Adjusting filter or classification control settings

US 8,621,559 B2
Filed: 05/01/2012
Issued: 12/31/2013
Est. Priority Date: 11/06/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more hardware data processors; and

instructions stored on a computer readable storage medium operable, when executed by the one or more hardware data processors, to;

receive a data communication in a network;

analyze the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication;

assign a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks;

compare the total risk level assigned to the data communication with a maximum total acceptable level of risk; and

allow the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for managing data communications are described. The method includes receiving a data communication; analyzing the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication; assigning a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks; comparing the total risk level assigned to the data communication with a maximum total acceptable level of risk; and allowing the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.

661 Citations

20 Claims

1. A system comprising:
- one or more hardware data processors; and
  
  instructions stored on a computer readable storage medium operable, when executed by the one or more hardware data processors, to;
  
  receive a data communication in a network;
  
  analyze the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication;
  
  assign a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks;
  
  compare the total risk level assigned to the data communication with a maximum total acceptable level of risk; and
  
  allow the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the tolerance for each of the one or more risks is set in a security policy for the network.
  - 3. The system of claim 1, wherein the tolerance for each of the one or more risks is adjustable along a tolerance range from a high tolerance setting to a low tolerance setting, the high tolerance setting specifying fewer restrictions on a delivery of a data communication to a recipient than the low tolerance setting.
  - 4. The system of claim 3, wherein the tolerance range comprises a blacklist setting, the blacklist setting prohibiting a particular type of sender or recipient activity.
  - 5. The system of claim 3, wherein the tolerance range comprises a whitelist setting, the whitelist setting allowing a particular type of sender or recipient activity.
  - 6. The system of claim 3, wherein the instructions are further operable, when executed by the one or more processors, to:
    - accept tolerance limits on the tolerance range from a network administrator limiting the tolerance range to a range less than an entire tolerance range; and
      
      restrict a setting of the tolerance for each of the one or more risks based on the tolerance limits.
  - 7. The system of claim 1, wherein the one or more risks are associated with one or more of a liability category, a maturity category, a security category, bandwidth category, a communications category, an information security category, or a productivity category.

8. A method comprising:
- receiving a data communication in a network;
  
  analyzing the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication;
  
  assigning a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks;
  
  comparing the total risk level assigned to the data communication with a maximum total acceptable level of risk; and
  
  allowing the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the tolerance for each of the one or more risks is set in a security policy for the network.
  - 10. The method of claim 8, wherein the tolerance for each of the one or more risks is adjustable along a tolerance range from a high tolerance setting to a low tolerance setting, the high tolerance setting specifying fewer restrictions on a delivery of a data communication to a recipient than the low tolerance setting.
  - 11. The method of claim 10, wherein the tolerance range comprises a blacklist setting, the blacklist setting prohibiting a particular type of sender or recipient activity.
  - 12. The method of claim 10, wherein the tolerance range comprises a whitelist setting, the whitelist setting allowing a particular type of sender or recipient activity.
  - 13. The method of claim 10, further comprising:
    - receiving tolerance limits on the tolerance range from a network administrator limiting the tolerance range to a range less than an entire tolerance range; and
      
      restricting a setting of the tolerance for each of the one or more risks based on the tolerance limits.
  - 14. The method of claim 8, wherein the one or more risks are associated with one or more of a liability category, a maturity category, a security category, bandwidth category, a communications category, an information security category, or a productivity category.

15. A non-transitory computer-readable storage medium storing instructions that are executable by one or more processing devices, and upon execution, cause the one or more processing devices to perform processes comprising:
- receiving a data communication in a network;
  
  analyzing the data communication to determine a particular type of sender or recipient activity associated with the data communication based at least in part on an application of a plurality of tests to the data communication;
  
  assigning a total risk level to the data communication based at least in part on one or more risks associated with the particular type of sender or recipient activity and a tolerance for each of the one or more risks;
  
  comparing the total risk level assigned to the data communication with a maximum total acceptable level of risk; and
  
  allowing the data communication to be delivered to a recipient in response to the comparison indicating that the total risk level assigned to the data communication does not exceed the maximum total acceptable level of risk.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein the tolerance for each of the one or more risks is set in a security policy for the network.
  - 17. The non-transitory computer readable medium of claim 15, wherein the tolerance for each of the one or more risks is adjustable along a tolerance range from a high tolerance setting to a low tolerance setting, the high tolerance setting specifying fewer restrictions on a delivery of a data communication to a recipient than the low tolerance setting.
  - 18. The non-transitory computer readable medium of claim 17, wherein the tolerance range comprises a blacklist setting, the blacklist setting prohibiting a particular type of sender or recipient activity.
  - 19. The non-transitory computer readable medium of claim 17, wherein the tolerance range comprises a whitelist setting, the whitelist setting allowing a particular type of sender or recipient activity.
  - 20. The non-transitory computer readable medium of claim 17, wherein the instructions cause the one or more processing devices to further perform processes comprising:
    - receiving tolerance limits on the tolerance range from a network administrator limiting the tolerance range to a range less than an entire tolerance range; and
      
      restricting a setting of the tolerance for each of the one or more risks based on the tolerance limits.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Alperovitch, Dmitri, Greve, Paula, Krasser, Sven, Foote-Lennox, Tomo
Primary Examiner(s)
Blair, April Y

Application Number

US13/460,878
Publication Number

US 20120216248A1
Time in Patent Office

609 Days
Field of Search

726/1, 726/22, 726/24, 709/206, 713/154, 713/161, 380/232, 380/255
US Class Current

726/1
CPC Class Codes

H04L 63/1425 Traffic logging, e.g. anoma...

H04L 63/20 for managing network securi...

Adjusting filter or classification control settings

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

661 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Adjusting filter or classification control settings

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

661 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links