Distributed data search, audit and analytics
First Claim
1. A distributed system associated with an enterprise computing environment in which data servers are being monitored for insider attacks, the distributed system comprising:
- a set of client appliances distributed across the enterprise computing environment, wherein each client appliance is associated with a subset of the data servers being monitored for insider attacks;
a set of one or more server appliances, wherein each server appliance is associated with one or more client appliances of the set of client appliances; and
a control routine executed by a processor for receiving and executing a query across one or more server appliances, which query, in turn, is executed by each server appliance against the client appliances and their associated data servers, and, in response, returns a consolidated audit result.
11 Assignments
0 Petitions
Accused Products
Abstract
A system that comprises of a set of components that interact together to achieve large-scale distributed data auditing, searching, and analytics. Traditional systems require auditing data to be captured and centralized for analytics, which leads to scaling and bottleneck issues (both on network and processing side). Unlike these systems, the system described herein leverages the combination of distributed storage and intelligence, along with centralized policy intelligence and coordination, to allow for large-scale data auditing that scales. This architecture allows for data auditing in “billions” of events, unlike traditional architectures that struggled in the realm of “millions” of events.
35 Citations
8 Claims
-
1. A distributed system associated with an enterprise computing environment in which data servers are being monitored for insider attacks, the distributed system comprising:
-
a set of client appliances distributed across the enterprise computing environment, wherein each client appliance is associated with a subset of the data servers being monitored for insider attacks; a set of one or more server appliances, wherein each server appliance is associated with one or more client appliances of the set of client appliances; and a control routine executed by a processor for receiving and executing a query across one or more server appliances, which query, in turn, is executed by each server appliance against the client appliances and their associated data servers, and, in response, returns a consolidated audit result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMoghe, Pratyush
-
Application NumberUS12/755,912Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/1CPC Class CodesG06F 21/554 involving event detection a...H04L 63/1416 Event detection, e.g. attac...
