METHODS AND SYSTEMS FOR DETECTING SUSPECTED DATA LEAKAGE USING TRAFFIC SAMPLES
First Claim
1. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising:
- receiving a packet from a networked device of the plurality of networked devices;
determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic;
analyzing the payload data of the sampled traffic data;
determining, by a data loss detector, whether sensitive data is detected in the payload data of the sampled traffic data based on the analysis; and
performing a remedial action in response to determining that sensitive data is detected.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for detecting suspected data leakage in a network that includes a plurality of networked devices is described herein. A packet is received from a networked device of the plurality of networked devices. It is determined that the packet includes sampled traffic data. The sampled traffic data includes a sample of a packet constituting network traffic through the networked device, and the sample includes payload data from the packet constituting network traffic. The payload data of the sampled traffic data is analyzed. It is determined whether sensitive data is detected in the payload data of the sampled traffic data.
25 Citations
15 Claims
-
1. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising:
-
receiving a packet from a networked device of the plurality of networked devices; determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic; analyzing the payload data of the sampled traffic data; determining, by a data loss detector, whether sensitive data is detected in the payload data of the sampled traffic data based on the analysis; and performing a remedial action in response to determining that sensitive data is detected. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising:
-
accessing validation data provided by an entity authorized to issue social security numbers; updating, by a data loss detector, a list of valid social security codes based on the validation data; receiving a packet from a networked device of the plurality of networked devices; determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic; determining whether a number comprising a social security candidate is detected in the payload data; validating a plurality of digits of the number based on the list of valid social security codes; and determining sensitive data is detected where the plurality of digits is validated. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for detecting suspected data leakage in a network including a plurality of networked devices, the system comprising:
-
a data collector configured to receive a sampled traffic datagram from a sampling agent of a networked device of the plurality of networked devices, the sampled traffic datagram comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet; and a data loss detector coupled to the data collector, the data loss detector configured to decode the sampled traffic datagram, analyze the payload data of the sampled traffic datagram, and determine whether sensitive data is detected in the payload data of the sampled traffic datagram. - View Dependent Claims (12, 13, 14, 15)
-
Specification