MONITORING AND REPORTING OF DATA ACCESS BEHAVIOR OF AUTHORIZED DATABASE USERS
First Claim
1. A computer-implemented method of monitoring user activity in a database system, the method comprising:
- recording data access events associated with a user accessing data maintained by the database system, resulting in recorded events;
comparing characteristics of the recorded events for a designated period of time to corresponding characteristics of a nominal event activity profile for the designated period of time; and
initiating a course of action when the characteristics of the recorded events diverge from the nominal event activity profile.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented system and method of monitoring data access activity of a user of a system is presented here. The method maintains a respective score for each of a plurality of monitored data access events, resulting in a set of scores for the user. The method continues by monitoring behavior of the user to detect occurrences of the monitored data access events, and updating the set of scores in response to detected occurrences of the monitored data access events. The method initiates an appropriate course of action when the updated set of scores is indicative of unauthorized, suspicious, or illegitimate data access activity.
107 Citations
20 Claims
-
1. A computer-implemented method of monitoring user activity in a database system, the method comprising:
-
recording data access events associated with a user accessing data maintained by the database system, resulting in recorded events; comparing characteristics of the recorded events for a designated period of time to corresponding characteristics of a nominal event activity profile for the designated period of time; and initiating a course of action when the characteristics of the recorded events diverge from the nominal event activity profile. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method of monitoring data access activity of a user of a system, the method comprising:
-
maintaining a respective score for each of a plurality of monitored data access events, resulting in a set of scores for the user; monitoring behavior of the user to detect occurrences of the monitored data access events; updating the set of scores in response to detected occurrences of the monitored data access events, resulting in an updated set of scores; and initiating a course of action when the updated set of scores is indicative of unauthorized data access activity. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A database system comprising:
-
a database to store data accessible by a user; a data access monitor operatively associated with the database, wherein the monitor checks activity of the user associated with access to the database; a scoring engine operatively associated with the data access monitor, wherein the scoring engine maintains a set of scores for a plurality of monitored data access events; a decision engine operatively associated with the scoring engine, wherein the decision engine compares the set of scores to a nominal event activity profile for the user; and a response initiator operatively associated with the decision engine, wherein the response initiator initiates at least one security measure when the decision engine determines that the set of scores is indicative of unauthorized data access activity. - View Dependent Claims (19, 20)
-
Specification