Policy-driven compliance
First Claim
1. A method comprising:
- capturing first network data, first host data, first process data, and first user data corresponding to a first flow that includes protected electronic information, the first network data captured by a first sensor of a first endpoint of a network, a second sensor of a second endpoint of the network, and a third sensor of a networking device along a data path corresponding to the first flow;
analyzing the first network data, the first host data, the first process data, and the first user data to determine a policy applicable to the first flow;
updating policy data based on an expected network action for the first flow and an actual network action for the first flow;
determining a first degree of accuracy of first flow data corresponding to the first flow captured by the first sensor;
determining a second degree of accuracy of second flow data corresponding to the first flow captured by the second sensor;
determining a third degree of accuracy of third flow data corresponding to the first flow captured by the third sensor; and
utilizing flow data having a highest degree of accuracy for the first flow.
1 Assignment
0 Petitions
Accused Products
Abstract
A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.
-
Citations
19 Claims
-
1. A method comprising:
-
capturing first network data, first host data, first process data, and first user data corresponding to a first flow that includes protected electronic information, the first network data captured by a first sensor of a first endpoint of a network, a second sensor of a second endpoint of the network, and a third sensor of a networking device along a data path corresponding to the first flow; analyzing the first network data, the first host data, the first process data, and the first user data to determine a policy applicable to the first flow; updating policy data based on an expected network action for the first flow and an actual network action for the first flow; determining a first degree of accuracy of first flow data corresponding to the first flow captured by the first sensor; determining a second degree of accuracy of second flow data corresponding to the first flow captured by the second sensor; determining a third degree of accuracy of third flow data corresponding to the first flow captured by the third sensor; and utilizing flow data having a highest degree of accuracy for the first flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a processor device; and a memory device including instructions that, upon being executed by the processor, cause the system to perform operations comprising; monitor network data, host data, process data, and user data for flows traversing a network, the network data monitored by a first sensor of a first endpoint of the network, a second sensor of a second endpoint of the network, and a third sensor of a networking device of the network, the flows including protected electronic information; determine policies applicable to the flows based on the network data, host data, process data, and user data; determine, based at least in part on one of the host data, the process data, or the user data, expected network actions for the flows by applying the policies to the network data; and update policy data based on the expected network actions and actual network actions for the flows; determine a first degree of accuracy of first flow data corresponding to the first flow captured by the first sensor; determine a second degree of accuracy of second flow data corresponding to the first flow captured by the second sensor; determine a third degree of accuracy of third flow data corresponding to the first flow captured by the third sensor; and utilize flow data having a highest degree of accuracy for the first flow. - View Dependent Claims (13, 14, 15)
-
-
16. A non-transitory computer-readable medium having computer readable instructions that, upon being executed by a processor of a first endpoint of a network, cause the first endpoint to perform operations comprising:
-
send a first flow including protected electronic information to a second endpoint of the network; capture first network data, first host data, first process data, and first user data corresponding to the first flow, the first network data captured by a first sensor of the first endpoint, a second sensor of the second endpoint, and a third sensor of a networking device along a data path corresponding to the first flow; determine a policy applicable to the first flow based at least in part on one of the first host data, the first process data, and the first user data; and update policy data based on an expected network action for the first flow and an actual network action for the first flow; determine a first degree of accuracy of first flow data corresponding to the first flow captured by the first sensor; determine a second degree of accuracy of second flow data corresponding to the first flow captured by the second sensor; determine a third degree of accuracy of third flow data corresponding to the first flow captured by the third sensor; and utilize flow data having a highest degree of accuracy for the first flow. - View Dependent Claims (17, 18, 19)
-
Specification