Detection and management of unauthorized use of cloud computing services

US 9,203,847 B2
Filed: 06/26/2012
Issued: 12/01/2015
Est. Priority Date: 06/26/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

identifying, by a computer system, a plurality of web resources that have been accessed by computing devices from within an internal network;

obtaining, by the computer system, a first access log from a network component;

generating, by the computer system, a list of unique networks accessed from within the internal network based upon information contained within the first access log;

generating, by the computer system, a list of unique domain name system addresses that have been queried from within the internal network;

searching, by the computer system, an internet registry using the list of unique networks and the list of unique domain name system addresses;

sorting and summarizing, by the computer system, networks identified through searching the internet registry to generate a company list;

analyzing, by the computer system, the company list to identify potential cloud computing service companies;

marking, by the computer system, records within the company list as being associated with the potential cloud computing service companies;

establishing, by the computer system, a baseline utilizing the company list, the baseline comprising the records;

obtaining, by the computer system, a second access log from the network component;

obtaining, by the computer system, internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;

summarizing and sorting, by the computer system, the destination internet protocol addresses to identify destination networks;

comparing, by the computer system, the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources;

determining, by the computer system, whether the cloud computing service resource is approved based upon the comparing;

if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource; and

if the cloud computing service resource is not approved,searching, by the computer system, the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, andgenerating, by the computer system, an unauthorized list comprising the source internet protocol address; and

blocking, at the computer system, access to the cloud computing service resource based upon the unauthorized list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized.

15 Citations

View as Search Results

14 Claims

1. A method comprising:
- identifying, by a computer system, a plurality of web resources that have been accessed by computing devices from within an internal network;
  
  obtaining, by the computer system, a first access log from a network component;
  
  generating, by the computer system, a list of unique networks accessed from within the internal network based upon information contained within the first access log;
  
  generating, by the computer system, a list of unique domain name system addresses that have been queried from within the internal network;
  
  searching, by the computer system, an internet registry using the list of unique networks and the list of unique domain name system addresses;
  
  sorting and summarizing, by the computer system, networks identified through searching the internet registry to generate a company list;
  
  analyzing, by the computer system, the company list to identify potential cloud computing service companies;
  
  marking, by the computer system, records within the company list as being associated with the potential cloud computing service companies;
  
  establishing, by the computer system, a baseline utilizing the company list, the baseline comprising the records;
  
  obtaining, by the computer system, a second access log from the network component;
  
  obtaining, by the computer system, internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
  
  summarizing and sorting, by the computer system, the destination internet protocol addresses to identify destination networks;
  
  comparing, by the computer system, the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources;
  
  determining, by the computer system, whether the cloud computing service resource is approved based upon the comparing;
  
  if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource; and
  
  if the cloud computing service resource is not approved,searching, by the computer system, the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, andgenerating, by the computer system, an unauthorized list comprising the source internet protocol address; and
  
  blocking, at the computer system, access to the cloud computing service resource based upon the unauthorized list.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising searching for an individual that has accessed the cloud computing service resource via one of the computing devices from within the internal network to ensure ongoing compliance with a cloud computing service access policy that governs the internal network.
  - 3. The method of claim 2, wherein searching for the individual comprises:
    - utilizing the source internet protocol address to extract information identifying the individual; and
      
      contacting the individual to ensure ongoing compliance with the cloud computing service access policy that governs the internal network.
  - 4. The method of claim 1, further comprising verifying that the company list comprises approved cloud computing service companies.
  - 5. The method of claim 1, further comprising:
    - instructing a device management application that is resident on a computing device of the computing devices that is associated with the source internet protocol address to determine whether a cloud computing service software application is also resident on the computing device; and
      
      in response to determining that the cloud computing service software application is resident on the computing device, adding the source internet protocol address associated with the computing device to the unauthorized list.
  - 6. The method of claim 1, wherein blocking access to the cloud computing service resource comprises at least one of the following:
    - instructing the network component to block access to the cloud computing service resource; and
      
      instructing a device management application that is resident on a computing device of the computing devices that is associated with the source internet protocol address to delete a cloud computing service software application that is associated with the cloud computing service resource from the computing device.

7. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon that, when executed by a computer, cause the computer to perform rising:
- identifying a plurality of web resources that have been accessed by computing devices from within an internal network;
  
  obtaining a first access log from a network component;
  
  generating a list of unique networks accessed from within the internal network based upon information contained within the first access log;
  
  generating a list of unique domain name system addresses that have been queried from within the internal network;
  
  searching an internet registry using the list of unique networks and the list of unique domain name system addresses;
  
  sorting and summarizing networks identified through searching the internet registry to generate a company list;
  
  analyzing the company list to identify potential cloud computing service companies;
  
  marking records within the company list as being associated with the potential cloud computing service companies;
  
  establishing a baseline utilizing the company list, the baseline comprising the records;
  
  obtaining a second access log from the network component;
  
  obtaining internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
  
  summarizing and sorting the destination internet protocol addresses to identify destination networks;
  
  comparing the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources;
  
  determining whether the cloud computing service resource is approved based upon the comparing;
  
  if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource; and
  
  if the cloud computing service resource is not approved,searching the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, andgenerating an unauthorized list comprising the source internet protocol address; and
  
  blocking access to the cloud computing service resource based upon the unauthorized list.
- View Dependent Claims (8, 9)
- - 8. The non-transitory computer-readable storage medium of claim 7, wherein the operations further comprise:
    - utilizing the source internet protocol address to extract information identifying an individual; and
      
      contacting the individual to ensure ongoing compliance with a cloud computing service access policy that governs the internal network.
  - 9. The non-transitory computer-readable storage medium of claim 7, wherein blocking access to the cloud computing service resource comprises at least one of the following:
    - instructing the network component to block access to the cloud computing service resource; and
      
      instructing a device management application that is resident on a computing device of the computing devices that is associated with the source internet protocol address to delete a cloud computing service software application that is associated with the cloud computing resource from the computing device.

10. A computer system, comprising:
- a processor; and
  
  a memory having computer-executable instructions stored thereupon that, when executed by the processor, cause the processor to perform operations comprisingidentifying a plurality of web resources that have been accessed by computing devices from within an internal network,obtaining a first access log from a network component,generating a list of unique networks accessed from within the internal network based upon information contained within the first access log,generating a list of unique domain name system addresses that have been queried from within the internal network,searching an internet registry using the list of unique networks and the list of unique domain name system addresses,sorting and summarizing networks identified through searching the internet registry to generate a company list,analyzing the company list to identify potential cloud computing service companies,marking records within the company list as being associated with the potential cloud computing service companies,establishing a baseline utilizing the company list, the baseline comprising the records,obtaining a second access log from the network component,obtaining internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses,summarizing and sorting the destination internet protocol addresses to identify destination networks,comparing the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources,determining whether the cloud computing service resource is approved based upon the comparing,if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource, andif the cloud computing service resource is not approved,searching the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, andgenerating an unauthorized list comprising the source internet protocol address, andblocking, at the computer system, access to the cloud computing service resource based upon the unauthorized list.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer system of claim 10, wherein the operations further comprise:
    - utilizing the source internet protocol address to extract information identifying an individual; and
      
      contact the individual to ensure ongoing compliance with the cloud computing service access policy that governs the internal network.
  - 12. The computer system of claim 10, wherein the operations further comprise verifying that the company list comprises approved cloud computing service companies.
  - 13. The computer system of claim 10, wherein the operations further comprise:
    - instructing a device management application that is resident on a computing device of the computing devices that is associated with the source internet protocol address to determine whether a cloud computing service software application is also resident on the computing device; and
      
      in response to determining that the cloud computing service software application is resident on the computing device, adding the source internet protocol address associated with the computing device to the unauthorized list.
  - 14. The computer system of claim 10, wherein the operations further comprise at least one of the following:
    - instructing the network component to block access to the cloud computing service resource; and
      
      instructing a device management application that is resident on a computing device of the computing devices that is associated with the source internet protocol address to delete a cloud computing service software application that is associated with the cloud computing resource from the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Elleboe, Flemming, Albisu, Luis Francisco, Bentfield, Joseph, Kerns, Janet, Sheriffs, Jonathan
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US13/533,312
Publication Number

US 20130347068A1
Time in Patent Office

1,253 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2463/146   Tracing the source of attacks

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Detection and management of unauthorized use of cloud computing services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Detection and management of unauthorized use of cloud computing services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links