699 results about "Remedial action" patented technology

Techniques described herein enable virtualizing a processor into one or more virtual machines and suspending an operating system of one of the virtual machines from outside of the operating system environment. Once suspended, these techniques capture a snapshot of the virtual machine to determine a presence of malware. This snapshot may also be used to determine whether an unauthorized change has occurred within contents of the virtual machine. Remedial action may occur responsive to determining a presence of malware or an unauthorized change.

A computer includes a virtual machine controlled by a hypervisor. The virtual machine runs a virtualized operating system with running processes. A security initialization module sets the state in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a process making a system call in the virtualized operating system. Responsive to execution being passed from the virtual machine to the hypervisor, a security module analyzes the process making the system call to determine whether it poses a security threat. If a security threat is found, the security module takes remedial action to address the threat.

Method for assuring that the operator of a vehicle is an authorized driver, the method including utilizing an onboard, multi-mode driver identification system to ascertain whether an operator is an authorized driver. A first driver identification procedure is performed on a present operator of the vehicle and determining whether the present operator is an authorized or unauthorized driver of the vehicle. A second driver identification procedure is performed on the present operator of the vehicle and determining whether the present operator is an authorized or unauthorized driver of the vehicle, wherein the first and second driver identification procedures are performed with a time interval therebetween, the time interval being dependent upon the nature of the work being performed by the operator. A remedial measure is exercised to avert potentially negative impact when the present operator of the vehicle is determined to be an unauthorized driver based upon at least one of the performed identification procedures.

Systems and methods for measuring access risk associated with an enterprise having at least one resource accessible by at least one user with at least one entitlement to access the resource. Some embodiments implement a method of identifying the resources, users, and entitlements and associating access risk scores with the entitlements. The method can include combining the access risk scores associated with each user to form composite access risks scores and outputting the composite access risk scores. In some embodiments, the user with the highest composite access risk score can be identified and remedial action taken. The highest access risk user of some embodiments may be a department, a division, a subsidiary, or an organization. The method can occur in real time and an administrator can be alerted to changes in entitlements. Access risk scores can be adjusted for compensating controls and personal factors and attributes of the users.

An analytics-based security monitoring system includes instructions that may be executed by a computing system to receive data in the form of event logs from one or more network devices transferred through a computing environment, detect a plurality of behavioral characteristics from the received event logs, identify behavioral fragments composed of related behavioral characteristics, and identify an attack by correlating the behavioral fragments against patterns of known malicious attacks. The analytics-based security monitoring system may then perform a learning process to enhance further detection of attacks and perform one or more remedial actions when an attack is identified.

A page list comprising a list of transitions between network resources is established. Subsequently, a transition is detected between a first network resource and a second network resource. An expected security level associated with the transition is identified based on the page list. Responsive to the detected security level being determined to be lower than the expected security level, a remedial action is performed.

A method for managing policy in a service-oriented architecture includes intercepting a communication representing a transaction between a client and a service along a network, interpreting the communication to determine details of the transaction, determining if the transaction complies with policy based on the details of the transaction and remediating where the transaction is determined to not comply with the policy.

A method and system for monitoring and maintaining the consistency of replicated databases in a shared-nothing database cluster architecture is presented. The method involves the continuous monitoring of the database transaction logs that are maintained by the autonomous database managers that manage the individual database replicas in the cluster. In the event that data discrepancies are detected via the comparison of the transaction logs of the individual database replicas, remedial action is carried out according to configured rules in the main cluster controller. These remedial actions may include, but are not limited to, making a database node inactive within the cluster, or automatically repairing any data discrepancies that are detected among the database replicas in the cluster.

A patient care monitoring system and method employ active RFID devices integrated with digital processing, memory and timing circuitry for patient identification, care giver identification and for identification of each prescribed treatment, procedure, medication and general and / or special care action. At the point-of-care, each care action identity device will match directly with the targeted patient identity device or issue an error warning to prevent mistakes. The patient identity device will also interact with an associated sensor network to proactively prompt care givers to provide general care actions, such as altering a patient's laying position, changing bed pan / clothing / bed sheet, etc. for invalid patients. Also the patient identity tag will furnish periodic records of every care action, mistakes, remedies, care givers' identities and time and date for a central processor of a healthcare facility to monitor the quality of patient care. Such record can also be potentially accessed via the Internet by the responsible regulatory agencies, accreditation associations, insurance firms and even patients' families to ensure patient care is meeting the standards as well as medical billing accuracy.

A method and apparatus is provided that includes techniques for providing complete solutions for role-based, rules-driven access enforcement, the techniques including situational awareness and video surveillance. An embodiment addresses blended risk assessment and security across logical systems, IT applications, databases, and physical systems from a single analytic dashboard, with auto-remediation capabilities. Further, an embodiment provides capability and functionality for co-relating seemingly innocent events and activities to detect real threats and risks, while providing powerful alerting and automated remedial action strategies for decisive action.

The solution of the present application provides many types and forms of resources, such as products or services, to an environment of heterogeneous devices. An agent and centralized service may communicate to deliver an optimum package of resources to a device. Each device may include an agent that collects information important to determining the appropriate resources for the device and understanding the environment the devices are contributing to. The information may be stored and analyzed in a cross device knowledge base, and the knowledge base may be consulted to determine resources appropriate for devices. The agent and centralized service may engage in pro-active alerting and provisioning of services, based on any collected information, to minimize the burden of resource procurement on the customer. After delivery of resources, the agent and centralized service may also perform updating, repairing, and healing functions for the resources. Resources may be aggregated into a cohesive platform to be combined and delivered in an optimum manner, and resources may also be maintained and monitored to ensure their quality via escalation or remedial action. Devices may be connected to the resources through intelligent routing.

A system and method are provided for detecting extension attacks made to a communication enterprise, and taking appropriate remedial action to prevent ongoing attacks and future attacks. One or more attributes of a suspect call are analyzed, and a risk is associated with each analyzed attribute. An overall risk or assessment is then made of the analyzed attributes, attack attributes are logged, and one or more remedial actions may be triggered as a result of the analyzed call attributes. The remedial actions may include recording the call, notifying an administrator of a suspect call, or isolating the communication enterprise from the attack by terminating the call or shutting down selected communication endpoints to prevent calls being made to those extensions. Rules may be applied to the analyzed attributes in order to trigger the appropriate remedial action. The call attributes analyzed may include call destination, call direction, call type, time of day of the call, call duration, whether a call source is spoofed, call volume from a particular call source, and hash values created for a suspect media stream.

A method includes collecting system calls and call parameters invoked by monitored applications for target computer systems. The system calls and call parameters are received from operating system kernels on the plurality of target computer systems. Sequences of systems calls and call parameters of the monitored applications are correlated among different target computer systems to deduce malicious activities. Remedial action(s) are performed in response to malicious activities being deduced as being malicious by the correlating. Another method includes determining that network activity at a specific time is deemed to be suspicious. Using IP addresses involved in the suspicious network activity, computer system(s) are determined that are sources of the suspicious network activity. Based on the specific time and the determined computer system(s), application(s) are determined that are executing on the determined computer system(s) that are causing the suspicious network activity. Remedial action(s) are performed for the determined computer system(s).

Generally speaking, systems, methods and media for management of grid computing resources based on service level requirements are disclosed. Embodiments of a method for scheduling a task on a grid computing system may include updating a job model by determining currently requested tasks and projecting future task submissions and updating a resource model by determining currently available resources and projecting future resource availability. The method may also include updating a financial model based on the job model, resource model, and one or more service level requirements of an SLA associated with the task, where the financial model includes an indication of costs of a task based on the service level requirements. The method may also include scheduling performance of the task based on the updated financial model and determining whether the scheduled performance satisfies the service level requirements of the task and, if not, performing a remedial action.

Providing secure web application development and operation. In a web development environment, code developed for the web application is analyzed to identify vulnerabilities and remedial actions are identified. The remedial actions may be automatically invoked or a developer can be prompted to take particular actions to remediate the vulnerability.

An enterprise vulnerability management application (EVMA), enterprise vulnerability management process (EVMP) and system. In one embodiment, the EVMP may include executing computer software code on at least one computer hardware platform to receive login information from a user, inventory current information technology assets of the enterprise, conduct vulnerability scanning of the inventoried information technology assets, analyze vulnerability correlation and prioritization of the information technology assets, remediate one or more vulnerabilities of the information technology assets, and report to the user about the vulnerabilities and remediation undertaken. As part of the analysis, one or more vulnerability scores such as, for example, Common Vulnerability Scoring System (CVSS) scores, may be generated from base score metrics, temporal score metrics and environment score metrics.

A method includes determining an operational parameter of a first vehicle traveling with a plurality of vehicles in a transportation network and / or a route in the transportation network, identifying a failure condition of the first vehicle and / or the route based on the operational parameter, obtaining plural different sets of remedial actions that dictate operations to be taken based on the operational parameter, simulating travel of the plurality of vehicles in the transportation network based on implementation of the different sets of remedial actions, determining potential consequences on travel of the plurality of vehicles in the transportation network when the different sets of remedial actions are implemented in the travel that is simulated, and based on the potential consequences, receiving a selection of at least one of the different sets of remedial actions to be implemented in actual travel of the plurality of vehicles in the transportation network.

In embodiments of the present invention improved capabilities are described for the steps of identifying, through a monitoring module of a security software component, a data extraction behavior of a software application attempting to extract data from an endpoint computing facility; and in response to a finding that the data extraction behavior is related to extracting sensitive information and that the behavior is a suspicious behavior, causing the endpoint to perform a remedial action. The security software component may be a computer security software program, a sensitive information compliance software program, and the like.

An early-warning security system for monitoring and tracking in real-time or at least in near-real-time the activities and movements associated with prescribed personnel, personal property, mobile vehicles, and buildings. The system comprises a plurality of in situ local controllers having a microprocessor and a coordinated plurality of conspicuous and clandestine digital video cameras for continuously producing digital audio and visual signals, uplinking such signals via a suitable wireless telecommunications device to a satellite, general packet radio service, the Internet, intranet or extranet, and then downlinking these signals to a plurality of control centers for recording and analysis thereof. Uplinking of these digital signals may occur continuously or may be activated by a manual or predefined trigger event. Preventive or remedial action is immediately taken when perturbations from normal behavior or activities are observed in the recorded audio and visual signals.

A system and method for monitoring manual welding that includes a welding system that further includes hardware and software components for gathering and processing data in real time, wherein the data is derived from an actual welding exercise conducted by a welder; providing the system with part information, process variable control targets, and acceptability limits; selecting a part to be welded from the part information; indicating a production task to be completed on the part; performing the indicated production task; providing real-time feedback to the welder performing the task; evaluating the quality of the welder's performance of the task based on the process variable control targets and acceptability limits; if necessary, requiring remedial action with regard to the quality of the performance of the task; and storing data gathered from the evaluation of the performance of the task.

Systems and methods for detecting malware in a selected computer that is part of a network of computers. The approach includes inspecting a predetermined set of operational attributes of the selected computer to detect a change in a state of the selected computer. In response to a detected change in state, the selected computer is scanned to create a snapshot of the overall state of the selected computer. The snapshot is transmitted to an analytic system wherein it is compared with an aggregated collection of snapshots previously respectively received from a plurality of computers in the computer network. Based on the comparison, anomalous state of the selected computer can be identified. In turn, a probe of the selected computer is launched to gather additional information related to the anomalous state of the selected computer so that a remediation action for the anomalous state of the selected computer can be generated.

Drilling tools that may detect and dynamically adjust drilling parameters to enhance the drilling performance of a drilling system used to drill a well. The tools may include sensors, such as RPM, axial force for measuring the weight on a drill bit, torque, vibration, and other sensors known in the art. A processor may compare the data measured by the sensors against various drilling models to determine whether a drilling dysfunction is occurring and what remedial actions, if any, ought to be taken. The processor may command various tools within the bottom hole assembly (BHA), including a bypass valve assembly and / or a hydraulic thruster to take actions that may eliminate drilling dysfunctions or improve overall drilling performance. The processor may communicate with a measurement while drilling (MWD) assembly, which may transmit the data measured by the sensors, the present status of the tools, and any remedial actions taken to the surface.

A building monitoring computer system for monitoring building integrity may be provided. Various types of sensors may be embedded throughout or within certain portions of different types of building or construction material making up the building, such as within roofing, foundation, or structural materials. The sensors may be in wireless communication with a home controller. The sensors may be water, moisture, temperature, vibration, or other types of sensors, and may detect unexpected or abnormal conditions within the home. The sensors and / or home controller may transmit alerts to a mobile device of the home owner associated with the unexpected condition, and / or that remedial actions may be required to repair the home or mitigate further damage to the home. The sensor data may also be communicated to an insurance provider remote server to facilitate the insurance provider communicating insurance-related recommendations, updating insurance policies, or preparing insurance claims for review for home owners.

Once a potential bottleneck is identified, the system provides a methodology for locating the bottleneck. The methodology involves checking in order each of the application, transport and network layers of a sender and receiver nodes for performance problems. Conditions are defined for each of the layers at the sender and receiver nodes that are indicative of a particular type of bottleneck. When the conditions are met in any one of the layers, the system can be configured to stop the checking process and output a message indicating the presence of a bottleneck in the layer and its location. In addition, the system can be configured to generate and output a remedial action for eliminating the bottleneck. The system can be configured to perform the action automatically or after receiving a confirmation from the user.