| CPC H04L 63/1458 (2013.01) [H04L 41/145 (2013.01); H04L 41/147 (2013.01); H04L 63/1416 (2013.01)] | 17 Claims |
|
1. A computer implemented method for remote intrusion monitoring of a networked device, comprising the following steps:
receiving, by an intrusion detection engine connected to a network, a network communication to a first networked device;
transmitting, via the intrusion detection engine, a duplicate of the network communication to a second networked device, wherein the second networked device hosts at least one virtual model of the first networked device, wherein the at least one virtual model at least partially duplicates or emulates an internal operating environment of the first networked device, and wherein the second networked device is a gateway server;
applying the duplicated network communication to the at least one virtual model of the first network device hosted by the second networked device;
monitoring, using a monitoring engine, the at least one virtual model of the first networked device upon reception of the duplicated network communication by the at least one virtual model;
detecting, at a subscription server, a connection of the first networked device to the network;
obtaining an identifier of the first networked device and comparing the identifier to a plurality of records in the subscription server;
instantiating the at least one virtual model of the first networked device on the second network device when the first networked device is associated with a valid user account at the subscription server, wherein the at least one virtual model is obtained from a datastore including a plurality of virtual models of a plurality of networkable devices;
metering, at the subscription server, a usage of the at least one virtual model of the first networked device; and
based on detecting the first networked device is removed from the network such that the first networked device is not in contact with the gateway server any longer:
pausing the at least one virtual model in a last state that the at least one virtual model was in before the first network device was removed from the network, and
storing the paused at least one virtual model in the last state in the datastore.
|