Reporting and processing controller security information

Assignee

• Karamba Security Ltd. · IL

Inventors

• Tal Efraim Ben David · Hogla, IL
• Assaf Harel · Ramat HaSharon, IL
• Amiram Dotan · Birmingham, US
• David Barzilai · Hod HaSharon, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/84
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.