Systems and methods for predicting the impact of security-policy changes on users

US 9,246,941 B1
Filed: 02/27/2013
Issued: 01/26/2016
Est. Priority Date: 02/27/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for predicting the impact of security-policy changes on users, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying at least one end-user computing system that is potentially to be regulated using a new security policy potentially to be activated by an administrator of the end-user computing system;

predicting, prior to activating the new security policy on the end-user computing system, how activating the new security policy will impact at least one user of the end-user computing system by;

deploying the new security policy to the end-user computing system;

monitoring, over a time period of live user activity on the end-user computing system, at least one behavior of the user on the end-user computing system for evaluation against the new security policy responsive to determining that the new security policy is potentially to be activated;

determining, without notifying the user of the new security policy and without having first activated the new security policy, how activating the new security policy on the end-user computing system would have impacted the behavior by;

detecting, at the end-user computing system, a condition that would have triggered enforcement of the new security policy on the end-user computing system;

determining that the behavior comprised the condition, caused the condition, and/or occurred simultaneously with the condition;

determining, in response to detecting the condition that would have triggered enforcement of the new security policy, that enforcement of the new security policy on the end-user computing system would have impacted the behavior;

notifying, based at least in part on predicting how activating the new security policy will impact the user, the administrator of the end-user computing system with information that indicates how activating the new security policy will impact future user behavior.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for predicting the impact of security-policy changes on users may include (1) identifying at least one end-user computing system that may potentially be regulated using a security policy, (2) predicting, prior to activating the security policy on the end-user computing system, how activating the security policy may impact at least one user of the end-user computing system by monitoring at least one behavior of the user on the end-user computing system and by determining how activating the security policy on the end-user computing system may have impacted the behavior, and (3) notifying, based at least in part on predicting how activating the security policy may impact the user, an administrator of the end-user computing system with information that indicates how activating the security policy may impact future user behavior. Various other methods, systems, and computer-readable media are also disclosed.

Citations

17 Claims

1. A computer-implemented method for predicting the impact of security-policy changes on users, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying at least one end-user computing system that is potentially to be regulated using a new security policy potentially to be activated by an administrator of the end-user computing system;
  
  predicting, prior to activating the new security policy on the end-user computing system, how activating the new security policy will impact at least one user of the end-user computing system by;
  
  deploying the new security policy to the end-user computing system;
  
  monitoring, over a time period of live user activity on the end-user computing system, at least one behavior of the user on the end-user computing system for evaluation against the new security policy responsive to determining that the new security policy is potentially to be activated;
  
  determining, without notifying the user of the new security policy and without having first activated the new security policy, how activating the new security policy on the end-user computing system would have impacted the behavior by;
  
  detecting, at the end-user computing system, a condition that would have triggered enforcement of the new security policy on the end-user computing system;
  
  determining that the behavior comprised the condition, caused the condition, and/or occurred simultaneously with the condition;
  
  determining, in response to detecting the condition that would have triggered enforcement of the new security policy, that enforcement of the new security policy on the end-user computing system would have impacted the behavior;
  
  notifying, based at least in part on predicting how activating the new security policy will impact the user, the administrator of the end-user computing system with information that indicates how activating the new security policy will impact future user behavior.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein determining how activating the new security policy on the end-user computing system would have impacted the behavior further comprises identifying, in response to detecting the condition that would have triggered enforcement of the new security policy on the end-user computing system, the context within which enforcement of the new security policy on the end-user computing system would have impacted the behavior.
  - 3. The computer-implemented method of claim 1, wherein determining how activating the new security policy on the end-user computing system would have impacted the behavior further comprises identifying, in response to detecting the condition that would have triggered enforcement of the new security policy on the end-user computing system, a workflow within which enforcement of the new security policy on the end-user computing system would have impacted the behavior.
  - 4. The computer-implemented method of claim 1, wherein predicting how activating the new security policy will impact the user of the end-user computing system further comprises determining, based at least in part on determining how activating the new security policy on the end-user computing system would have impacted the behavior, at least one of:
    - a number of times that enforcement of the new security policy on the end-user computing system would have impacted the behavior while the behavior is monitored;
      
      a number of users that perform the behavior while the behavior is monitored;
      
      how activating the new security policy on the end-user computing system would have impacted the behavior of a group of users to which the user belongs.
  - 5. The computer-implemented method of claim 1, wherein notifying the administrator with information that indicates how activating the new security policy will impact future user behavior comprises notifying the administrator of at least one of:
    - a number of times that enforcement of the new security policy on the end-user computing system will likely impact the behavior after the new security policy is activated on the end-user computing system;
      
      a number of users that will likely attempt to perform the behavior after the new security policy is activated on the end-user computing system;
      
      how activating the new security policy on the end-user computing system will likely impact the behavior of a user of interest;
      
      how activating the new security policy on the end-user computing system will likely impact the behavior of a group of users of interest.
  - 6. The computer-implemented method of claim 1, further comprising at least one of:
    - notifying the user with information that indicates how activating the new security policy will impact future user behavior;
      
      enabling the administrator to adjust the new security policy prior to activating the new security policy on the end-user computing system;
      
      activating the new security policy on the end-user computing system.

7. A system for predicting the impact of security-policy changes on users, the system comprising:
- an identifying module, stored in memory as software, that identifies at least one end-user computing system that is potentially to be regulated using a new security policy potentially to be activated by an administrator of the end-user computing system;
  
  a predicting module, stored in memory as software, that predicts, prior to activating the new security policy on the end-user computing system, how activating the new security policy will impact at least one user of the end-user computing system by;
  
  deploying the new security policy to the end-user computing system;
  
  monitoring, over a time period of live user activity on the end-user computing system, at least one behavior of the user on the end-user computing system for evaluation against the new security policy responsive to determining that the new security policy is potentially to be activated;
  
  determining, without notifying the user of the new security policy and without having first activated the new security policy, how activating the new security policy on the end-user computing system would have impacted the behavior by;
  
  detecting, at the end-user computing system, a condition that would have triggered enforcement of the new security policy on the end-user computing system;
  
  determining that the behavior comprised the condition, caused the condition, and/or occurred simultaneously with the condition;
  
  determining, in response to detecting the condition that would have triggered enforcement of the new security policy, that enforcement of the new security policy on the end-user computing system would have impacted the behavior;
  
  a notifying module, stored in memory as software, that notifies, based at least in part on predicting how activating the new security policy will impact the user, the administrator of the end-user computing system with information that indicates how activating the new security policy will impact future user behavior;
  
  at least one hardware processor configured to execute the identifying module, the predicting module, and the notifying module.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the predicting module is programmed to determine how activating the new security policy on the end-user computing system would have impacted the behavior by identifying, in response to detecting the condition that would have triggered enforcement of the new security policy on the end-user computing system, the context within which enforcement of the new security policy on the end-user computing system would have impacted the behavior.
  - 9. The system of claim 7, wherein the predicting module is programmed to determine how activating the new security policy on the end-user computing system would have impacted the behavior by identifying, in response to detecting the condition that would have triggered enforcement of the new security policy on the end-user computing system, a workflow within which enforcement of the new security policy on the end-user computing system would have impacted the behavior.
  - 10. The system of claim 7, wherein the predicting module is programmed to predict how activating the new security policy will impact the user of the end-user computing system by determining, based at least in part on determining how activating the new security policy on the end-user computing system would have impacted the behavior, at least one of:
    - a number of times that enforcement of the new security policy on the end-user computing system would have impacted the behavior while the behavior is monitored;
      
      a number of users that perform the behavior while the behavior is monitored;
      
      how activating the new security policy on the end-user computing system would have impacted the behavior of a group of users to which the user belongs.
  - 11. The system of claim 7, wherein the notifying module is programmed to notify the administrator with information that indicates how activating the new security policy will impact future user behavior by notifying the administrator of at least one of:
    - a number of times that enforcement of the new security policy on the end-user computing system will likely impact the behavior after the new security policy is activated on the end-user computing system;
      
      a number of users that will likely attempt to perform the behavior after the new security policy is activated on the end-user computing system;
      
      how activating the new security policy on the end-user computing system will likely impact the behavior of a user of interest;
      
      how activating the new security policy on the end-user computing system will likely impact the behavior of a group of users of interest.
  - 12. The system of claim 7, wherein:
    - the notifying module is further programmed to;
      
      notify the user with information that indicates how activating the new security policy will impact future user behavior;
      
      enable the administrator to adjust the new security policy prior to activating the new security policy on the end-user computing system;
      
      the system further comprises an activating module programmed to activating the new security policy on the end-user computing system.

13. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify at least one end-user computing system that is potentially to be regulated using a new security policy potentially to be activated by an administrator of the end-user computing system;
  
  predict, prior to activating the new security policy on the end-user computing system, how activating the new security policy will impact at least one user of the end-user computing system by;
  
  deploying the new security policy to the end-user computing system;
  
  monitoring, over a time period of live user activity on the end-user computing system, at least one behavior of the user on the end-user computing system for evaluation against the new security policy responsive to determining that the new security policy is potentially to be activated;
  
  determining, without notifying the user of the new security policy and without having first activated the new security policy, how activating the new security policy on the end-user computing system would have impacted the behavior by;
  
  detecting, at the end-user computing system, a condition that would have triggered enforcement of the new security policy on the end-user computing system;
  
  determining that the behavior comprised the condition, caused the condition, and/or occurred simultaneously with the condition;
  
  determining, in response to detecting the condition that would have triggered enforcement of the new security policy, that enforcement of the new security policy on the end-user computing system would have impacted the behavior;
  
  notify, based at least in part on predicting how activating the new security policy will impact the user, the administrator of the end-user computing system with information that indicates how activating the new security policy will impact future user behavior.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the one or more computer-executable instructions, when executed by the processor of the computing device, further cause the computing device to determine how activating the new security policy on the end-user computing system would have impacted the behavior by identifying, in response to detecting the condition that would have triggered enforcement of the new security policy on the end-user computing system, the context within which enforcement of the new security policy on the end-user computing system would have impacted the behavior.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the one or more computer-executable instructions, when executed by the processor of the computing device, further cause the computing device to determine how activating the new security policy on the end-user computing system would have impacted the behavior by identifying, in response to detecting the condition that would have triggered enforcement of the new security policy on the end-user computing system, a workflow within which enforcement of the new security policy on the end-user computing system would have impacted the behavior.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the one or more computer-executable instructions, when executed by the processor of the computing device, further cause the computing device to predict how activating the new security policy will impact the user of the end-user computing system by determining, based at least in part on determining how activating the new security policy on the end-user computing system would have impacted the behavior, at least one of:
    - a number of times that enforcement of the new security policy on the end-user computing system would have impacted the behavior while the behavior is monitored;
      
      a number of users that perform the behavior while the behavior is monitored;
      
      how activating the new security policy on the end-user computing system would have impacted the behavior of a group of users to which the user belongs.
  - 17. The non-transitory computer-readable medium of claim 13, wherein the one or more computer-executable instructions, when executed by the processor of the computing device, further cause the computing device to notify the administrator with information that indicates how activating the new security policy will impact future user behavior by notifying the administrator of at least one of:
    - a number of times that enforcement of the new security policy on the end-user computing system will likely impact the behavior after the new security policy is activated on the end-user computing system;
      
      a number of users that will likely attempt to perform the behavior after the new security policy is activated on the end-user computing system;
      
      how activating the new security policy on the end-user computing system will likely impact the behavior of a user of interest;
      
      how activating the new security policy on the end-user computing system will likely impact the behavior of a group of users of interest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Gibson, Douglas, Newstadt, Keith
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Steinle, Andrew

Application Number

US13/779,550
Time in Patent Office

1,063 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Systems and methods for predicting the impact of security-policy changes on users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for predicting the impact of security-policy changes on users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links