Information security implementations with extended capabilities
First Claim
1. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
- executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and
executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
monitor actions of the other applications identified as accessing sensitive data;
determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
transmit, in response to determining that the trigger event has occurred, the notification to the central server, whereinthe parameters of the configuration data identify a data file as sensitive based on location of the data file and access permission of the data file.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices or methods provide for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers. A particular method relates to the execution of software code on the at least one central server to monitor data communications of the plurality of client computers for sensitive data. A subset of the data communications is restricted when sensitive data is detected. Configuration data is provided to each of the plurality of client computers. Software code is executed on each of the plurality of client computers to detect accesses to sensitive data by one or more applications running on a client computer. Actions of the one or more applications running on a client computer are monitored to determine whether or not a trigger event has occurred. In response to determining that the trigger event has occurred, a notification is sent.
92 Citations
22 Claims
-
1. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
-
executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server to provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications identified as accessing sensitive data; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein the parameters of the configuration data identify a data file as sensitive based on location of the data file and access permission of the data file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
-
executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server to provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications identified as accessing sensitive data; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein; the notification to the central server includes tagging the sensitive data with information about one or more of the trigger events, the monitored actions and the identified other applications; and the first set of software code on the at least one central server is configured to; for each of the monitored data communications, assign a scanning priority based on access permissions of the monitored data communications that are indicated in the notification, where data communication of publically available files are assigned a low scanning priority and data communication of restricted files are assigned a high scanning priority; and scan the data communications as a function of the assigned scanning priority.
-
-
9. A security system comprising:
-
a plurality of client computers; at least one central server coupled to the plurality of client computers and configured to; provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and wherein each of the plurality of client computers is configured and arranged to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein the security system is configured to, in response to the identifying accesses to sensitive data, tag data files including the sensitive data to provide an indication of a risk-level for the data files. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
-
executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server to provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications identified as accessing sensitive data; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, executing software code on each of the plurality of client computers to establish a security setting that a designated user of a respective one of the plurality of client computers confirms before the access thereto is granted, and further including using security databases as a reference for identifying sensitive data, wherein the databases include keywords, locations, document types, specific content and heuristic signatures to assess and determine a risk level.
-
-
20. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
-
executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server to provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications identified as accessing sensitive data; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, further including using security databases as a reference for identifying sensitive data, wherein the databases include keywords, locations, document types, specific content and heuristic signatures to assess and determine a risk level.
-
-
21. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
-
executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server to provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications identified as accessing sensitive data; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein the first set of software code is further configured to cause the at least one central server to; determine ones of the data communications that are higher-risk, based on a respective number of trigger events associated with each of the data communications in the notification and a sensitivity level of each data communication indicated in the notification, where a higher number of trigger events indicates higher risk and higher sensitivity level indicates higher risk; and prevent transmission data communications determined to be high-risk unless the data communications are encrypted.
-
-
22. A security system comprising:
-
a plurality of client computers; at least one central server coupled to the plurality of client computers and configured to; provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers; in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and wherein each of the plurality of client computers is configured and arranged to identify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data; monitor actions of the other applications; determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein the notification to the central server includes sensitive data tagged with information about one or more of the trigger events, the monitored actions, and the identified other applications; and the at least one central server is configured to for each of the monitored data communications, assign a scanning priority based on access permissions of the monitored data communication that are indicated in the notification, where data communication of publically available files are assigned a low scanning priority and data communication of restricted files are assigned a high scanning priority; and scan the data communications as a function of the assigned scanning priority.
-
Specification