Network data transmission analysis
First Claim
1. A method for analyzing data transmitted through a virtual network, the method comprising:
- under control of a virtual network comprising a substrate network associated with an overlay network, the substrate network comprising a plurality of physical computing nodes, the overlay network at least partially simulated by the substrate network,configuring the virtual network based at least in part on a DLP policy that includes context criteria and content criteria, the context criteria comprising information about organizational structure or services of a user of the virtual network, wherein the configuring comprises associating the information about the organizational structure or services of the virtual network user with at least one of the substrate network and the overlay network;
receiving a network flow transmitted via the virtual network, the network flow comprising information related to the information about the organizational structure or services of the virtual network user;
analyzing the network flow to detect a first subset of the network flow that includes matches to at least one of the context criteria;
analyzing the first subset of the network flow to detect a second subset of the network flow that includes matches to at least one of the content criteria; and
performing an action on at least a portion of the second subset of the network flow.
1 Assignment
0 Petitions
Accused Products
Abstract
Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user'"'"'s organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.
235 Citations
30 Claims
-
1. A method for analyzing data transmitted through a virtual network, the method comprising:
-
under control of a virtual network comprising a substrate network associated with an overlay network, the substrate network comprising a plurality of physical computing nodes, the overlay network at least partially simulated by the substrate network, configuring the virtual network based at least in part on a DLP policy that includes context criteria and content criteria, the context criteria comprising information about organizational structure or services of a user of the virtual network, wherein the configuring comprises associating the information about the organizational structure or services of the virtual network user with at least one of the substrate network and the overlay network; receiving a network flow transmitted via the virtual network, the network flow comprising information related to the information about the organizational structure or services of the virtual network user; analyzing the network flow to detect a first subset of the network flow that includes matches to at least one of the context criteria; analyzing the first subset of the network flow to detect a second subset of the network flow that includes matches to at least one of the content criteria; and performing an action on at least a portion of the second subset of the network flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for analyzing data transmitted through a virtual network, the system comprising:
-
one or more physical computing devices configured to; associate virtual components of a virtual network with one or more computing nodes of a substrate network, the one or more computing nodes of the substrate network configured to at least partially simulate operation of the virtual components; associate a data loss prevention (DLP) policy with at least one of the substrate network and the virtual components of the virtual network, the DLP policy specifying context criteria and content criteria, the context criteria comprising information about organizational structure or services of a user of the virtual network; receive a network flow transmitted via the virtual network, the network flow comprising information related to the organizational structure or services of the virtual network user; analyze the network flow to detect a subset of the network flow that includes matches to at least one of the context criteria and at least one of the content criteria; and perform an action on at least a portion of the second subset of the network flow. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A method for detecting bank card information in network data transmissions, the method comprising:
-
by a computer system comprising one or more physical computing devices, the computing system configured to associate virtual components of a virtual network with one or more nodes of a substrate network, the one or more nodes of the substrate network configured to at least partially simulate operation of the virtual components, analyzing a network flow based at least in part on a data loss prevention (DLP) policy of a user of the virtual network, the DLP policy comprising a bank card policy associated with identification of bank card information, the bank card information comprising information associated with an Issuer Identification Number (IIN); detecting a portion of the network flow that includes matches based at least in part on the bank card policy; and performing an action on the portion of the network flow based at least in part on the DLP policy. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification