Detection and management of unauthorized use of cloud computing services
First Claim
1. A method comprising:
- identifying, by a computer system, a plurality of web resources that have been accessed by computing devices from within an internal network;
obtaining, by the computer system, a first access log from a network component;
generating, by the computer system, a list of unique networks accessed from within the internal network based upon information contained within the first access log;
generating, by the computer system, a list of unique domain name system addresses that have been queried from within the internal network;
searching, by the computer system, an internet registry using the list of unique networks and the list of unique domain name system addresses;
sorting and summarizing, by the computer system, networks identified through searching the internet registry to generate a company list;
analyzing, by the computer system, the company list to identify potential cloud computing service companies;
marking, by the computer system, records within the company list as being associated with the potential cloud computing service companies;
establishing, by the computer system, a baseline utilizing the company list, the baseline comprising the records;
obtaining, by the computer system, a second access log from the network component;
obtaining, by the computer system, internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
summarizing and sorting, by the computer system, the destination internet protocol addresses to identify destination networks;
comparing, by the computer system, the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources;
determining, by the computer system, whether the cloud computing service resource is approved based upon the comparing;
if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource; and
if the cloud computing service resource is not approved,searching, by the computer system, the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, andgenerating, by the computer system, an unauthorized list comprising the source internet protocol address; and
blocking, at the computer system, access to the cloud computing service resource based upon the unauthorized list.
1 Assignment
0 Petitions
Accused Products
Abstract
Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized.
15 Citations
14 Claims
-
1. A method comprising:
-
identifying, by a computer system, a plurality of web resources that have been accessed by computing devices from within an internal network; obtaining, by the computer system, a first access log from a network component; generating, by the computer system, a list of unique networks accessed from within the internal network based upon information contained within the first access log; generating, by the computer system, a list of unique domain name system addresses that have been queried from within the internal network; searching, by the computer system, an internet registry using the list of unique networks and the list of unique domain name system addresses; sorting and summarizing, by the computer system, networks identified through searching the internet registry to generate a company list; analyzing, by the computer system, the company list to identify potential cloud computing service companies; marking, by the computer system, records within the company list as being associated with the potential cloud computing service companies; establishing, by the computer system, a baseline utilizing the company list, the baseline comprising the records; obtaining, by the computer system, a second access log from the network component; obtaining, by the computer system, internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses; summarizing and sorting, by the computer system, the destination internet protocol addresses to identify destination networks; comparing, by the computer system, the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources; determining, by the computer system, whether the cloud computing service resource is approved based upon the comparing; if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource; and if the cloud computing service resource is not approved, searching, by the computer system, the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, and generating, by the computer system, an unauthorized list comprising the source internet protocol address; and blocking, at the computer system, access to the cloud computing service resource based upon the unauthorized list. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon that, when executed by a computer, cause the computer to perform rising:
-
identifying a plurality of web resources that have been accessed by computing devices from within an internal network; obtaining a first access log from a network component; generating a list of unique networks accessed from within the internal network based upon information contained within the first access log; generating a list of unique domain name system addresses that have been queried from within the internal network; searching an internet registry using the list of unique networks and the list of unique domain name system addresses; sorting and summarizing networks identified through searching the internet registry to generate a company list; analyzing the company list to identify potential cloud computing service companies; marking records within the company list as being associated with the potential cloud computing service companies; establishing a baseline utilizing the company list, the baseline comprising the records; obtaining a second access log from the network component; obtaining internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses; summarizing and sorting the destination internet protocol addresses to identify destination networks; comparing the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources; determining whether the cloud computing service resource is approved based upon the comparing; if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource; and if the cloud computing service resource is not approved, searching the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, and generating an unauthorized list comprising the source internet protocol address; and blocking access to the cloud computing service resource based upon the unauthorized list. - View Dependent Claims (8, 9)
-
-
10. A computer system, comprising:
-
a processor; and a memory having computer-executable instructions stored thereupon that, when executed by the processor, cause the processor to perform operations comprising identifying a plurality of web resources that have been accessed by computing devices from within an internal network, obtaining a first access log from a network component, generating a list of unique networks accessed from within the internal network based upon information contained within the first access log, generating a list of unique domain name system addresses that have been queried from within the internal network, searching an internet registry using the list of unique networks and the list of unique domain name system addresses, sorting and summarizing networks identified through searching the internet registry to generate a company list, analyzing the company list to identify potential cloud computing service companies, marking records within the company list as being associated with the potential cloud computing service companies, establishing a baseline utilizing the company list, the baseline comprising the records, obtaining a second access log from the network component, obtaining internet protocol information from the second access log, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses, summarizing and sorting the destination internet protocol addresses to identify destination networks, comparing the destination internet protocol addresses to the baseline to identify a cloud computing service resource that was accessed from the plurality of web resources, determining whether the cloud computing service resource is approved based upon the comparing, if the cloud computing service resource is approved, permitting continued access by the computing devices to the cloud computing service resource, and if the cloud computing service resource is not approved, searching the second access log for a source internet protocol address of the source internet protocol addresses that accessed the cloud computing service resource, and generating an unauthorized list comprising the source internet protocol address, and blocking, at the computer system, access to the cloud computing service resource based upon the unauthorized list. - View Dependent Claims (11, 12, 13, 14)
-
Specification