Browse Prior Art Database

Process for displaying machine event/flow/vulnerability/etc data on handheld or Heads-Up devices based upon multiple factors

IP.com Disclosure Number: IPCOM000237167D
Publication Date: 2014-Jun-06
Document File: 3 page(s) / 109K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a system to overlay threat data on the screen of a mobile device or through the Heads-Up Display (HUD) of a wearable device in order to provide the user with a live indicator of what is happening on a machine or network device that might be under attack.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Process for displaying machine event/flow/vulnerability/etc data on handheld or Heads-Up devices based upon multiple factors

Security Information and Event Management (SIEM) products currently track network traffic, log activity, device configurations, vulnerabilities on assets, assets information, etc. However, this information is generally managed through a central dashboard that is accessed through typical access points (i.e. browsers on a physical machine, laptop, or mobile device). These products may monitor many machines that cross over multiple physical locations. For example, if there is an asset that has serious vulnerabilities or is currently under attack, it is identified in the SIEM, and the user may need to find the machine information , and then physically locate that machine to correct the issue.

Most mobile devices have barcode readers, can detect Radio Frequency Identification (RFID) tags, contain Global Positioning Systems (GPS), and have cameras and more ways to receive input. These features allow a mobile device to determine what is in view. In addition, technologies exist for heads-up displays and overlays.

To better leverage these technologies, a method or system is needed to pull together barcodes, geo-tagged locations, RFIDs, overlays, mobile devices, and machine vulnerability (SIEM) data and then visually provide the information to the user.

The novel contribution is a system to overlay threat data on the screen or through the Heads-Up Display (HUD). This provides the user a live look at what is happening on the machine or network device in question. In addition, such a system allows users to view device traffic in real time (e.g., firewall, router, etc.) and view network traffic as it is captured by the SIEM. The system detects/reads-in device information (based on RFID, barcode, geo-referenced data, etc.) and displays a risk or vulnerability highlight to the user that indicates the state of that machine based on information that has been gathered by an SIEM .

The system uses queries that are available in the SIEM, as well as technology that is present in most mobile devices (e.g., RFID Readers, GPS, cameras, and barcode scanners) to provide the user with real-time, visual indications of machines that are under attack. With the addition a way to geo-reference the specific systems, the information in the SIEM can be auto-queried and presented to the user. In this way, a user of a wearable mobile device can see in real time the state of devices while moving around the workplace. This can be done, for example, through markers presented or overlayed on the mobile device, on or over the systems. The user can then use an application on the device to bring up a more elaborate query of that specific machine and drill down into the specifics of that system without having access to a laptop/console window.

The perquisites for this sys...