Context-aware training systems, apparatuses, and methods

US 9,280,911 B2
Filed: 03/15/2013
Issued: 03/08/2016
Est. Priority Date: 04/08/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing cybersecurity training to a user, comprising:

by one or more processors of a cloud-based system, generating a command to present a user with a mock attack situation;

by a sensor device, sensing an action of the user when using an electronic device in response to the mock attack situation, wherein the sensor device comprises at least one of the following;

a USB sensor device configured to detect that the user has connected a USB device to the electronic device, ora Wi-Fi sensor device configured to detect that the user has connected or attempted to connect the electronic device to a Wi-Fi access point;

by the one or more processors of the cloud-based system, using data from the sensor device to determine that, in response to the mock attack situation, the user has performed an action that indicates a need for the user to receive a cybersecurity training intervention relating to the performed action; and

by the one or more processors of the cloud-based system, generating a command to deliver the cybersecurity training intervention to the user via an electronic device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A context-aware training system senses sensing a user action that may expose the user'"'"'s computer to a cybersecurity threat. The system selects training action from a collection of available training actions and causes the training action to be selected to the user.

Citations

20 Claims

1. A computer-implemented method of providing cybersecurity training to a user, comprising:
- by one or more processors of a cloud-based system, generating a command to present a user with a mock attack situation;
  
  by a sensor device, sensing an action of the user when using an electronic device in response to the mock attack situation, wherein the sensor device comprises at least one of the following;
  
  a USB sensor device configured to detect that the user has connected a USB device to the electronic device, ora Wi-Fi sensor device configured to detect that the user has connected or attempted to connect the electronic device to a Wi-Fi access point;
  
  by the one or more processors of the cloud-based system, using data from the sensor device to determine that, in response to the mock attack situation, the user has performed an action that indicates a need for the user to receive a cybersecurity training intervention relating to the performed action; and
  
  by the one or more processors of the cloud-based system, generating a command to deliver the cybersecurity training intervention to the user via an electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising, by the one or more processors of the cloud-based system:
    - in response to detecting that the user has performed the action, identifying a threat scenario for which the user is at risk;
      
      identifying a collection of available cybersecurity training interventions that are relevant to the threat scenario;
      
      selecting from the collection, based on the identified threat scenario, the training intervention to be delivered to the user.
  - 3. The method of claim 2, wherein selecting the training intervention is also based on user behavior data or historical training data for the user.
  - 4. The method of claim 1, further comprising, by the one or more processors of the cloud-based system:
    - recording a response of the user to the cybersecurity training intervention; and
      
      storing the response with the user behavior data or historical training data in a data storage system.
  - 5. The method of claim 1, further comprising, by the one or more processors of the cloud-based system, customizing the cybersecurity training intervention based on the performed action or information about the user other than the performed action, the information comprising user behavior data, historical user data, or user profile information.
  - 6. The method of claim 2, wherein selecting the cybersecurity training intervention comprises:
    - using a risk model to identify a combination of cybersecurity training interventions; and
      
      prioritizing the identified cybersecurity training interventions in the combination.
  - 7. The method of claim 2, further comprising, by the one or more processors of the cloud-based system:
    - sending a list of available cybersecurity training interventions to a system administrator interface for review and selection; and
      
      causing the selected cybersecurity training intervention to be delivered to the user via an electronic device in response to a selection from the system administrator interface.
  - 8. The method of claim 2, further comprising, by the one or more processors of the cloud-based system:
    - sending the selected cybersecurity training intervention to the user;
      
      receiving feedback from user interaction with the cybersecurity training intervention; and
      
      based on the feedback, selecting and sending an additional cybersecurity training intervention to the user via an electronic device.

9. A computer-implemented method of providing cybersecurity training to a user, comprising:
- by one or more processors of a cloud-based system;
  
  receiving, from a sensor device, a sensed action of the a user of an electronic device, wherein the sensor device and sensed action comprise at least one of the following;
  
  a USB sensor device, and that the user has connected a USB device to the electronic device, ora Wi-Fi sensor and that the user has connected or attempted to connect the electronic device to a Wi-Fi access point;
  
  using data from the sensor device to determine that the user is at risk for a cybersecurity threat scenario;
  
  identifying a data storage system comprising a collection of available training interventions that are relevant to the cybersecurity threat scenario;
  
  accessing a training needs model for the user;
  
  selecting a training intervention from the collection that relates to the identified threat scenario, wherein the selecting is based on the identified cybersecurity threat scenario and one or more of the following;
  
  historical user training data, user behavior data or user profile information; and
  
  generating a command to deliver the training intervention to the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising delivering the selected training intervention to the user as a mock situation that comprises an interactive intervention.
  - 11. The method of claim 9, further comprising, by the one or more processors of the cloud-based system:
    - recording a response of the user to the selected training intervention; and
      
      storing the response with the historical user training data or user behavior data in a data storage system.
  - 12. The method of claim 9, wherein determining that the user has performed an action that may subject the user to a threat scenario comprises, by the one or more processors of the cloud-based system:
    - using a risk model to determine, based on a frequency of the user'"'"'s performance of the action, a susceptibility of the user falling victim to the threat scenario; and
      
      determining that the frequency exceeds a risk threshold based on a cost associated with the threat scenario.
  - 13. The method of claim 12, wherein selecting the training intervention comprises, by the one or more processors of the cloud-based system:
    - using the risk model to identify a combination of training interventions; and
      
      prioritizing the identified training interventions in the combination.
  - 14. The method of claim 9, further comprising, by the one or more processors of the cloud-based system:
    - sending a list of available training interventions to a system administrator for review and selection; and
      
      causing the selected training intervention to be delivered to the user in response to the system administrator'"'"'s selection.
  - 15. The method of claim 9, further comprising, by the one or more processors of the cloud-based system:
    - sending the selected training intervention to the user via the electronic device;
      
      receiving feedback from user interaction with the training intervention; and
      
      based on the feedback, selecting and sending an additional training intervention to the user via an electronic device.

16. A cybersecurity training system, comprising:
- a first computer-readable memory portion containing a collection of available cybersecurity training interventions;
  
  a second computer-readable memory portion containing a risk model comprising a susceptibility estimate of a user of an electronic device falling victim to a cybersecurity threat scenario;
  
  a sensor device comprising;
  
  a USB sensor device configured to detect that the user has connected a USB device to the electronic device, ora Wi-Fi sensor device configured to detect that the user has connected or attempted to connect the electronic device to a Wi-Fi access point; and
  
  a computer system comprising one or more processors and computer-readable instructions that, when executed by the one or more processors, cause the computer system to;
  
  receive, from the sensor device, a sensed action of the user, wherein the sensed action comprises;
  
  that the user has connected a USB device to the electronic device, orthat the user has connected or attempted to connect the electronic device to a Wi-Fi access point; and
  
  determine, based on the sensed data and the risk model, that the user is at risk for a cybersecurity threat scenario;
  
  select, based on the cybersecurity threat scenario, a cybersecurity training intervention from the collection; and
  
  generate a command to deliver the cybersecurity selected training intervention to the user via an electronic device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the instructions for determining that the user is at risk for a cybersecurity threat scenario comprise instructions to generate a command to sense a user'"'"'s response to a mock attack situation.
  - 18. The system of claim 16, wherein the instructions for selecting the cybersecurity training intervention comprise instructions to:
    - use the risk model to identify a combination of cybersecurity training interventions; and
      
      prioritize the identified cybersecurity training interventions in the combination.
  - 19. The system of claim 16, further comprising instructions that, when executed by the one or more processors, cause the computer system to:
    - send the selected cybersecurity training intervention to the user via an electronic device;
      
      receive feedback from user interaction with the cybersecurity training intervention; and
      
      based on the feedback, select and send an additional cybersecurity training intervention to the user via an electronic device.
  - 20. The system of claim 16, further comprising instructions that, when executed by the one or more processors, cause the computer system to customize the selected cybersecurity training intervention based on the performed action or information about the user other than the performed action, the information comprising user behavior data, historical user data, or user profile information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Wombat Security Technologies, Inc (Proofpoint Incorporated)
Inventors
Sadeh-Koniecpol, Norman, Wescoe, Kurt, Brubaker, Jason, Hong, Jason
Primary Examiner(s)
Gishnock, Nikolai A

Application Number

US13/832,070
Publication Number

US 20130203023A1
Time in Patent Office

1,089 Days
Field of Search

703/13
US Class Current

1/1
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/562   Static detection

G06F 21/563   by source code analysis

G06F 21/564   by virus signature recognition

G06F 21/565   by checking file integrity

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G09B 19/00   Teaching not covered by oth...

G09B 5/00   Electrically-operated educa...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/1458   Denial of Service

H04L 63/1466 : Active attacks involving in...

H04L 63/1475 : Passive attacks, e.g. eaves...

H04L 63/1483 : service impersonation, e.g....

H04L 63/1491 : using deception as counterm...

View All

Context-aware training systems, apparatuses, and methods

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Context-aware training systems, apparatuses, and methods

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links