Graphical user interface based sensitive information and internal information vulnerability management system

US 20060272024A1
Filed: 05/09/2006
Published: 11/30/2006
Est. Priority Date: 05/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method to monitor and control a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the method comprising:

retrieving security information from a first endpoint of the plurality of endpoints;

responding to a user input, displaying the first endpoint, comprising;

determining a security level for the first endpoint based on the security information, and displaying the first endpoint based on the security level;

responding to a user input, displaying a view of the first endpoint, the view comprises at least one selected from a group of;

one of the plurality of I/O devices associated with the first endpoint visually attached to the first endpoint, one of the plurality of sensitive documents associated with the first endpoint, and a violation of the security policy associated with the first endpoint; and

responding to a user input, display a view of a sensitive document, comprising;

determining a movement history trace of the sensitive document based on the security information, and displaying the view of the sensitive document based at least in part on the movement history trace.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provides a graphical user interface (GUI) for users to monitor and manage sensitive information within an enterprise network. The GUI can provide users with information, such as the presence of input/output devices (I/O device), the location of documents containing sensitive information (sensitive documents), and the status of local security policy. The GUI can also provide users with real-time information, such as the occurrence of local security policy violations, the life-cycle of sensitive documents, and the sensitive information dynamic flow within the enterprise network.

165 Citations

10 Claims

1. A method to monitor and control a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the method comprising:
- retrieving security information from a first endpoint of the plurality of endpoints;
  
  responding to a user input, displaying the first endpoint, comprising;
  
  determining a security level for the first endpoint based on the security information, and displaying the first endpoint based on the security level;
  
  responding to a user input, displaying a view of the first endpoint, the view comprises at least one selected from a group of;
  
  one of the plurality of I/O devices associated with the first endpoint visually attached to the first endpoint, one of the plurality of sensitive documents associated with the first endpoint, and a violation of the security policy associated with the first endpoint; and
  
  responding to a user input, display a view of a sensitive document, comprising;
  
  determining a movement history trace of the sensitive document based on the security information, and displaying the view of the sensitive document based at least in part on the movement history trace.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the security information comprises static sensitive information and dynamic sensitive information, the static sensitive information comprising at least one selected from a group of:
    - information about documents containing the sensitive information residing in the first endpoint, information about I/O devices connected to the first endpoint, and information about the security policies in the first endpoint, the dynamic sensitive information comprising at least one selected from a group of;
      
      information about current users of the first endpoint, and information about sensitive documents in motion.
  - 3. The method of claim 2, wherein retrieving security information further comprising:
    - transmitting a request to the first endpoint; and
      
      receiving static sensitive information and dynamic sensitive information from the first endpoint.
  - 4. The method of claim 2, wherein retrieving security information further comprising:
    - receiving static sensitive information periodically;
      
      transmitting a request to the first endpoint; and
      
      receiving dynamic sensitive information and updating static sensitive information from the first endpoint, the updating static sensitive information describing the static sensitive information changes in the first endpoint comparing to the most recently received static sensitive information.
  - 5. The method of claim 1, wherein the view of the first endpoint comprises at least one selected from a group of:
    - list, bar chart, and pie chart.
  - 6. The method of claim 1, further comprising:
    - responding to a user input, conducting at least one operation selected from a group of;
      
      modifying the security policies in the first endpoint;
      
      disconnecting one of the plurality of I/O devices from the first endpoint;
      
      disconnecting the first endpoint from the network access;
      
      interrupting an operation in the first endpoint, the operation being related to one of the plurality of sensitive documents; and
      
      shutting down the first endpoint.
  - 7. The method of claim 1, wherein the view of the first endpoint is displayed as a visualization of the first endpoint.
  - 8. The method of claim 1, wherein the first endpoint comprises fixed storage and removable storage.

9. A computer-implemented network sensitive information management system for monitoring and controlling sensitive information in a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the system comprising:
- a scan module for scanning the plurality of endpoints and retrieve security information, the security information comprising information about the plurality of sensitive documents, the security policy, and the plurality of I/O devices, the scanning conducted at predefined intervals;
  
  a match module for determining whether a document is a sensitive document by matching the content of the document with prestored content identified as sensitive;
  
  a trace module for aggregating tracing information of a sensitive document based on the security information from one or more of the plurality of endpoints; and
  
  a graphical user interface module for displaying information regarding the sensitive information in a window, the window comprising at least one selected from a group consisting of;
  
  a first display area for displaying the plurality of endpoints, a second display area, visually distinguished from the first display area, for displaying information of one of the plurality of endpoints, and a third display area, visually distinguished from the first and second display areas, for displaying tracing information of the sensitive document.

10. A user interface for a computer program for monitoring sensitive information in a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the user interface comprising:
- a first display area for displaying the plurality of endpoints, each endpoint including one or more display characters;
  
  a second display area, visually distinguished from the first display area, for displaying a view of one of the plurality of endpoints, the view comprises at least one selected from a group consisting of;
  
  one of the plurality of I/O devices associated with the first endpoint, one of the plurality of sensitive documents associated with the first endpoint, and a violation of the security policy associated with the first endpoint;
  
  a third display area, visually distinguished from the first and second display areas, for displaying a view of a sensitive document, the view comprising a trace of the sensitive document; and
  
  an executable process, the executive process receiving a user input, receiving security information from one of the plurality of endpoints, determining the content of a display area, and displaying the content in the display area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Huang, Shu, Ren, Liwei, Huang, Fei, Dong, Aiguo

Granted Patent

US 8,140,664 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/105   Multiple levels of security

H04L 67/535   Tracking the activity of th...

Graphical user interface based sensitive information and internal information vulnerability management system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

165 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Graphical user interface based sensitive information and internal information vulnerability management system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others