×

Internal controls engine and reporting of events generated by a network or associated applications

  • US 10,095,878 B2
  • Filed: 08/11/2017
  • Issued: 10/09/2018
  • Est. Priority Date: 06/02/2015
  • Status: Active Grant
First Claim
Patent Images

1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:

  • obtaining, with one or more processors, with a network controls engine, network traffic, wherein;

    the network traffic is sent across a network between source computing devices and destination computing devices;

    the source computing devices and destination computing devices are different computing devices from one or more computing devices executing the network controls engine;

    at least one of the source or destination computing devices are on the network carrying the network traffic; and

    the network has a plurality of computing devices causing the network traffic and which are assigned addresses on the network;

    applying, with one or more processors, with the network controls engine, a plurality of rules to the network traffic to identify rules with criteria satisfied by the network traffic, wherein criteria of at least some of the rules are based on at least one respective instance of each of two or more of the following, though not necessarily in the same rule;

    a rate of a type of network event occurring in the network traffic;

    a pattern appearing in human-readable natural language text of an email;

    an attempt to access data or a computing device designated as high-security;

    deviation from a predictive model configured based on previous behavior on the network;

    orgeolocation of a computing device sending or receiving the network traffic;

    causing, with one or more processors, with the network controls engine, one or more actions prescribed by one or more identified rules with criteria satisfied by the network traffic, wherein the one or more actions include each of the following, though not necessarily in the same action;

    sending a notification;

    logging an event in a data repository;

    quarantining a user or a computing device on the network; and

    rate-limiting data access by a user or computing device on the network; and

    logging one or more records documenting at least one respective instance of each of four or more of the following, but not necessarily in the same record;

    network activity;

    network changes;

    application log entries;

    syslog messages;

    attempts to access the data repository;

    attempts to access a document repository;

    attempts to access a record by which permissions defining who is authorized to access documents in the document repository are defined;

    attempts to access a database;

    orattempts to access a record by which permissions defining who is authorized to access database records are defined.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×