Unobtrusive protection for large-scale data breaches utilizing user-specific data object access budgets
First Claim
1. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors of an electronic device, cause the electronic device to implement a security gateway to perform operations for unobtrusively protecting against large-scale data breaches over time, wherein the security gateway is to be communicatively coupled between a plurality of client end stations and one or more servers that store and serve a plurality of files, the operations comprising:
- receiving, from one or more of the plurality of client end stations during one or more time periods, a plurality of file access requests sent on behalf of a plurality of users belonging to an enterprise, wherein the plurality of file access requests seek access to one or more of the plurality of files stored by the one or more servers, wherein each of the plurality of file access requests includes an immutable identifier of one of the files, wherein each of the plurality of users is allocated a budget for each of the one or more time periods;
for each file access request of the plurality of file access requests, performing the following;
determining an access cost for the file access request based on characteristics of the file access request, wherein lower access costs are indicative of file access requests that are part of expected file access consumption for the plurality of users belonging to the enterprise, andcharging the determined access cost against the budget for that user corresponding to the one of the one or more time periods when the file access request was received; and
transmitting alert messages, but not preventing either a transmission of the plurality of file access requests to the one or more servers or further but different security-related analysis of the plurality of file access requests by the security gateway, based on different ones of the plurality of users exceeding their respective budgets.
5 Assignments
0 Petitions
Accused Products
Abstract
Techniques for unobtrusively protecting against large-scale data breaches over time are described. A security gateway coupled between clients and servers receives data object (DO) access requests from the clients on behalf of users of an enterprise. Each of the users is allocated a budget for each of one or more time periods. The security gateway determines an access cost for each DO access request based on characteristics of the DO request, where lower access costs are indicative expected DO access consumption for users of the enterprise, and charges the determined access cost against the budget for that user corresponding to the time period when the DO access request was received. Alert messages are transmitted based on different ones of the users exceeding their budget(s), and the transmission of the DO access requests to the data object servers is not prevented.
-
Citations
20 Claims
-
1. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors of an electronic device, cause the electronic device to implement a security gateway to perform operations for unobtrusively protecting against large-scale data breaches over time, wherein the security gateway is to be communicatively coupled between a plurality of client end stations and one or more servers that store and serve a plurality of files, the operations comprising:
-
receiving, from one or more of the plurality of client end stations during one or more time periods, a plurality of file access requests sent on behalf of a plurality of users belonging to an enterprise, wherein the plurality of file access requests seek access to one or more of the plurality of files stored by the one or more servers, wherein each of the plurality of file access requests includes an immutable identifier of one of the files, wherein each of the plurality of users is allocated a budget for each of the one or more time periods; for each file access request of the plurality of file access requests, performing the following; determining an access cost for the file access request based on characteristics of the file access request, wherein lower access costs are indicative of file access requests that are part of expected file access consumption for the plurality of users belonging to the enterprise, and charging the determined access cost against the budget for that user corresponding to the one of the one or more time periods when the file access request was received; and transmitting alert messages, but not preventing either a transmission of the plurality of file access requests to the one or more servers or further but different security-related analysis of the plurality of file access requests by the security gateway, based on different ones of the plurality of users exceeding their respective budgets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a first set of one or more computing devices that implement one or more servers that store and serve a plurality of files; and a second set of one or more computing devices that implement a security gateway that is to be communicatively coupled between a plurality of client end stations and the one or more servers, comprising; one or more processors; and a non-transitory computer readable medium storing instructions which, when executed by the one or more processors, cause the security gateway to perform operations for unobtrusively protecting against large-scale data breaches over time, the operations comprising; receiving, from one or more of the plurality of client end stations during one or more time periods, a plurality of file access requests sent on behalf of a plurality of users belonging to an enterprise, wherein the plurality of file access requests seek access to one or more of the plurality of files stored by the one or more servers, wherein each of the plurality of file access requests includes an immutable identifier of one of the files, wherein each of the plurality of users is allocated a budget for each of the one or more time periods; for each file access request of the plurality of file access requests, performing the following; determining an access cost for the file access request based on characteristics of the file access request, wherein lower access costs are indicative of file access requests that are part of expected file access consumption for the plurality of users belonging to the enterprise, and charging the determined access cost against the budget for that user corresponding to the one of the one or more time periods when the file access request was received; and transmitting alert messages, but not preventing either a transmission of the plurality of file access requests to the one or more servers or further but different security-related analysis of the plurality of file access requests by the security gateway, based on different ones of the plurality of users exceeding their respective budgets. - View Dependent Claims (19, 20)
-
Specification