System and method for monitoring computing servers for possible unauthorized access
First Claim
1. A system, comprising:
- one or more Voice-over-Internet Protocol (VoIP) servers, each configured and arranged to provide respective VoIP services to remote users; and
a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to;
analyze data transactions of at least one VoIP sever, of the one or more VoIP servers, for one or more characteristics that are indicative of unauthorized access including data indicative of at least one possible call loop;
based on the data indicative of at least one possible call loop and other data indicative of frequency of data transactions, determine a threat level as function of the one or more characteristics of the data transactions and conditions of a security policy of a user account associated with the at least one VoIP server including whether the data indicative of at least one possible call loop corresponds to an actual call loop, the security policy including the one or more characteristics indicative of the unauthorized access and a threshold level that is based on the characteristics and the conditions; and
perform, in response to the threat level exceeding the threshold level, an action for the user account that is associated with the threshold level exceeded.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is provided that includes one or more computing servers and a processing circuit for analyzing data transactions of the computing servers. Each of the computing servers is configured to provide respective services to remote users. The processing circuit is configured to analyze data transactions of at least one of the computing servers, which is associated with a user account. A security policy of the user account includes conditions that are indicative of unauthorized access when the conditions are satisfied by various characteristics of the analyzed data transactions. The processing circuit is configured to determine a threat level as function of the characteristics of the data transactions and the conditions of the security policy. In response to the threat level exceeding a first threshold level indicated in the security policy of the user account, the processing circuit performs an action for the user account that is associated with the first threshold level.
34 Citations
18 Claims
-
1. A system, comprising:
-
one or more Voice-over-Internet Protocol (VoIP) servers, each configured and arranged to provide respective VoIP services to remote users; and a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to; analyze data transactions of at least one VoIP sever, of the one or more VoIP servers, for one or more characteristics that are indicative of unauthorized access including data indicative of at least one possible call loop; based on the data indicative of at least one possible call loop and other data indicative of frequency of data transactions, determine a threat level as function of the one or more characteristics of the data transactions and conditions of a security policy of a user account associated with the at least one VoIP server including whether the data indicative of at least one possible call loop corresponds to an actual call loop, the security policy including the one or more characteristics indicative of the unauthorized access and a threshold level that is based on the characteristics and the conditions; and perform, in response to the threat level exceeding the threshold level, an action for the user account that is associated with the threshold level exceeded. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for use with one or more Voice-over-Internet Protocol (VoIP) servers that are each configured and arranged to provide respective VoIP services to remote users, the method comprising:
using a processing circuit communicatively-coupled to the one or more VoIP servers to monitor unauthorized access by; analyzing data transactions of at least one VoIP sever, of the one or more VoIP servers, for one or more characteristics that are indicative of unauthorized access including data indicative of at least one possible call loop, the at least one VoIP server being associated with a user account; based on the data indicative of at least one possible call loop and other data indicative of frequency of data transactions, determining a threat level as function of the one or more characteristics of the data transactions and conditions of a security policy of the user account including whether the data indicative of at least one possible call loop corresponds to an actual call loop, the security policy including the one or more characteristics indicative of the unauthorized access and a plurality of threshold levels that are based on the characteristics and the conditions; and performing, in response to the threat level exceeding a first threshold level of the plurality threshold levels, an action for the user account that is associated with the threshold level exceeded. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
Specification