System and method for the analysis of email traffic
First Claim
1. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
- (a) intercepting email communications in the organisation'"'"'s computer network;
(b) copying header information and any attachment information of each intercepted email communication;
(c) allowing the email communication to proceed to its desired destination;
(d) storing the header information and the attachment information where available in network memory;
(e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
(g) generating a report based on the analysis of the intercepted email communications header and available attachment information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for the analysis of email traffic in a computer network comprising a mail server computer (2) and a plurality of remote employee computers (3) connected to the mail server computer. Email communications are sent and received at each of the employee computers via the mail server computer. The header information and any available attachment information of each email communication are copied and analysis on the header and attachment information is carried out. Reports based on the analysis of the header and attachment information are generated for review by a system administrator. Any unauthorised communications are brought to the attention of the system administrator. Reports on the usage of email by the organisation'"'"'s entire workforce may be generated. In this way an analysis of email communication may be carried out without reviewing the actual content of each individual email.
-
Citations
91 Claims
-
1. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
-
(a) intercepting email communications in the organisation'"'"'s computer network;
(b) copying header information and any attachment information of each intercepted email communication;
(c) allowing the email communication to proceed to its desired destination;
(d) storing the header information and the attachment information where available in network memory;
(e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
(g) generating a report based on the analysis of the intercepted email communications header and available attachment information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 63, 64, 65, 66, 88, 89, 90, 91)
-
-
22. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
-
(a) intercepting email communications in the organisation'"'"'s computer network;
(b) copying header information comprising one or more of a sender address, receiver address, time sent details and subject details where available from the header information, and copying any attachment information of each intercepted email communication;
(c) allowing the email communication to proceed to its desired destination;
(d) storing the header information and the attachment information where available in network memory;
(e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
(g) generating a report based on the analysis of the intercepted email communications header and available attachment information. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
-
(a) Considering the position of an employee within the organisation as well as the department in which the employee is working before allocating a user profile to each organisation employee, the user profile detailing acceptable email communications including one or more of;
—(i) predetermined acceptable incoming and outgoing traffic volume levels;
(ii) predetermined acceptable incoming and outgoing content types; and
(iii) predetermined acceptable incoming and outgoing communication addresses (b) intercepting email communications in the organisation'"'"'s computer network;
(c) copying header information and any attachment information of each intercepted email communication;
(d) allowing the email communication to proceed to its desired destination;
(e) storing the header information and the attachment information where available in network memory;
(f) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(g) analysing the intercepted email communications header and any available attachment information in accordance with the user profile; and
(h) generating a report based on the analysis of the intercepted email communications header and available attachment information. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a plurality of mail server computers, each mail server computer having a plurality of remote employee computers operable by an organisation employee associated therewith, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting each mail server to its associated remote employee computer, the method comprising the steps of:
-
(a) appointing one of the mail servers as a master mail server and the remainder of the mail servers as slave mail servers;
(b) intercepting email communications at each mail server in the organisation'"'"'s computer network;
(c) copying header information and any attachment information of each intercepted email communication;
(d) allowing the email communication to proceed to its desired destination;
(e) storing the header information and the attachment information where available in network memory;
(f) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(g) analysing the intercepted email communications header and any available attachment information in accordance with the user profile;
(h) generating a report based on the analysis of the intercepted email communications header and available attachment information at each mail server;
(i) each of the slave mail servers sending a generated report to the master mail server; and
(j) the master mail server generating an organisation computer network email communication report. - View Dependent Claims (49, 50, 51, 52, 53, 54)
-
-
55. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
-
(a) intercepting email communications in the organisation'"'"'s computer network;
(b) copying header information and any attachment information of each intercepted email communication;
(c) allowing the email communication to proceed to its desired destination;
(d) storing the header information and the attachment information where available in network memory;
(e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile;
(g) defining alarm conditions based on variants of traffic having regard to the user profile; and
(h) generating a report based on the analysis of the intercepted email communications header and available attachment information and on predetermined alarm conditions being met, generating an alert to a system administrator. - View Dependent Claims (56, 57, 58, 59, 60)
-
-
61. A method of non-intrusive analysis of email communications in an organisation'"'"'s computer network, the organisation'"'"'s computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and network memory having user profiles relating to each organisation employee stored thereon, a telecommunications network connecting the mail server and the remote employee computers, the method comprising the steps of:
-
(a) intercepting email communications in the organisation'"'"'s computer network;
(b) copying header information and any attachment information of each intercepted email communication;
(c) allowing the email communication to proceed to its desired destination;
(d) storing the header information and the attachment information where available in network memory;
(e) retrieving at least one user profile relevant to the intercepted email communication from network memory;
(f) analysing the intercepted email communications header and any available attachment information in accordance with the user profile;
(g) checking each attachment to see if it is compressed and any compressed attachments have their compression percentage calculated by;
(i) measuring the size of the compressed attachment;
(ii) decompressing the attachment into its decompressed state, calculating the size of the decompressed attachment;
(iii) calculating the compression percentage of the attachment by dividing the size of the attachment in its compressed state by the size of the attachment in its uncompressed state; and
(h) generating a report based on the analysis of the intercepted email communications header and available attachment information. - View Dependent Claims (62)
-
-
67. A system for non-intrusive analysis of email communications in an organisation'"'"'s computer network, the computer network comprising a mail server computer, a plurality of remote employee computers operable by an organisation employee, and a telecommunications network connecting the mail server and the remote employee computers and there is additionally provided:
-
(a) a network memory having user profiles relating to each employee stored thereon;
(b) an interceptor for intercepting an email communication in the organisation'"'"'s computer network;
(c) means to copy the header information and the attachment information of an intercepted email communication before allowing the email communication proceed to its desired destination;
(d) memory for storage of the header and attachment information;
(e) means to retrieve the user profile relevant to the intercepted email communication from network memory;
(f) an email analyser for analysing the header and attachment information in accordance with the user profile; and
(g) means to generate a report based on the analysis of the intercepted email communications header and possible attachment information. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
-
-
85. A system for non-intrusive analysis of email communications in an organisation'"'"'s computer network, the computer network comprising a plurality of mail server computers, one of the mail server computers being nominated as a master mail server computer and the remainder mail server computers being nominated as slave mail server computers, and a plurality of remote employee computers operable by an organisation employee associated with each mail server computer, and a telecommunications network connecting each mail server computer to its associated remote employee computers, the computer network further comprising network memory having user profiles relating to each employee stored thereon, the system comprising:
-
(a) an interceptor for intercepting an email communication in the organisations computer network;
(b) means to copy the header information and the attachment information of an intercepted email communication before allowing the email communication to proceed to its desired destination;
(c) memory for storage of the header and attachment information;
(d) means to retrieve at least one user profile relevant to the intercepted email communication from network memory;
(e) a processor for analysing the header and attachment information in accordance with the user profile;
(f) means to generate a report based on the analysis of the intercepted email communications header and available attachment information;
(g) each of the slave mail servers having a transmitter for transmitting a generated report to the master mail server; and
(h) the master mail server having a receiver for receiving a generated report from each of the slave mail servers for subsequent processing. - View Dependent Claims (86, 87)
-
Specification