Reviewing effectiveness of communication rules system

US 7,734,754 B2
Filed: 12/28/2005
Issued: 06/08/2010
Est. Priority Date: 12/28/2005
Status: Active Grant

First Claim

Patent Images

1. A computerized method executable by a processor of a computing device for evaluating a rules system, said rules system applying one or more rules to communication traffic of a group of users for conforming the communication traffic to a communications policy, said method comprising:

analyzing a log containing one or more communications previously reviewed by the rules system to determine if the previously reviewed communications in the log conforms to the communications policy, said analyzing comprising determining at least one of the previously viewed communications that is a non-conforming communication which does not conform with the communications policy;

identifying one or more of the rules of the rules system violated by the non-conforming communication;

analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the communications in the log to the communications policy;

determining modifications to the rules system to facilitate conformance of the communication traffic to the communications policy;

applying the determined modifications to the rules system to create a modified rules system;

testing the modified rules system and the rules system on the communications in the log with test communications without applying the modified rules system to new communications;

determining effectiveness of the modified rules system and of the rules system to conform the test communications to the communication policy, said determining effectiveness comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the rules system; and

utilizing the modified rules system after determining effectiveness and as a function of the evaluated aggregation risk metric.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for reviewing effectiveness of a rules system applying one or more rules to communication traffic of a group of users. The method analyzes a log containing one or more communications reviewed by the rules system to determine if the communications in the log conforms to the communications policy. The method also identifies one or more of the rules of the rules system violated by the communications when the analyzing the log determines that at least one of the communications in the log does not conform to the communications policy. Other methods determine the effectiveness of planned modifications to a rules system.

53 Citations

View as Search Results

15 Claims

1. A computerized method executable by a processor of a computing device for evaluating a rules system, said rules system applying one or more rules to communication traffic of a group of users for conforming the communication traffic to a communications policy, said method comprising:
- analyzing a log containing one or more communications previously reviewed by the rules system to determine if the previously reviewed communications in the log conforms to the communications policy, said analyzing comprising determining at least one of the previously viewed communications that is a non-conforming communication which does not conform with the communications policy;
  
  identifying one or more of the rules of the rules system violated by the non-conforming communication;
  
  analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the communications in the log to the communications policy;
  
  determining modifications to the rules system to facilitate conformance of the communication traffic to the communications policy;
  
  applying the determined modifications to the rules system to create a modified rules system;
  
  testing the modified rules system and the rules system on the communications in the log with test communications without applying the modified rules system to new communications;
  
  determining effectiveness of the modified rules system and of the rules system to conform the test communications to the communication policy, said determining effectiveness comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the rules system; and
  
  utilizing the modified rules system after determining effectiveness and as a function of the evaluated aggregation risk metric.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A computerized method as set forth in claim 1 wherein said determining modifications comprises at least one of adding an additional rule, deleting a rule, and modifying an existing rule.
  - 3. A computerized method as set forth in claim 1 further comprising identifying one or more violating rules of the modified rules system during the testing when at least one of the test communications do not conform to the communications policy.
  - 4. A computerized method as set forth in claim 1 further comprising collecting the log from the communication traffic of a group of users subject to the communications policy.
  - 5. A computerized method as set forth in claim 4 wherein said collecting the log from the communication traffic comprises collecting at least one of an electronic-mail communication log, an instant messaging communication log, and a file transfer protocol communication log.

6. A computerized method executable by a processor of a computing device for evaluating planned modifications to an unmodified rules system, said unmodified rules system applying one or more rules to communication traffic of a group of users for conforming the communication traffic to a communications policy, said method comprising:
- determining modifications to the rules applied by the unmodified rules system, said modified rules facilitating conformance of the communication traffic to the communications policy;
  
  applying said determined modifications to the unmodified rules system to create a modified rules system;
  
  testing the modified rules system and the unmodified rules system on an identical portion of the communication traffic, said communication traffic previously reviewed by the unmodified rules system; and
  
  determining effectiveness of the modified rules system and of the unmodified rules system to conform the identical portion of the communication traffic to the communications policy based upon the testing, said determining effectiveness further comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the unmodified rules system.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. A computerized method as set forth in claim 6 wherein said determining effectiveness of the modified rules system further comprises selecting a particular user, and at least one of determining one or more allowable communications of said selected user under the modified rules system, and determining one or more prohibited communications of said user under the modified rules system.
  - 8. A computerized method as set forth in claim 6 wherein said determining effectiveness further comprises:
    - selecting a particular communication of the communication traffic; and
      
      determining at least one of if the selected communication is prohibited under the modified rules system and if the selected communication is allowable under the modified rules system.
  - 9. A computerized method as set forth in claim 8 further comprising:
    - identifying at least one of the rules of the modified rules system prohibiting the selected communication if the selected communication is prohibited under the modified rules system; and
      
      identifying the at least one of the rules of the modified rules system allowing the selected communication if the selected communication is allowable under the modified rules system.
  - 10. A computerized method as set forth in claim 9 further comprising:
    - determining modifications to the rules applied by the modified rules system facilitating allowance of the selected communication if the selected communication is prohibited under the modified rules system; and
      
      determining modifications to the rules applied by the modified rules system facilitating prohibition of the selected communication if the selected communication is allowable under the modified rules system.
  - 11. A computerized method as set forth in claim 6 further comprising:
    - identifying one or more of the rules of the modified rules system violated by the communication traffic as violating the communication policy if the determining effectiveness of the modified rules system determines that the communication traffic does not conform to the communications policy;
      
      analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the communication traffic to the communications policy; and
      
      determining further modifications to the modified rules applied by the modified rules system facilitating conformance of the communication traffic to the communications policy.
  - 12. A computerized method as set forth in claim 6 further comprising collecting a log containing at least a portion of the communication traffic of a group of users subject to the communications policy and wherein determining the effectiveness of the modified rules system comprises applying both the unmodified rules system and the modified rules system to the log and comparing the results.
  - 13. A computerized method as set forth in claim 12 wherein said collecting the log from the communication traffic comprises collecting at least one of an electronic mail communication log, an instant messaging communication log, and a file transfer protocol communication log.

14. A control system for reviewing effectiveness of a rules system, said rules system applying one or more rules to communication traffic of a group of users, said rules being adapted for conforming the communication traffic to a communications policy, said control system comprising:
- a memory area having stored thereon;
  
  a rules store containing a copy of one or more rules applied by the rules system; and
  
  a communications store for collecting one or more communications previously reviewed by the rules system; and
  
  a processor configured to execute computer-executable instructions for accessing the memory area for;
  
  analyzing the communications of the communications store to determine if the previously reviewed communications conform to the communications policy, said analyzing comprising determining at least one of the previously viewed communications that is not in conformance with the communications policy;
  
  identifying, as a function of the non-conforming communication, one or more of the rules of the rules system in violation of the communications policy;
  
  analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the non-conforming communications in the log to the communications policy;
  
  determining modifications to the rules applied by the rules system to facilitate conformance of the communication to the communications policy;
  
  applying the determined modifications to the rules system to create a modified rules system;
  
  testing the modified rules system and the rules system on the communications in the log without applying the modified rules system to new communications; and
  
  determining effectiveness of the modified rules system to conform the test communications to the communication policy, said determining effectiveness comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the rules system.
- View Dependent Claims (15)
- - 15. A control system as set forth in claim 14 further comprising a user interface for communicating the violating rules to a user if at least one of the communications in the communications store does not conform to the communications policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Pearson, Malcolm E., Dougherty, Jesse M., Thomas, Shawn M.
Primary Examiner(s)
Winder; Patrice
Assistant Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US11/321,292
Publication Number

US 20070150253A1
Time in Patent Office

1,623 Days
Field of Search

None
US Class Current

709/223
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

Reviewing effectiveness of communication rules system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Reviewing effectiveness of communication rules system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links