Threat Management Device
The threat management device addresses the issue of sudden participant disconnections by notifying others of security threats and enabling reconnection, thereby minimizing conference disruptions.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SAXA
- Filing Date
- 2024-12-26
- Publication Date
- 2026-07-08
Smart Images

Figure 2026114102000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a threat management technology for forcibly disconnecting a connection with an information terminal where a security threat has been detected.
Background Art
[0002] A threat management device such as a UTM (Unified Threat Management) device is arranged on a path connecting a LAN to an upper communication network such as the Internet. When a security threat such as malware infection is detected in an information terminal connected to the LAN, it is configured to forcibly disconnect the connection between the LAN and the information terminal to suppress the spread of the security threat. Conventionally, as a technology for notifying the detection of such a security threat, Patent Document 1 describes a configuration in which information regarding the detection of a security threat is notified by telephone to a target user corresponding to an email in which the security threat has been detected. Thereby, the target user can quickly respond to the detected security threat.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In recent years, web conferences for sharing video and audio have been widely used among a plurality of information terminals connected via a communication network such as the Internet or a LAN. Participants in such a web conference can operate their own information terminals to receive and view emails and files sent from users including other participants during the web conference.
[0005] In such a case, if a security threat such as malware infection occurs as a result of browsing, the threat management device will detect the security threat and immediately forcibly disconnect the connection between the affected terminal and the LAN.
[0006] This resulted in the participant who was joining from the affected device suddenly leaving the web conference, leaving other participants unaware of the reason for their departure and causing confusion within the conference. Furthermore, according to Patent Document 1, the configuration involves notifying the user corresponding to the email in which the security threat was detected via telephone or other means, and does not consider notifying other participants of a security threat that occurred during a web conference.
[0007] The present invention aims to solve these problems and provides a threat management technology that can notify other participants of the reason for a participant's sudden departure from a web conference when the participant's information terminal is forcibly disconnected due to the detection of a security threat. [Means for solving the problem]
[0008] To achieve this objective, the threat management device according to the present invention includes a control circuit configured to detect security threats occurring at an information terminal by monitoring data communication between an information terminal connected to a subordinate LAN and a higher-level communication network, and to forcibly disconnect the connection to the target information terminal where a security threat has been detected from the LAN; and a storage circuit configured to store conference data indicating an information terminal among the information terminals that is participating in a web conference constructed by a web conferencing server connected to the LAN. The control circuit also includes an exit reason notification unit configured to refer to the conference data, join the target web conference in which the target information terminal where a security threat was detected was participating, and notify participants in the target web conference via the target web conference that the target participant of the target information terminal has left due to the occurrence of a security threat.
[0009] One example of the configuration of the threat management device according to the present invention includes a conference monitoring unit in which the control circuit detects information terminals participating in the web conference by monitoring the data communication of the information terminals and registers them in the conference data.
[0010] One example of the configuration of the threat management device according to the present invention includes a conference return unit in which the control circuit performs authentication processing with the target information terminal in response to a request for reconnection to the LAN from the target information terminal that has been forcibly disconnected, and notifies the web conference server of an invitation request to return the target information terminal to the target web conference upon successful authentication.
[0011] One example of the configuration of the threat management device according to the present invention includes a threat management unit in which the control circuit forcibly disconnects the sender's information terminal from the LAN if the email or file received by the target information terminal is the cause of the security threat and the sender of the email or file is a participant in the target web conference. [Effects of the Invention]
[0012] According to the present invention, if a participant's information terminal is forcibly disconnected due to the detection of a security threat and the participant suddenly leaves the web conference, the reason for the participant's departure can be notified to the other participants. As a result, the reason for the participant's sudden departure from the web conference is communicated to the other participants, which helps to suppress disruption to the web conference. [Brief explanation of the drawing]
[0013] [Figure 1] Figure 1 is a block diagram showing the configuration of the threat management device according to this embodiment. [Figure 2] Figure 2 is a sequence diagram showing the operation of the threat management device according to this embodiment. [Modes for carrying out the invention]
[0014] Next, embodiments of the present invention will be described with reference to the drawings. [This embodiment] First, the threat management device 10 according to this embodiment will be described with reference to the block diagram in Figure 1. The threat management device 10, as a whole, consists of relay devices such as a UTM device and a gateway, and is configured to relay connections between multiple information terminals 20 connected to the local area network (LAN) to a higher-level communication network NW such as the internet. The threat management device 10 is also configured to monitor the data communication of the information terminals 20 and to disconnect the logical connection to any information terminal 20 where a security threat such as malware infection is detected.
[0015] [Principle of the present invention] If a security threat is detected on an information terminal participating in a web conference, the threat management device 10 immediately disconnects the affected information terminal from the LAN to prevent the threat from spreading to other information terminals and to ensure the security of the LAN. As a result, the user who was using the disconnected information terminal will suddenly leave the web conference, causing other participants to not understand why the user left and leading to a chaotic web conference.
[0016] In web conferencing, information can be shared among participants using video, audio, and even messages. This invention utilizes these features of web conferencing to configure the threat management device 10 itself to participate in the web conferencing and notify other participants of the reason why the target user has left. This allows us to leverage the features of web conferencing to easily notify other participants of the reason for a participant's departure, thereby reducing disruption during web conferences.
[0017] [Threat Management Device] Next, the configuration of the threat management device 10 according to this embodiment will be described in detail with reference to the block diagram in Figure 1 mentioned above. The threat management device 10 includes, as main circuit components, a network I / F 11, a LAN I / F 12, a relay circuit 13, a memory circuit 14, and a control circuit 15. The threat management device 10 is connected to an information terminal 20 and a Web conference server 30 via a LAN. Hereinafter, a configuration in which the Web conference server 30 is connected to a LAN will be described as an example. However, the present invention is not limited to this, and the present invention can be similarly applied even when the Web conference server 30 is connected to a communication network NW.
[0018] The information terminal 20 is an information terminal such as a PC or a smartphone used by a user. The Web conference server 30 is a general server device configured to construct a Web conference for sharing video and audio between information terminals 20.
[0019] [Network I / F] The network I / F 11 is connected to the communication network NW via a communication line L and is configured to perform data communication with the communication network NW. [LAN I / F] The LAN I / F 12 is connected to the LAN and is configured to perform data communication with the information terminal 20 and the Web conference server 30 via the LAN. [Relay circuit] The relay circuit 13 is connected between the network I / F 11 and the LAN I / F 12 and is configured to relay and connect the data communication between the network I / F 11 and the LAN I / F 12.
[0020] [Memory circuit] The memory circuit 14 is composed of a storage device such as a semiconductor memory and is configured to store conference data 14A and a program 14P used in threat management processing executed by the CPU of the control circuit 15.
[0021] [Conference data] The conference data 14A is data in which information terminals 20 participating in the Web conference are registered for each Web conference constructed by the Web conference server 30. [Program] Program 14P is configured to work in cooperation with the CPU of the control circuit 15 to realize various processing units for executing threat management processing. Program 14P is read from an external device or recording medium (neither of which are shown) connected to the threat management device 10 and stored in the memory circuit 14 in advance.
[0022] [control circuit] The control circuit 15 has a CPU and its peripheral circuits, and is configured to realize various processing units for executing threat management processing by reading the program 14P from the memory circuit 14 and cooperating with the CPU. The main processing units realized by the control circuit 15 are the threat management unit 15A, the conference monitoring unit 15B, the exit reason notification unit 15C, and the conference return unit 15D.
[0023] [Threat Management Department] The threat management unit 15A monitors the data communication of the information terminal 20 via LANI / F12 and is configured to forcibly disconnect the logical connection to the target information terminal 20 if a security threat such as malware infection is detected on the information terminal 20. In this case, if the target information terminal 20 is connected to LANI / F12, the unit controls LANI / F12 to logically disconnect the target information terminal 20, and if the target information terminal 20 is connected to a HUB belonging to the LAN, the unit controls the HUB to logically disconnect the target information terminal 20.
[0024] Furthermore, the threat management unit 15A is configured to forcibly disconnect the sender's information terminal from the LAN if an email or file received by the target information terminal 20 is the cause of a security threat and the sender of the email or file is a participant in the target web conference.
[0025] [Meeting Monitoring Department] The conference monitoring unit 15B is configured to detect information terminals 20 participating in a web conference established by the web conference server 30 by monitoring the data communication of the information terminals 20 via LANI / F12, and to register the information terminals 20 participating in each web conference in the conference data 14A of the memory circuit 14.
[0026] [Reason for departure reported by the news department] The exit reason notification unit 15C is configured to refer to the meeting data 14A in the memory circuit 14, join the target web conference in which the target information terminal 20, where a security threat was detected, was participating, and notify the participants in the target web conference via the target web conference that the target participant of the target information terminal 20 has left due to the occurrence of a security threat.
[0027] [Meeting Reintegration Department] The conference recovery unit 15D is configured to perform authentication processing with the target information terminal 20 in response to a request from the forcibly disconnected target information terminal 20 to reconnect to the LAN, and to notify the web conferencing server 30 of an invitation request to return the target information terminal 20 to the target web conference upon successful authentication. As a result, the web conferencing server 30 notifies the target information terminal 20 of an invitation to join the target web conference, and the target information terminal 20 returns to the target web conference upon accepting the participation operation.
[0028] [Operation of this embodiment] Next, the operation of the threat management device 10 according to this embodiment will be described with reference to the sequence diagram in Figure 2. It should be assumed that the conference data 14A in the memory circuit 14 contains information terminals 20 participating in each web conference established by the web conference server 30.
[0029] If information terminals A, B, and C of the information terminals 20 are participating in a web conference established by the web conferencing server 30 (step 100), and a security threat occurs on information terminal C (step 101), the control circuit 15 of the threat management device 10 detects the security threat on information terminal C via the threat management unit 15A (step 102) and immediately disconnects the connection between the target information terminal C and the LAN (step 103). As a result, only information terminals A and B are participating in the web conference (step 104).
[0030] Next, the exit reason notification unit 15C searches the meeting data 14A in the memory circuit 14 to identify the web conference in which the target information terminal C, where a security threat was detected, was participating (step 105). Next, the exit reason notification unit 15C joins the target web conference by performing conference participation processing with the web conference server 30 via LANI / F12 (step 106), and notifies information terminals A and B, which are participating in the target web conference, via the target web conference that the target participant C has left due to a security threat (step 107). Furthermore, if the target information terminal C is not participating in the web conference in step 105, the series of threat detection processes will be terminated.
[0031] Therefore, participants joining the target web conference from information terminals A and B will be notified that the target participant on information terminal C has left due to a security threat. This ensures that other participants are informed of the target participant's sudden departure from the web conference, thus preventing disruption to the web conference. Furthermore, notification to information terminals A and B via the target web conference can be done using video and audio media data and messages that have been pre-registered in the memory circuit 14.
[0032] Subsequently, if the security threat on the target information terminal C is eliminated (step 110) and a request to reconnect to the LAN is sent from the target information terminal C, the conference recovery unit 15D performs authentication processing with the target information terminal C, and, upon successful authentication, restores the logical connection between the target information terminal C and the LAN (step 111), and reconnects the target information terminal C to the LAN (step 112).
[0033] Next, the conference return unit 15D notifies the web conference server 30 of an invitation request to return the target information terminal C to the target web conference (step 113). As a result, the web conference server 30 notifies the target information terminal C of an invitation to join the target web conference (step 114), and in response to the participation acceptance operation on the target information terminal C (step 115), the target information terminal C returns to the target web conference (step 116). As a result, the original information terminals A, B, and C are participating in the web conference (step 117).
[0034] Subsequently, in response to the conference invitation response sent from the web conferencing server 30 (step 118), the conference return unit 15D exits the target web conference by performing a conference exit process with the web conferencing server 30 (step 119), and terminates the series of threat management processes.
[0035] [Effects of this embodiment] As described above, the threat management device 10 according to this embodiment is configured such that the exit reason notification unit 15C of the control circuit 15 refers to the conference data 14A of the memory circuit 14, joins the target web conference in which the target information terminal 20, where a security threat was detected, was participating, and notifies the participants in the target web conference via the target web conference that the target participant of the target information terminal 20 has left due to the occurrence of a security threat. This allows us to leverage the features of web conferencing to easily notify other participants of the reason for a participant's departure, thereby reducing disruption during web conferences.
[0036] [Expansion of the embodiment] Although the present invention has been described above with reference to embodiments, the present invention is not limited to the above embodiments. Various modifications to the configuration and details of the present invention can be made that will be understood by those skilled in the art within the scope of the present invention. [Explanation of Symbols]
[0037] 10...Threat management device, 11...Network interface, 12...LAN interface, 13...Relay circuit, 14...Memory circuit, 14A...Conference data, 14P...Program, 15...Control circuit, 15A...Threat management unit, 15B...Conference monitoring unit, 15C...Exit reason notification unit, 15D...Conference return unit, 20...Information terminal, 30...Web conferencing server, LAN...Local area network, L...Communication line, NW...Communication network.
Claims
1. A control circuit is configured to monitor data communication between an information terminal connected to a subordinate LAN and a higher-level communication network, thereby detecting security threats occurring at the information terminal, and forcibly disconnecting the connection to the target information terminal from the LAN if a security threat is detected. The information terminal comprises a storage circuit configured to store conference data indicating an information terminal participating in a web conference established by a web conferencing server connected to the LAN, The control circuit includes an exit reason notification unit configured to refer to the conference data, join the target web conference in which the target information terminal from which a security threat was detected was participating, and notify the participants in the target web conference via the target web conference that the target participant from the target information terminal has left due to the occurrence of a security threat. A threat management device characterized by the following features.
2. In the threat management device according to claim 1, The threat management device is characterized in that the control circuit includes a conference monitoring unit that detects information terminals participating in the web conference by monitoring the data communication of the information terminals and registers them in the conference data.
3. In the threat management device according to claim 1 or claim 2, The threat management device is characterized in that the control circuit includes a conference return unit that performs authentication processing with the target information terminal in response to a request for reconnection to the LAN from the target information terminal that has been forcibly disconnected, and notifies the web conference server of an invitation request to return the target information terminal to the target web conference upon successful authentication.
4. In the threat management device according to claim 1 or claim 2, The threat management device is characterized in that the control circuit includes a threat management unit that, if an email or file received by the target information terminal is the cause of the security threat and the sender of the email or file is a participant in the target web conference, forcibly disconnects the sender's information terminal from the LAN.