Information security implementations with extended capabilities
First Claim
1. A security system comprising:
- at least one central server coupled to a plurality of client computers and configured to;
provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the plurality of client computers, the trigger events defined by the configuration data as a function of a sensitivity level of the sensitive data and monitored data communications;
in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications therefrom;
restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data;
receive identified data from applications running on the plurality of client computers and that indicates an access of sensitive data matching the criteria indicated by the configuration data;
in response to the identified data indicating that a first trigger event occurred, determine whether or not the identified data indicates that a second trigger event occurred, wherein the first trigger event includes at least access of an external email address and the second trigger event includes at least use of a cut and paste operation; and
select and perform a security action based on the determination of the occurrence of the first and second trigger events, an association between the first and second trigger events, and a risk-level based on the association of the first and second trigger events.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices or methods provide for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers. A particular method relates to the execution of software code on the at least one central server to monitor data communications of the plurality of client computers for sensitive data. A subset of the data communications is restricted when sensitive data is detected. Configuration data is provided to each of the plurality of client computers. Software code is executed on each of the plurality of client computers to detect accesses to sensitive data by one or more applications running on a client computer. Actions of the one or more applications running on a client computer are monitored to determine whether or not a trigger event has occurred. In response to determining that the trigger event has occurred, a notification is sent.
-
Citations
21 Claims
-
1. A security system comprising:
at least one central server coupled to a plurality of client computers and configured to; provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the plurality of client computers, the trigger events defined by the configuration data as a function of a sensitivity level of the sensitive data and monitored data communications; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications therefrom; restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; receive identified data from applications running on the plurality of client computers and that indicates an access of sensitive data matching the criteria indicated by the configuration data; in response to the identified data indicating that a first trigger event occurred, determine whether or not the identified data indicates that a second trigger event occurred, wherein the first trigger event includes at least access of an external email address and the second trigger event includes at least use of a cut and paste operation; and select and perform a security action based on the determination of the occurrence of the first and second trigger events, an association between the first and second trigger events, and a risk-level based on the association of the first and second trigger events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
-
receiving, from the least one central server, configuration data that specifies characteristics for both nefarious software code and sensitive data; scanning, using a viral security program residing on a particular client computer of the plurality of client computers, file locations according to the characteristics specified by the configuration data; identifying, based upon results of the scanning, file locations containing sensitive data; in response to identifying the file locations, encapsulating data packets associated with the files stored in the file locations containing sensitive data to include tag data indicating a risk-level for the data packets; detecting in the encapsulated data packets, a first trigger event that is associated with access to the sensitive data by one or more applications running on the particular client computer, wherein the first trigger event includes at least access of an external email address, and detecting occurrence of a second trigger event including at least use of a cut and paste operation; and transmitting, in response to detecting the first and second trigger events, a notification to the at least one central server. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification