Device for preventing, detecting and responding to security threats
First Claim
1. A device to prevent, detect, and respond to one or more security threats between a controlled host and one or more services used by the controlled host, the device comprising:
- a processing resource;
one or more communication ports for connecting the device to the controlled host and for connecting the one or more services directly to the device such that communications between the one or more services and the controlled host are examined by the device,wherein the one or more services are one or more of a display unit, a keyboard, and a mousememory for storing;
information pertaining to one or more users permitted to use the controlled host; and
one or more communication protocols associated with controlling the communications between the one or more services and the controlled host;
an input device for collecting, at the device, information pertaining to a user; and
a user authenticator for;
comparing the information pertaining to the user with the information pertaining to the one or more user permitted to use the controlled host; and
designating the user as one of;
an authorized user of the controlled host if the information pertaining to the user matches the information pertaining to one or more users permitted to use the controlled host; and
an unauthorized user of the controlled host if the information pertaining to the user does not match the information pertaining to one or more users permitted to use the controlled host,wherein, prior to the user authenticator designating the user as one of the authorized user and the unauthorized user, attempted communications from the one or more services to the controlled host are monitored by the device and are prevented from being received by the controlled host,wherein, responsive to the user authenticator designating the user as the authorized user, attempted communications from the one or more services are allowed to be received by the controlled host,wherein, responsive to the user authenticator designating the user as the unauthorized user, attempted communications from the one or more services are prevented from being received by the controlled host,wherein a characteristic of attempted communications from the one or more services to the controlled host is stored in the memory; and
wherein the one or more communication protocols;
in response to the user authenticator designating the user as the authorized user, authorize the communications between the one or more services and the controlled host; and
in response to the user authenticator designating the user as the unauthorized user, prevent the communications from the one or more services from being received by the controlled host;
log content of the attempted communications from the one or more services; and
analyze the logged content.
4 Assignments
0 Petitions
Accused Products
Abstract
A device to prevent, detect and respond to one or more security threats between one or more controlled hosts and one or more services accessible from the controlled host. The device determines the authenticity of a user of a controlled host and activates user specific configurations under which the device monitors and controls all communications between the user, the controlled host and the services. As such, the device ensures the flow of only legitimate and authorized communications. Suspicious communications, such as those with malicious intent, malformed packets, among others, are stopped, reported for analysis and action. Additionally, upon detecting suspicious communication, the device modifies the activated user specific configurations under which the device monitors and controls the communications between the user, the controlled host and the services.
-
Citations
17 Claims
-
1. A device to prevent, detect, and respond to one or more security threats between a controlled host and one or more services used by the controlled host, the device comprising:
-
a processing resource; one or more communication ports for connecting the device to the controlled host and for connecting the one or more services directly to the device such that communications between the one or more services and the controlled host are examined by the device, wherein the one or more services are one or more of a display unit, a keyboard, and a mouse memory for storing; information pertaining to one or more users permitted to use the controlled host; and one or more communication protocols associated with controlling the communications between the one or more services and the controlled host; an input device for collecting, at the device, information pertaining to a user; and a user authenticator for; comparing the information pertaining to the user with the information pertaining to the one or more user permitted to use the controlled host; and designating the user as one of; an authorized user of the controlled host if the information pertaining to the user matches the information pertaining to one or more users permitted to use the controlled host; and an unauthorized user of the controlled host if the information pertaining to the user does not match the information pertaining to one or more users permitted to use the controlled host, wherein, prior to the user authenticator designating the user as one of the authorized user and the unauthorized user, attempted communications from the one or more services to the controlled host are monitored by the device and are prevented from being received by the controlled host, wherein, responsive to the user authenticator designating the user as the authorized user, attempted communications from the one or more services are allowed to be received by the controlled host, wherein, responsive to the user authenticator designating the user as the unauthorized user, attempted communications from the one or more services are prevented from being received by the controlled host, wherein a characteristic of attempted communications from the one or more services to the controlled host is stored in the memory; and wherein the one or more communication protocols; in response to the user authenticator designating the user as the authorized user, authorize the communications between the one or more services and the controlled host; and in response to the user authenticator designating the user as the unauthorized user, prevent the communications from the one or more services from being received by the controlled host; log content of the attempted communications from the one or more services; and analyze the logged content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16)
-
-
10. A method for preventing, detecting, and responding to one or more security threats between a controlled host and one or more services connected to the controlled host, the method comprising:
-
collecting, at a device, information pertaining to a user; comparing the information pertaining to the user with information for one or more users permitted to use the controlled host; designating the user as one of; an authorized user if the information pertaining to the user matches the information pertaining to the one or more users permitted to use the controlled host; and an unauthorized user if the information pertaining to the user does not match the information pertaining to the one or more users permitted to use the controlled host; prior to the user being designated as one of the authorized user and the unauthorized user, monitoring attempted communications from the one or more services to the controlled host, wherein the one or more services are connected directly to the device and include one or more of a display unit, a keyboard, and a mouse; responsive to the user being designated as the authorized user, allowing attempted communications from the one or more services to be received by the controlled host; and responsive to the user being designated as the unauthorized user, preventing attempted communications from the one or more services to the controlled host from being received by the controlled host; logging content of the attempted communications from the one or more services to the controlled host; and analyzing the logged content. - View Dependent Claims (11, 12, 17)
-
-
13. A device to prevent, detect, and respond to one or more security threats between a controlled host and one or more services used by the controlled host, the device comprising:
-
a processing resource in communication with a memory resource, wherein the memory resource includes instructions stored thereon and executable by the processing resource to; collect, at the device, information pertaining to a user; compare the information pertaining to the user with information for one or more users permitted to use the controlled host; designate the user as one of; an authorized user if the information pertaining to the user matches the information pertaining to the one or more users permitted to use the controlled host; and an unauthorized user if the information pertaining to the user does not match the information pertaining to the one or more users permitted to use the controlled host; and prior to the user being designated as one of the authorized user and the unauthorized user, monitor attempted communications from the one or more services to the controlled host, log content of the attempted communications from the one or more services to the controlled host, and analyze the logged content; responsive to the user being designated as the authorized user, allow attempted communications from the one or more services to be received by the controlled host; and responsive to the user being designated as the unauthorized user, prevent attempted communications from the one or more services from being received by the controlled host, wherein the one or more services are connected directly to the device and include one or more of a display unit, a keyboard, and a mouse. - View Dependent Claims (14)
-
Specification