Network data collection and response system
First Claim
1. An enterprise network that is accessible to a computing device, the enterprise network comprising:
- local network resources accessible to the device via the enterprise network;
a connection protocol server comprising a memory storing instructions and a processor executing the instructions, the processor of the connection protocol server executing instructions to assign a network address to the device to identify the device on the enterprise network in response to a network access request received from the device;
a network data collection and response system of the enterprise network that is operative to track network activity of the device including a device inventory comprising device type and configuration information for the device and a resource utilization profile for the device without utilization of a data monitoring agent installed on the device;
the network data collection and response system of the enterprise network is further operative to detect high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a monitoring agent installed on the device, wherein to detect high-risk or unauthorized network activity comprises identifying attempted access to applications that offer services that are not authorized by the enterprise;
the network data collection and response system further operative to implement a response action to mitigate the high-risk or unauthorized network activity, wherein the response action comprises one or more of;
blocking the unauthorized network activity and providing notice to a user of the device that the device has attempted to conduct unauthorized network activity;
notifying a user or monitoring system of the device of malware present on the device and removal of the malware from the device;
detecting malware transmitted from the device; and
removal of the malware from the enterprise network.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network.
-
Citations
15 Claims
-
1. An enterprise network that is accessible to a computing device, the enterprise network comprising:
-
local network resources accessible to the device via the enterprise network; a connection protocol server comprising a memory storing instructions and a processor executing the instructions, the processor of the connection protocol server executing instructions to assign a network address to the device to identify the device on the enterprise network in response to a network access request received from the device; a network data collection and response system of the enterprise network that is operative to track network activity of the device including a device inventory comprising device type and configuration information for the device and a resource utilization profile for the device without utilization of a data monitoring agent installed on the device; the network data collection and response system of the enterprise network is further operative to detect high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a monitoring agent installed on the device, wherein to detect high-risk or unauthorized network activity comprises identifying attempted access to applications that offer services that are not authorized by the enterprise; the network data collection and response system further operative to implement a response action to mitigate the high-risk or unauthorized network activity, wherein the response action comprises one or more of; blocking the unauthorized network activity and providing notice to a user of the device that the device has attempted to conduct unauthorized network activity; notifying a user or monitoring system of the device of malware present on the device and removal of the malware from the device; detecting malware transmitted from the device; and removal of the malware from the enterprise network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for providing a user-supplied computing device with access to an enterprise network comprising local network resources accessible to the device via the enterprise network, the computer program product comprising:
-
a non-transitory computer readable storage medium readable by a processing circuit and storing instructions that, when executed by the processing circuit, perform a method comprising; tracking, by the enterprise network, network activity of the device through passive monitoring without utilization of a data monitoring agent installed on the device; inferring type and configuration information of the device; creating a device inventory comprising device type and one or more of configuration information for the device and a resource utilization profile for the device; detecting, by the enterprise network, one or more of high-risk or unauthorized network activity involving the device, wherein the detecting high-risk or unauthorized network activity comprises identifying attempted access to applications that offer services that are not authorized by the enterprise; and implementing a response action to mitigate the high-risk or unauthorized network activity, wherein the response action comprises one or more of; blocking the unauthorized network activity and providing notice to a user of the device that the device has attempted to conduct unauthorized network activity; notifying a user or monitoring system of the device of malware present on the device and removal of the malware from the device; detecting malware transmitted from the device; and removal of the malware from the enterprise network. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A network data recording and response system for enhancing security in a computer enterprise network providing a computing device with access to the enterprise network, the system operable for:
-
assigning, by a processor executing instructions stored on a memory of a connection protocol server, a network address to the device to identify the device on the enterprise network in response to a network access request received from the device; tracking, by the enterprise network, network activity of the device through passive monitoring without utilization of a data monitoring agent installed on the device; inferring one or more of type and configuration information of the device; creating a device inventory comprising one or more of device type and configuration information for the device and a resource utilization profile for the device; detecting, by the enterprise network, high-risk or unauthorized network activity involving the device, wherein the detecting high-risk or unauthorized network activity comprises identifying attempted access to applications that offer services that are not authorized by the enterprise; and implementing a response action to mitigate the high-risk or unauthorized network activity, wherein the response action comprises one or more of; blocking the unauthorized network activity and providing notice to a user of the device that the device has attempted to conduct unauthorized network activity; notifying a user or monitoring system of the device of malware present on the device and removal of the malware from the device; detecting malware transmitted from the device; and removal of the malware from the enterprise network. - View Dependent Claims (15)
-
Specification