user system comprising a first processor and a first computer storage medium; and
an auditor system comprising;
a second processor, wherein the second processor is isolated from the first processor; and
a second computer storage medium, wherein the second computer storage medium is isolated from the first computer storage medium so that the user system is unable to access data stored on the second computer storage medium, and the second computer storage medium stores instructions that, when executed by the second processor, cause the second processor to perform operations comprising;
receiving auditing data from a remote source over a secure communication channel;
loading the auditing data in isolation from the user system, wherein the auditing data specifies signatures of unauthorized processes and the user system is restricted from influencing loading of the auditing data onto the auditor system;
monitoring processes on the user system, and determining from the auditing data that one of the processes is an unauthorized process; and
performing one or more security processes on the unauthorized process.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for security monitoring. In one aspect, a device includes an integrated processing unit, including a user system and an auditor system. The user system includes a first processor and a first computer storage medium. The auditor system includes a second processor that is isolated from the first processor and a second computer storage medium that is isolated from the first computer storage medium. The second computer storage medium stores instructions that cause the second processor to load auditing data in isolation from the user system, monitor processes on the user system, determine from the auditing data that one of the processes is an unauthorized process, and perform one or more security processes on the unauthorized process.
-
Citations
27 Claims
-
1. A computer device comprising:
an integrated processing unit, the integrated processing unit comprising; a user system comprising a first processor and a first computer storage medium; and an auditor system comprising; a second processor, wherein the second processor is isolated from the first processor; and a second computer storage medium, wherein the second computer storage medium is isolated from the first computer storage medium so that the user system is unable to access data stored on the second computer storage medium, and the second computer storage medium stores instructions that, when executed by the second processor, cause the second processor to perform operations comprising; receiving auditing data from a remote source over a secure communication channel; loading the auditing data in isolation from the user system, wherein the auditing data specifies signatures of unauthorized processes and the user system is restricted from influencing loading of the auditing data onto the auditor system; monitoring processes on the user system, and determining from the auditing data that one of the processes is an unauthorized process; and performing one or more security processes on the unauthorized process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A computer-implemented method, comprising:
-
loading auditing data onto an auditor system, wherein the auditing data is received from a remote source over a secure communication channel and specifies signatures of unauthorized processes, and wherein the auditor system includes an auditor processor and an auditor computer storage medium; monitoring, with the auditor system, processes on a user system, and determining from the auditing data that one of the processes is an unauthorized process, wherein the user system includes a user processor and a user computer storage medium, the auditor processor is isolated from the user processor, and the auditor computer storage medium is isolated from the user computer storage medium, wherein the user system is restricted from influencing loading of the auditing data onto the auditor system; and performing, with the auditor system one or more security processes on the unauthorized process. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification