Method and device for managing security events
First Claim
Patent Images
1. A method comprising:
- establishing a security event manager on a mobile computing device;
receiving security event data with the security event manager, the security event data being generated on the mobile computing device by at least one security event source of the mobile computing device;
transmitting the security event data to an enterprise security event manager server in response to determining that the mobile computing device is communicatively coupled to the enterprise security event manager server; and
responding to the security event on the mobile computing device with the security event manager if the mobile computing device is not communicatively coupled to the enterprise security event manager server, wherein responding to the security event comprises;
(i) retrieving security policy data with the security event manager, the security policy data defining a set of security event rules for determining the occurrence of a security event; and
(ii) determining an occurrence of a security event with the security event manager based on the security event data and the security policy data by;
normalizing, on the mobile computing device, the security event data to generate normalized security event data, the normalized security event data having a predetermined data format;
aggregating, on the mobile computing device, the normalized security event data to generate aggregated security event data, the aggregated security event data summarizing the normalized security event data; and
correlating, on the mobile computing device, the aggregated security event data to determine an occurrence of a security event based on the security policy data and on context data associated with the mobile computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and device for managing security events includes establishing a security event manager on a mobile computing device. The security event manager may be embodied as software and/or hardware components. The security event manager receives security event data from a plurality of security event sources of the mobile computing device and correlates the security event data based on a security policy to determine whether a security event has occurred. The security event manager responds to the security event based on the security policy.
-
Citations
22 Claims
-
1. A method comprising:
-
establishing a security event manager on a mobile computing device; receiving security event data with the security event manager, the security event data being generated on the mobile computing device by at least one security event source of the mobile computing device; transmitting the security event data to an enterprise security event manager server in response to determining that the mobile computing device is communicatively coupled to the enterprise security event manager server; and responding to the security event on the mobile computing device with the security event manager if the mobile computing device is not communicatively coupled to the enterprise security event manager server, wherein responding to the security event comprises; (i) retrieving security policy data with the security event manager, the security policy data defining a set of security event rules for determining the occurrence of a security event; and (ii) determining an occurrence of a security event with the security event manager based on the security event data and the security policy data by; normalizing, on the mobile computing device, the security event data to generate normalized security event data, the normalized security event data having a predetermined data format; aggregating, on the mobile computing device, the normalized security event data to generate aggregated security event data, the aggregated security event data summarizing the normalized security event data; and correlating, on the mobile computing device, the aggregated security event data to determine an occurrence of a security event based on the security policy data and on context data associated with the mobile computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A mobile computing device comprising:
-
a security event manager; a processor; and a memory device having stored therein a plurality of instructions, which when executed by the processor, cause the security event manager to; receive security event data generated on the mobile computing device from a plurality of security event sources of the mobile computing device; transmit the security event data to an enterprise security event manager server in response to a determination that the mobile computing device is communicatively coupled to the enterprise security event manager server; and respond to a security event on the mobile computing device with the security event manager if the mobile computing device is not communicatively coupled to the enterprise security event manager server, wherein to respond to the security event comprises to; normalize, on the mobile computing device, the security event data to generate normalized security event data, the normalized security event data having a predetermined data format; aggregate, on the mobile computing device, the normalized security event data to generate aggregated security event data, the aggregated security event data summarizing the normalized security event data; and correlate, on the mobile computing device, the aggregated security event data based on a security policy and on context data associated with the mobile computing device to determine an occurrence of a security event, the security policy being stored on the mobile computing device and defining a set of security event rules for determining the occurrence of a security event. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A non-transitory machine-readable storage medium comprising a plurality of instructions, that in response to being executed, result in a mobile computing device:
-
establishing a security event manager on the mobile computing device; receiving security event data with the security event manager, the security event data being generated on the mobile computing device by a plurality of security event sources of the mobile computing device; transmitting the security event data to an enterprise security event manager server in response to determining that the mobile computing device is communicatively coupled to the enterprise security event manager server; and responding to a security event on the mobile computing device with the security event manager if the mobile computing device is not communicatively coupled to the enterprise security event manager server, wherein responding to the security event comprises; (i) normalizing the security event data, using the security event manager on the mobile computing device, to generate normalized security event data, the normalized security event data having a predetermined data format; (ii) aggregating the normalized security event data, using the security event manager on the mobile computing device, to generate aggregated security event data, the aggregated security event data summarizing the normalized security event data; and (iii) correlating the aggregated security event data based on a predetermined security policy and on context data associated with the mobile computing device, using the security event manager on the mobile computing device, to determine whether a security event has occurred. - View Dependent Claims (21, 22)
-
Specification