Systems and methods for monitoring the activity of devices within an organization by leveraging data generated by an existing security solution deployed within the organization
First Claim
1. A computer-implemented method for monitoring the activity of devices within an organization by leveraging data generated by an existing security solution deployed within the organization, the method comprising:
- identifying one or more external IP addresses associated with the organization;
receiving, at a reputation service, a reputation request from a device for reputation information relevant to evaluating the trustworthiness of a computing resource encountered by the device, wherein the reputation service comprises at least one processor configured to service reputation requests for devices within the organization;
determining that the reputation request originated from at least one of the one or more external IP addresses associated with the organization by;
identifying an originating IP address of the reputation request received from the device;
comparing the originating IP address of the reputation request with the one or more external IP addresses associated with the organization;
determining that the originating IP address of the reputation request matches at least one of the one or more external IP addresses associated with the organization;
responding, via the reputation service, to the reputation request by providing the requested reputation information to the device;
in addition to responding to the reputation request, using data generated from servicing the reputation request to track, for the organization, the activity of the device, wherein using the data to track the activity of the device comprises;
generating, via the reputation service, at least one employee-activity report for the organization that identifies the activity of the device, wherein;
the reputation service generates the report based at least in part on an analysis of the reputation request without using a separate monitoring service to generate the report;
the report includes information that identifies the number of managed devices and unmanaged devices within the organization and information that contrasts the activity of managed devices within the organization with the activity of unmanaged devices within the organization;
providing, via the reputation service, the report to the organization to enable the organization to monitor and/or manage the activity of the device.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for monitoring the activity of devices within an organization by leveraging data generated by an existing security solution deployed within the organization may include (1) identifying, at a reputation service configured to service reputation requests, at least one external IP address associated with an organization, (2) identifying, within the reputation requests serviced by the reputation service, a plurality of reputation requests that originated from the external IP address associated with the organization, (3) generating, based at least in part on an analysis of the reputation requests that originated from the external IP address associated with the organization, at least one report for the organization that identifies the activity of devices within the organization, and (4) providing the report to the organization to enable the organization to monitor the activity of the devices within the organization. Corresponding systems and encoded computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for monitoring the activity of devices within an organization by leveraging data generated by an existing security solution deployed within the organization, the method comprising:
-
identifying one or more external IP addresses associated with the organization; receiving, at a reputation service, a reputation request from a device for reputation information relevant to evaluating the trustworthiness of a computing resource encountered by the device, wherein the reputation service comprises at least one processor configured to service reputation requests for devices within the organization; determining that the reputation request originated from at least one of the one or more external IP addresses associated with the organization by; identifying an originating IP address of the reputation request received from the device; comparing the originating IP address of the reputation request with the one or more external IP addresses associated with the organization; determining that the originating IP address of the reputation request matches at least one of the one or more external IP addresses associated with the organization; responding, via the reputation service, to the reputation request by providing the requested reputation information to the device; in addition to responding to the reputation request, using data generated from servicing the reputation request to track, for the organization, the activity of the device, wherein using the data to track the activity of the device comprises; generating, via the reputation service, at least one employee-activity report for the organization that identifies the activity of the device, wherein; the reputation service generates the report based at least in part on an analysis of the reputation request without using a separate monitoring service to generate the report; the report includes information that identifies the number of managed devices and unmanaged devices within the organization and information that contrasts the activity of managed devices within the organization with the activity of unmanaged devices within the organization; providing, via the reputation service, the report to the organization to enable the organization to monitor and/or manage the activity of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19, 20)
-
-
9. A system for monitoring the activity of devices within an organization by leveraging data generated by an existing security solution deployed within the organization, the system comprising:
-
an identification module, a report module, and a communication module operating as part of a reputation service that services reputation requests for devices within the organization, wherein the identification module, the report module, and the communication module are programmed to; identify one or more external IP addresses associated with the organization; receive a reputation request from a device for reputation information relevant to evaluating the trustworthiness of a computing resource encountered by the device; determine that the reputation request originated from at least one of the one or more external IP addresses associated with the organization by; identifying an originating IP address of the reputation request received from the device; comparing the originating IP address of the reputation request with the one or more external IP addresses associated with the organization; determining that the originating IP address of the reputation request matches at least one of the one or more external IP addresses associated with the organization; respond to the reputation request by providing the requested reputation information to the device; in addition to responding to the reputation request, use data generated from servicing the reputation request to track, for the organization, the activity of the device, wherein the identification module, the report module, and the communication module are programmed to use the data to track the activity of the devices by; generating, via the reputation service, at least one employee-activity report for the organization that identifies the activity of the device, wherein; the reputation service generates the report based at least in part on an analysis of the reputation request without using a separate monitoring service to generate the report; the report includes information that identifies the number of managed devices and unmanaged devices within the organization and information that contrasts the activity of managed devices within the organization with the activity of unmanaged devices within the organization; providing, via the reputation service, the report to the organization to enable the organization to monitor and/or manage the activity of the device; at least one processor configured to execute the identification module, the report module, and the communication module. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a reputation service, cause the reputation service to:
-
identify one or more external IP addresses associated with an organization; receive, at a reputation service, a reputation request from a device for reputation information relevant to evaluating the trustworthiness of a computing resource encountered by the device, wherein the reputation service comprises at least one processor configured to service reputation requests for devices within the organization; determine that the reputation request originated from at least one of the one or more external IP addresses associated with the organization by; identifying an originating IP address of the reputation request received from the device; comparing the originating IP address of the reputation request with the one or more external IP addresses associated with the organization; determining that the originating IP address of the reputation request matches at least one of the one or more external IP addresses associated with the organization; respond, via the reputation service, to the reputation request by providing the requested reputation information to the device; in addition to responding to the reputation request, use data generated from servicing the reputation request to track, for the organization, the activity of the devices, wherein using the data to track the activity of the device comprises; generating, via the reputation service, at least one employee-activity report for the organization that identifies the activity of the device, wherein; the reputation service generates the report based at least in part on an analysis of the reputation request without using a separate monitoring service to generate the report; the report includes information that identifies the number of managed devices and unmanaged devices within the organization and information that contrasts the activity of managed devices within the organization with the activity of unmanaged devices within the organization; providing, via the reputation service, the report to the organization to enable the organization to monitor and/or manage the activity of the device. - View Dependent Claims (18)
-
Specification