Network data transmission auditing
First Claim
1. A system for analyzing network transmissions, the system comprising:
- a computing interface configured to receive a data loss prevention (DLP) policy customizable by a user of a virtual network; and
a computing system comprising computer hardware, the computing system configured to;
associate virtual components of a virtual network with one or more nodes of a substrate network, the one or more nodes of the substrate network configured to at least partially simulate operation of the virtual components;
generate data transmission routes through the virtual network;
analyze data transmitted via the data transmission routes through the virtual network to detect a match to one or more criteria specified by the DLP policy;
in response to detection of the match, perform at least one of the following;
store at least a portion of the data in a snapshot;
orstore events associated with the data in a compliance log;
orprevent further transmission of at least a portion of the data; and
analyze at least one of the snapshot or the compliance log for additional matches to the DLP policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user'"'"'s organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.
83 Citations
24 Claims
-
1. A system for analyzing network transmissions, the system comprising:
-
a computing interface configured to receive a data loss prevention (DLP) policy customizable by a user of a virtual network; and a computing system comprising computer hardware, the computing system configured to; associate virtual components of a virtual network with one or more nodes of a substrate network, the one or more nodes of the substrate network configured to at least partially simulate operation of the virtual components; generate data transmission routes through the virtual network; analyze data transmitted via the data transmission routes through the virtual network to detect a match to one or more criteria specified by the DLP policy; in response to detection of the match, perform at least one of the following; store at least a portion of the data in a snapshot;
orstore events associated with the data in a compliance log;
orprevent further transmission of at least a portion of the data; and analyze at least one of the snapshot or the compliance log for additional matches to the DLP policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for analyzing network transmissions, the method comprising:
-
under control of a virtual network comprising a substrate network associated with an overlay network, the substrate network comprising a plurality of physical computing nodes, the overlay network at least partially simulated by the substrate network, configuring the virtual network based at least in part on a data loss prevention (DLP) policy of a user of the virtual network, wherein the configuring comprises associating the DLP policy with at least one of the substrate network; analyzing a network flow transmitted via the virtual network to detect a subset of the network flow that matches one or more criteria specified by the DLP policy; and in response to detection of the match, performing at least one of the following; storing at least a portion of a data in a snapshot;
orstoring events associated with the data in a compliance log;
orpreventing further transmission of at least a portion of the data; and analyzing at least one of the snapshot or the compliance log for additional matches to the DLP policy. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable storage medium having computer-executable instructions stored thereon for analyzing network transmissions, the computer-readable storage medium comprising computer executable instructions for:
-
analyzing a network flow transmitted via a virtual network, a virtual network comprising a substrate network associated with an overlay network, the substrate network comprising a plurality of physical computing nodes, the overlay network at least partially simulated by the substrate network, detecting a subset of the network flow that matches one or more criteria specified by a data loss prevention (DLP) policy; and in response to detection of the match, performing at least one of the following; storing at least a portion of a data in a snapshot;
orstoring events associated with the data in a compliance log;
orpreventing further transmission of at least a portion of the data; and analyzing at least one of the snapshot or the compliance log for additional matches to the DLP policy. - View Dependent Claims (23, 24)
-
Specification