Systems and methods for managing access
First Claim
1. A computer-implemented method for managing access, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying an attempt by a user, from a set of users, to access a file within a computing environment;
determining that the attempt to access the file is anomalous for the user according to a statistical analysis;
identifying a quota of allowed anomalous file accesses for the user that defines a number of times the user is allowed to access files despite the access of the files being anomalous according to the statistical analysis, where the quota is assigned to the user based on a level of trust for the user and the level of trust for the user is based on at least one of;
previous behavior of the user;
a tenure of the user;
a rank of the user within an organization; and
a level of privilege previously assigned to the user within a security system;
determining that the attempt to access the file causes a count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; and
after determining that the attempt to access the file causes the count of anomalous file accesses to exceed the quota of allowed anomalous file accesses;
blocking the attempt to access the file; and
permitting another action that is non-anomalous according to the statistical analysis.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for managing access may include (1) identifying an attempt to perform, within a computing environment, an action that involves a specific entity, (2) determining that the attempted action is anomalous for the specific entity, (3) identifying a quota of allowed anomalous actions for the specific entity, (4) determining that the attempted action causes a count of anomalous actions to exceed the quota of allowed anomalous actions, and (5) performing a security action based on the determination that the attempted action causes the count of anomalous actions to exceed the quota of allowed anomalous actions. Various other methods, systems, and computer-readable media are also disclosed.
10 Citations
20 Claims
-
1. A computer-implemented method for managing access, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying an attempt by a user, from a set of users, to access a file within a computing environment; determining that the attempt to access the file is anomalous for the user according to a statistical analysis; identifying a quota of allowed anomalous file accesses for the user that defines a number of times the user is allowed to access files despite the access of the files being anomalous according to the statistical analysis, where the quota is assigned to the user based on a level of trust for the user and the level of trust for the user is based on at least one of; previous behavior of the user; a tenure of the user; a rank of the user within an organization; and a level of privilege previously assigned to the user within a security system; determining that the attempt to access the file causes a count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; and after determining that the attempt to access the file causes the count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; blocking the attempt to access the file; and permitting another action that is non-anomalous according to the statistical analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for managing access, the system comprising:
-
an identification module, stored in memory, that identifies an attempt by a user, from a set of users, to access a file within a computing environment; a determination module, stored in memory, that determines that the attempt to access the file is anomalous for the user according to a statistical analysis, wherein; the identification module identifies a quota of allowed anomalous file accesses for the user that defines a number of times the user is allowed to access files despite the access of the files being anomalous according to the statistical analysis, where the quota is assigned to the user based on a level of trust for the user and the level of trust for the user is based on at least one of; previous behavior of the user; a tenure of the user; a rank of the user within an organization; and a level of privilege previously assigned to the user within a security system; the determination module determines that the attempt to access the file causes a count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; the system further comprises; a performance module, stored in memory, that, after determining that the attempt to access the file causes the count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; blocks the attempt to access the file; and permits another action that is non-anomalous according to the statistical analysis; and at least one physical processor configured to execute the identification module, the determination module, and the performance module. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify an attempt by a user, from a set of users, to access a file within a computing environment; determine that the attempt to access the file is anomalous for the user according to a statistical analysis; identify a quota of allowed anomalous file accesses for the user that defines a number of times the user is allowed to access files despite the access of the files being anomalous according to the statistical analysis, where the quota is assigned to the user based on a level of trust for the user and the level of trust for the user is based on at least one of; previous behavior of the user; a tenure of the user; a rank of the user within an organization; and a level of privilege previously assigned to the user within a security system; determine that the attempt to access the file causes a count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; and after determining that the attempt to access the file causes the count of anomalous file accesses to exceed the quota of allowed anomalous file accesses; block the attempt to access the file; and permit another action that is non-anomalous according to the statistical analysis.
-
Specification