Systems and methods of securing network-accessible peripheral devices

US 9,990,506 B1
Filed: 03/30/2015
Issued: 06/05/2018
Est. Priority Date: 03/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising, by a computer system:

accessing information related to enterprise usage of a plurality of network-accessible peripheral devices;

identifying, from the information, discrete content-imaging events that occurred on the plurality of network-accessible peripheral devices;

determining particular users associated with the discrete content-imaging events on a per-event basis;

determining information related to particular times when the discrete content-imaging events are deemed to have occurred on a per-event basis;

identifying particular content that was imaged as a result of the discrete content-imaging events on a per-event basis;

accessing stored content-based classifications of the particular content on a per-event basis, wherein the stored content-based classifications comprise topics of the particular content;

correlating the topics of the particular content to a plurality of user contexts on a per-event basis, wherein each user context of the plurality of user contexts is defined by a distinct combination of at least one of the particular users and at least one of the particular times;

associating at least one user pattern with each user context based, at least in part, on the correlating; and

generating for at least one user comparative content-imaging-pattern information for at least two user contexts of the plurality of user contexts;

performing an automated risk evaluation of the comparative content-imaging-pattern information; and

transmitting an alert to a designated user responsive to the comparative content-imaging-pattern information meeting specified criteria.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method is performed by a computer system. The method includes accessing information related to enterprise usage of a plurality of network-accessible peripheral devices and identifying, from the information, discrete content-imaging events that occurred on the plurality of network-accessible peripheral devices. In addition, the method includes determining particular users associated with the discrete content-imaging events on a per-event basis and determining particular content to which the discrete content-imaging events relate on a per-event basis. Further, the method includes abstracting correlated data related to the discrete content-imaging events into a standardized format, the correlated data comprising data related to the particular users and the particular content, the standardized format enabling expression of the discrete content-imaging events by user and by type of content-imaging activity.

329 Citations

18 Claims

1. A method comprising, by a computer system:
- accessing information related to enterprise usage of a plurality of network-accessible peripheral devices;
  
  identifying, from the information, discrete content-imaging events that occurred on the plurality of network-accessible peripheral devices;
  
  determining particular users associated with the discrete content-imaging events on a per-event basis;
  
  determining information related to particular times when the discrete content-imaging events are deemed to have occurred on a per-event basis;
  
  identifying particular content that was imaged as a result of the discrete content-imaging events on a per-event basis;
  
  accessing stored content-based classifications of the particular content on a per-event basis, wherein the stored content-based classifications comprise topics of the particular content;
  
  correlating the topics of the particular content to a plurality of user contexts on a per-event basis, wherein each user context of the plurality of user contexts is defined by a distinct combination of at least one of the particular users and at least one of the particular times;
  
  associating at least one user pattern with each user context based, at least in part, on the correlating; and
  
  generating for at least one user comparative content-imaging-pattern information for at least two user contexts of the plurality of user contexts;
  
  performing an automated risk evaluation of the comparative content-imaging-pattern information; and
  
  transmitting an alert to a designated user responsive to the comparative content-imaging-pattern information meeting specified criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the accessing comprises extracting at least a portion of the information from logs produced by one or more of the plurality of network-accessible peripheral devices.
  - 3. The method of claim 1, wherein:
    - the accessing comprises accessing communications from at least one communications platform;
      
      the identifying comprises identifying communications in which at least one network-accessible peripheral device of the plurality of network-accessible peripheral devices is a communication participant; and
      
      the identified communications correspond to at least a portion of the discrete content-imaging events.
  - 4. The method of claim 1, wherein:
    - the at least two user contexts comprise a first user context and a second user context, wherein the first user context and the second user context are mutually exclusive; and
      
      the comparative content-imaging-pattern information comprises;
      
      first content-imaging-pattern information related to content-imaging events occurring in the first user context; and
      
      second content-imaging-pattern information related to content-imaging events occurring in the second user context.
  - 5. The method of claim 1, wherein at least one of the at least two user contexts specifies events occurring during one or more recurring periods of time.
  - 6. The method of claim 5, wherein the one or more recurring periods of time comprise time periods deemed non-working hours.
  - 7. The method of claim 1, comprising:
    - activating a cross-platform data loss prevention (DLP) policy for enforcement against a plurality of users on a set of peripheral devices from the plurality of network-accessible peripheral devices;
      
      monitoring content-imaging events of the plurality of users on each of the set of peripheral devices for violations of the cross-platform DLP policy;
      
      responsive to a detected violation of the cross-platform DLP policy by at least one user on at least one peripheral device, the computer system dynamically acquiring context information for the detected violation using information associated with the detected violation; and
      
      the computer system publishing violation information to one or more designated users, the violation information comprising at least a portion of the information associated with the detected violation and at least a portion of the context information.
  - 8. The method of claim 1, wherein the discrete content-imaging events comprise one or more of the following content-imaging events:
    - print, scan, copy, and fax.
  - 9. The method of claim 1, wherein the plurality of network-accessible peripheral devices comprise one or more of the following devices:
    - printers, scanners, copiers, and fax machines.

10. An information handling system comprising at least one processor and memory, wherein the at least one processor and memory in combination are operable to implement a method comprising:
- accessing information related to enterprise usage of a plurality of network-accessible peripheral devices;
  
  identifying, from the information, discrete content-imaging events that occurred on the plurality of network-accessible peripheral devices;
  
  determining particular users associated with the discrete content-imaging events on a per-event basis;
  
  determining information related to particular times when the discrete content-imaging events are deemed to have occurred on a per-event basis;
  
  identifying particular content that was imaged as a result of the discrete content-imaging events on a per-event basis;
  
  accessing stored content-based classifications of the particular content on a per-event basis, wherein the stored content-based classifications comprise topics of the particular content;
  
  correlating the topics of the particular content to a plurality of user contexts on a per-event basis, wherein each user context of the plurality of user contexts is defined by a distinct combination of at least one of the particular users and at least one of the particular times;
  
  associating at least one user pattern with each user context based, at least in part, on the correlating; and
  
  generating for at least one user comparative content-imaging-pattern information for at least two user contexts of the plurality of user contexts;
  
  performing an automated risk evaluation of the comparative content-imaging-pattern information; and
  
  transmitting an alert to a designated user responsive to the comparative content-imaging-pattern information meeting specified criteria.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The information handling system of claim 10, wherein the accessing comprises extracting at least a portion of the information from logs produced by one or more of the plurality of network-accessible peripheral devices.
  - 12. The information handling system of claim 10, wherein:
    - the accessing comprises accessing communications from at least one communications platform;
      
      the identifying comprises identifying communications in which at least one network-accessible peripheral device of the plurality of network-accessible peripheral devices is a communication participant; and
      
      the identified communications correspond to at least a portion of the discrete content-imaging events.
  - 13. The information handling system of claim 10, wherein:
    - the at least two user contexts comprise a first user context and a second user context, wherein the first user context and the second user context are mutually exclusive; and
      
      the comparative content-imaging-pattern information comprises;
      
      first content-imaging-pattern information related to content-imaging events occurring in the first user context; and
      
      second content-imaging-pattern information related to content-imaging events occurring in the second user context.
  - 14. The information handling system of claim 10, wherein at least one of the at least two user contexts specifies events occurring during one or more recurring periods of time.
  - 15. The information handling system of claim 14, wherein the one or more recurring periods of time comprise time periods deemed non-working hours.
  - 16. The information handling system of claim 10, the method comprising:
    - activating a cross-platform data loss prevention (DLP) policy for enforcement against a plurality of users on a set of peripheral devices from the plurality of network-accessible peripheral devices;
      
      monitoring content-imaging events of the plurality of users on each of the set of peripheral devices for violations of the cross-platform DLP policy;
      
      responsive to a detected violation of the cross-platform DLP policy by at least one user on at least one peripheral device, the information handling system dynamically acquiring context information for the detected violation using information associated with the detected violation; and
      
      the information handling system publishing violation information to one or more designated users, the violation information comprising at least a portion of the information associated with the detected violation and at least a portion of the context information.
  - 17. The information handling system of claim 10, wherein the discrete content-imaging events comprise one or more of the following content-imaging events:
    - print, scan, copy, and fax.

18. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
- accessing information related to enterprise usage of a plurality of network-accessible peripheral devices;
  
  identifying, from the information, discrete content-imaging events that occurred on the plurality of network-accessible peripheral devices;
  
  determining particular users associated with the discrete content-imaging events on a per-event basis;
  
  determining information related to particular times when the discrete content-imaging events are deemed to have occurred on a per-event basis;
  
  identifying particular content that was imaged as a result of the discrete content-imaging events on a per-event basis;
  
  accessing stored content-based classifications of the particular content on a per-event basis, wherein the stored content-based classifications comprise topics of the particular content;
  
  correlating the topics of the particular content to a plurality of user contexts on a per-event basis, wherein each user context of the plurality of user contexts is defined by a distinct combination of at least one of the particular users and at least one of the particular times;
  
  associating at least one user pattern with each user context based, at least in part, on the correlating; and
  
  generating for at least one user comparative content-imaging-pattern information for at least two user contexts of the plurality of user contexts;
  
  performing an automated risk evaluation of the comparative content-imaging-pattern information; and
  
  transmitting an alert to a designated user responsive to the comparative content-imaging-pattern information meeting specified criteria.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Brisebois, Michel Albert, Goyal, Sawan, Hu, GuangNing, Johnstone, Curtis T.
Primary Examiner(s)
King, John B

Application Number

US14/672,715
Time in Patent Office

1,163 Days
Field of Search

726 1, 726 22- 25
US Class Current
CPC Class Codes

G06F 21/62 Protecting access to data v...

H04L 63/20 for managing network securi...

Systems and methods of securing network-accessible peripheral devices

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

329 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of securing network-accessible peripheral devices

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

329 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links