Systems and methods for combined physical and cyber data security
First Claim
Patent Images
1. A method comprising:
- receiving, by an electronic front-end unit, communication traffic of a computer system from one or more sources;
identifying, by an electronic correlation unit, in the received communication traffic a cyber security event and a physical security event, wherein the cyber security event is an occurrence of unauthorized access to the computer system through the use of malicious software, and wherein the physical security event is an occurrence of unauthorized physical entry into a location where the computer system is physically located; and
identifying, by the electronic correlation unit, an intrusion by correlating the cyber security event and the physical security event by using location-based correlation and identity-based correlation.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for protecting computer systems against intrusion. The disclosed techniques detect intrusions by jointly considering both cyber security events and physical security events. In some embodiments, a correlation subsystem receives information related to the computer system and its physical environment from various information sources in the cyber domain and in the physical domain. The correlation subsystem analyzes the information and identifies both cyber security events and physical security events. The correlation subsystem finds cyber security events and physical security events that are correlative with one another, and uses this correlation to detect intrusions.
22 Citations
19 Claims
-
1. A method comprising:
-
receiving, by an electronic front-end unit, communication traffic of a computer system from one or more sources; identifying, by an electronic correlation unit, in the received communication traffic a cyber security event and a physical security event, wherein the cyber security event is an occurrence of unauthorized access to the computer system through the use of malicious software, and wherein the physical security event is an occurrence of unauthorized physical entry into a location where the computer system is physically located; and identifying, by the electronic correlation unit, an intrusion by correlating the cyber security event and the physical security event by using location-based correlation and identity-based correlation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus, comprising:
-
a front-end unit, which is configured to receive communication traffic of a computer system from one or more sources; and a correlation subsystem, which is configured to; identify in the received communication traffic a cyber security event and a physical security event, wherein the cyber security event is an occurrence of unauthorized access to the computer system through the use of malicious software, and wherein the physical security event is an occurrence of unauthorized physical entry into a location where the computer system is physically located; and identify an intrusion by correlating the cyber security event and the physical security event using location-based correlation and identity-based correlation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium having stored thereon instructs that, when executed by a processor, direct the processor to:
-
receive communication traffic of a computer system from one or more sources; identify in the received communication traffic a cyber security event and a physical security event, wherein the cyber security event is an occurrence of unauthorized access to the computer system through the use of malicious software, and wherein the physical security event is an occurrence of unauthorized physical entry into a location where the computer system is physically located; and identify an intrusion by correlating the cyber security event and the physical security event using location-based correlation and identity-based correlation. - View Dependent Claims (18, 19)
-
Specification