Cloud computing as a security layer

US 8,555,381 B2
Filed: 04/01/2009
Issued: 10/08/2013
Est. Priority Date: 04/01/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a computing cloud comprising at least one data storage unit and at least one processing unit;

wherein the computing cloud is configured to connect to a client, monitor traffic associated with the client, determine an operational mode of the client, generate a value for a condition of the monitored traffic, compare the generated value for the condition of the monitored traffic with a value for an anticipated traffic pattern associated with the operational mode to form a comparison, and determine if a security threat is indicated based on the comparison;

wherein, to generate the value for the condition of the monitored traffic, the computing cloud is configured to generate the value for the condition of the monitored traffic based on a number of factors including a number of destination Internet Protocol addresses for the traffic associated with the client, an amount of network bandwidth used at the client, and ports over which the traffic associated with the client is being transmitted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a computing cloud comprising at least one data storage unit and at least one processing unit. The computing cloud is configured to connect to at least one client and monitor the traffic of the at least one client. The computing cloud is further configured to determine an operational mode of the client, compare the monitored traffic with an anticipated traffic pattern associated with the operational mode, and determine if a security threat is indicated based on the comparison.

Citations

22 Claims

1. A system comprising:
- a computing cloud comprising at least one data storage unit and at least one processing unit;
  
  wherein the computing cloud is configured to connect to a client, monitor traffic associated with the client, determine an operational mode of the client, generate a value for a condition of the monitored traffic, compare the generated value for the condition of the monitored traffic with a value for an anticipated traffic pattern associated with the operational mode to form a comparison, and determine if a security threat is indicated based on the comparison;
  
  wherein, to generate the value for the condition of the monitored traffic, the computing cloud is configured to generate the value for the condition of the monitored traffic based on a number of factors including a number of destination Internet Protocol addresses for the traffic associated with the client, an amount of network bandwidth used at the client, and ports over which the traffic associated with the client is being transmitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the security threat comprises a denial of service (DOS) attack.
  - 3. The system of claim 1, wherein the security threat comprises a man-in-the-middle attack.
  - 4. The system of claim 1, wherein the operational mode is selected from a list of known operational modes, and wherein each operational mode in the list of known operational modes is associated with one or more characteristics regarding the anticipated traffic pattern associated with that operational mode.
  - 5. The system of claim 1, wherein the computing cloud is configured to report the security threat to the client.
  - 6. The system of claim 1, wherein the computing cloud is configured to filter data that reaches the client.
  - 7. The system of claim 6, wherein the filtering of data by the computing cloud comprises preventing spam and malware from reaching the client.
  - 8. The system of claim 6, wherein the filtering of data by the computing cloud comprises preventing unauthorized access to the client.
  - 9. The system of claim 4, wherein the list of known operational modes of the client includes a startup mode, a shutdown mode, a maintenance mode, a normal operation mode, and an installation mode.
  - 10. The system of claim 4, wherein the one or more characteristics regarding the anticipated traffic pattern associated with each operational mode include the amount of network bandwidth used, the number of destination Internet Protocol addresses used, and a list of the ports over which data may be transmitted.
  - 11. The system of claim 10, wherein, to form the comparison, the computing cloud is further configured to:
    - determine whether the amount of network bandwidth used at the client is within a threshold amount for the anticipated traffic pattern associated with the operational mode; and
      
      determine whether a port over which the traffic associated with the client is being transmitted is expected for the operational mode of the client.

12. A method comprising:
- defining a plurality of operational modes, wherein each operational mode is associated with at least one anticipated traffic pattern of a client;
  
  storing the plurality of operational modes;
  
  monitoring traffic of the client;
  
  determining the operational mode of the client;
  
  generating a value for a condition of the monitored traffic; and
  
  comparing the generated value for the condition of the monitored traffic of the client with a value for the anticipated traffic pattern associated with the operational mode of the client to form a comparison;
  
  wherein generating the value for the condition of the monitored traffic of the client comprises;
  
  generating the value for the condition of the monitored traffic based on a number of factors including a number of destination Internet Protocol addresses for the traffic associated with the client, an amount of network bandwidth used at the client, and ports over which the traffic associated with the client is being transmitted.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, further comprising:
    - preventing a computer intrusion by filtering data traffic based on the comparison.
  - 14. The method of claim 12, further comprising:
    - identifying a computer intrusion based upon detecting that the anticipated traffic pattern is not the same as the monitored traffic.
  - 15. The method of claim 12, wherein the method is performed by a computing cloud.
  - 16. The method of claim 12, wherein the client controls at least one industrial automation tool.
  - 17. The method of claim 12, wherein monitoring the traffic of the client comprises monitoring at least two traffic types.
  - 18. The method of claim 17, wherein the traffic types comprise a file transfer protocol traffic type and an email traffic type.

19. A system comprising:
- a computing cloud comprising at least one processing unit and at least one data storage unit; and
  
  a client configured to be connected to a network through the computing cloud;
  
  wherein the computing cloud is configured to determine an operational mode of the client, monitor network traffic of the client, generate a value for a condition of the monitored traffic, compare the generated value for the condition of the monitored traffic with a value for an anticipated traffic pattern associated with the operational mode to form a comparison, determine if a security threat is indicated based on the comparison, and maintain security of the client based on the operational mode;
  
  wherein, to generate the value for the condition of the monitored traffic, the computing cloud is configured to generate the value for the condition of the monitored traffic based on a number of factors including a number of destination Internet Protocol addresses for the traffic associated with the client, an amount of network bandwidth used at the client, and ports over which the traffic associated with the client is being transmitted.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, wherein the computing cloud is further configured to control high level operations of the client.
  - 21. The system of claim 19, wherein the computing cloud is configured to filter the network traffic of the client.
  - 22. The system of claim 19, wherein, upon the computing cloud determining that a network intrusion has occurred, the computing cloud is configured to filter network traffic from an intruder.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
McLaughlin, Paul F., Staggs, Kevin P.
Primary Examiner(s)
Reza, Mohammad W

Application Number

US12/416,811
Publication Number

US 20100257605A1
Time in Patent Office

1,651 Days
Field of Search

726/23, 726/3, 726/13, 726/22, 726/25, 713/154
US Class Current

726/22
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

Cloud computing as a security layer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud computing as a security layer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links