Social network security monitoring

US 10,491,623 B2
Filed: 01/09/2017
Issued: 11/26/2019
Est. Priority Date: 12/11/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing risk assessment data comprising:

receiving, a security analysis module and from a user device of one or more employees of a company, authorization to access security data, wherein the security data is private data that controls access to one or more social network profiles of the one or more employees of the company;

accessing, by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of the company;

determining, by the security analysis module, using a scoring algorithm, a security risk score for the company based on evaluating the security data associated with the one or more social network profiles of one or more employees of a company;

providing the determined security risk score to a user device of an entity associated with the company;

monitoring, on a continuous basis by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of a company for changes to the security data that alter a level of security to access the one or more social network profiles of the one or more employees of the company;

updating, by the security analysis module, the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company;

comparing, by the security analysis module, the updated security risk score to a risk score threshold;

generating, by the security analysis module, an alert based on the security risk score exceeding the risk score threshold;

providing, by the security analysis module, the alert to the user device of the employee of the company associated with the changes to the security data;

storing, for each of the updated security risk scores, the updated security risk score, a timestamp, the risk score threshold, and a reason for generating the updated security risk score;

generating, by the security analysis module, a historical list of security risk scores based on the stored updated security risk scores; and

providing the company access to the historical list of security risk scores via a social protection tool platform.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method includes security settings data associated with one or more profiles of a protected social entity on one or more social networks is scanned, and the security settings data associated with the one or more profiles of the protected social entity is assessed. A first security risk score for the protected social entity is determined based on the assessment of the security settings data, and the first security risk score is provided to the protected social entity.

Citations

17 Claims

1. A computer-implemented method for providing risk assessment data comprising:
- receiving, a security analysis module and from a user device of one or more employees of a company, authorization to access security data, wherein the security data is private data that controls access to one or more social network profiles of the one or more employees of the company;
  
  accessing, by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of the company;
  
  determining, by the security analysis module, using a scoring algorithm, a security risk score for the company based on evaluating the security data associated with the one or more social network profiles of one or more employees of a company;
  
  providing the determined security risk score to a user device of an entity associated with the company;
  
  monitoring, on a continuous basis by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of a company for changes to the security data that alter a level of security to access the one or more social network profiles of the one or more employees of the company;
  
  updating, by the security analysis module, the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company;
  
  comparing, by the security analysis module, the updated security risk score to a risk score threshold;
  
  generating, by the security analysis module, an alert based on the security risk score exceeding the risk score threshold;
  
  providing, by the security analysis module, the alert to the user device of the employee of the company associated with the changes to the security data;
  
  storing, for each of the updated security risk scores, the updated security risk score, a timestamp, the risk score threshold, and a reason for generating the updated security risk score;
  
  generating, by the security analysis module, a historical list of security risk scores based on the stored updated security risk scores; and
  
  providing the company access to the historical list of security risk scores via a social protection tool platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - determining one or more changes to the security data that lowers the updated security risk score; and
      
      providing, to a user device of the employee associated with the changes to the security data, one or more changes to the security data that lowers the updated security risk score.
  - 3. The method of claim 1, wherein updating the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company comprises, updating the security risk score for the company based on security policy changes made by a social network.
  - 4. The method of claim 1 wherein updating the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company comprises, updating the security risk score for the company based on changes made by one or more of the employees.
  - 5. The method of claim 1 wherein determining a security risk score for the company based on evaluating the security data associated with one or more social network profiles of one or more employees of a company using a scoring algorithm comprises;
    - determining a security risk score for each of the one or more employees of the company using a first scoring algorithm; and
      
      determining the security risk score for the company based on a weighted average of the security risk scores for each of the one or more employees of the company.
  - 6. The method of claim 1 further comprising:
    - receiving from the entity associated with the company, one or more profile attributes to monitor; and
      
      monitoring the one or more profiles of the employees of the company for changes to the one or more profile attributes.
  - 7. The method of claim 6 further comprising:
    - identifying a change to one or more of the profile attributes; and
      
      based on identifying a change, generating an alert to the entity associated with the company.

8. A system comprising:
- one or more processing devices; and
  
  one or more non-transitory computer-readable media coupled to the one or more processing devices having instructions stored thereon which, when executed by the one or more processing devices, cause the one or more processing devices to perform operations comprising;
  
  receiving, by a security analysis module and from a user device of one or more employees of a company, authorization to access security data, wherein the security data is private data that controls access to one or more social network profiles of the one or more employees of the company;
  
  accessing, by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of the company;
  
  determining, by the security analysis module, using a scoring algorithm, a security risk score for the company based on evaluating the security data associated with the one or more social network profiles of one or more employees of a company;
  
  providing the determined security risk score to a user device of an entity associated with the company;
  
  monitoring, on a continuous basis by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of a company for changes to the security data that alters a level of security to access the one or more social network profiles of the one or more employees of the company;
  
  updating, by the security analysis module, the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company;
  
  comparing, by the security analysis module, the updated security risk score to a risk score threshold;
  
  generating, by the security analysis module, an alert based on the security risk score exceeding the risk score threshold;
  
  providing, by the security analysis module, the alert to the user device of the employee of the company associated with the changes to the security data;
  
  storing, for each of the updated security risk scores, the updated security risk score, a timestamp, the risk score threshold, and a reason for generating the updated security risk score;
  
  generating, by the security analysis module, a historical list of security risk scores based on the stored updated security risk scores; and
  
  providing the company access to the historical list of security risk scores via a social protection tool platform.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 further comprising:
    - determining one or more changes to the security data that lowers the updated security risk score; and
      
      providing, to a user device of the employee associated with the changes to the security data, one or more changes to the security data that lowers the security risk score.
  - 10. The system of claim 8 wherein updating the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company comprises, updating the security risk score for the company based security policy on changes made by a social network.
  - 11. The system of claim 8 wherein updating the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company comprises, updating the security risk score for the company based on changes made by one or more of the employees.
  - 12. The system of claim 8 wherein determining a security risk score for the company based on evaluating the security data associated with one or more social network profiles of one or more employees of a company using a scoring algorithm comprises;
    - determining a security risk score for each of the one or more employees of the company using a first scoring algorithm; and
      
      determining the security risk score for the company based on a weighted average of the security risk scores for each of the one or more employees of the company.
  - 13. The system of claim 8 further comprising:
    - receiving from the entity associated with the company, one or more profile attributes to monitor; and
      
      monitoring the one or more profiles of the employees of the company for changes to the one or more profile attributes.
  - 14. The system of claim 13 further comprising:
    - identifying a change to one or more of the profile attributes; and
      
      based on identifying a change, generating an alert to the entity associated with the company.

15. A non-transitory computer-readable storage medium storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
- receiving, by a security analysis module and from a user device of one or more employees of a company, authorization to access security data, wherein the security data is private data that controls access to one or more social network profiles of the one or more employees of the company;
  
  accessing, by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of the company;
  
  determining, by the security analysis module, using a scoring algorithm, a security risk score for the company based on evaluating the security data associated with the one or more social network profiles of one or more employees of a company;
  
  providing the determined security risk score to a user device of an entity associated with the company;
  
  monitoring, on a continuous basis by the security analysis module, the security data associated with the one or more social network profiles of one or more employees of a company for changes to the security data that alter a level of security to access the one or more social network profiles of the one or more employees of the company;
  
  updating, by the security analysis module, the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company;
  
  comparing, by the security analysis module, the updated security risk score to a risk score threshold;
  
  generating, by the security analysis module, an alert based on the security risk score exceeding the risk score threshold;
  
  providing, by the security analysis module, the alert to the user device of the employee of the company associated with the changes to the security data;
  
  storing, for each of the updated security risk scores, the updated security risk score, a timestamp, the risk score threshold, and a reason for generating the updated security risk score;
  
  generating, by the security analysis module, a historical list of security risk scores based on the stored updated security risk scores; and
  
  providing the company access to the historical list of security risk scores via a social protection tool platform.
- View Dependent Claims (16, 17)
- - 16. The medium of claim 15 further comprising:
    - determining one or more changes to the security data that lowers the security risk score; and
      
      providing, to a user device of the employee associated with the changes to the security data, one or more changes to the security data that lowers the updated security risk score.
  - 17. The medium of claim 15 wherein updating the security risk score for the company based on identifying changes to the security data associated with the one or more social network profiles of the one or more employees of the company comprises, updating the security risk score for the company based on changes made by a social network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZeroFOX, Inc. (ZeroFox Holdings, Inc.)
Original Assignee
ZeroFOX, Inc. (ZeroFox Holdings, Inc.)
Inventors
Foster, James C., Blair, Evan, Cullison, Christopher B., Francis, Robert
Primary Examiner(s)
Leung, Robert B
Assistant Examiner(s)
Ho, Thomas

Application Number

US15/401,691
Publication Number

US 20170126732A1
Time in Patent Office

1,051 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/102   Entity profiles

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Social network security monitoring

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Social network security monitoring

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links