Small-Footprint Endpoint Data Loss Prevention (DLP)
US-2019268379-A1 · Aug 29, 2019 · US
Malicious data access as highlighted graph visualization
US12326931B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12326931-B2 |
| Application number | US-202117362700-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 29, 2021 |
| Priority date | Jun 29, 2021 |
| Publication date | Jun 10, 2025 |
| Grant date | Jun 10, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One example method includes monitoring a data access pattern, registering a data access request directed to data, comparing metadata associated with the data access request to a rule, based on a result of the comparing, sending a trigger to a graph service, and using information in the trigger to generate a visual representation of the data access request, wherein the visual representation indicates an extent to which the data access request is considered to constitute a potential threat to the data.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: monitoring a data access pattern; registering a data access request that comprises a data access attempt directed to data of a data asset; generating metadata and an annotation to predict importance, relevance and sensitivity of the data asset relative to the data access request; comparing the metadata associated with the data access request to a rule; based on a result of the comparing, sending a trigger to a graph service, wherein the trigger is based on the data access request in combination with another data access request that also concerns the data; and generating a visual representation of the data access request based in part on information in the trigger, user metadata, group metadata, and asset metadata, wherein the visual representation indicates an extent to which the data access request is considered to constitute a potential threat to the data, wherein the visual representation comprises a graph in which data assets and users are denoted by respective nodes, wherein data access attempts by one or more of the users directed to one or more of the data assets are denoted by respective edges connecting the nodes and the one or more data assets, wherein each data asset is individually identified by a globally unique identification in the visual representation, wherein the metadata includes information comprising a file type, a file location, a file size, and a file owner of each data asset, and the annotation includes flags that indicate a type of data found, wherein edges denoting successful data access attempts are denoted by a first type of visual representation, and wherein edges denoting risky data access attempts are denoted by a second type of visual representation that is visually distinguishable from the first type of visual representation. 2. The method as recited in claim 1 , wherein the monitoring and the sending are performed by a malicious behavior service. 3. The method as recited in claim 1 , wherein generation of the visual representation of the data access request is performed by the graph service. 4. The method as recited in claim 1 , wherein the metadata comprises metadata of a user who originated the data access request. 5. The method as recited in claim 1 , wherein the user metadata is associated with a user who made the data access request, the group metadata is associated with a group to which the user belongs, and the data asset metadata is associated with the data with which the data access request is concerned. 6. The method as recited in claim 1 , wherein the another data access request is made by a same user that made the data access request or is made by a different user than the user that made the data access request. 7. The method as recited in claim 1 , wherein, in the visual representation, a data access request that is considered a potential threat to the data is visually distinguishable from another data access request that is not considered to be a potential threat to the data. 8. The method as recited in claim 1 , further comprising taking an action regarding the data based on information presented in the visual representation. 9. A non-transitory computer readable storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: monitoring a data access pattern; registering a data access request that comprises a data access attempt directed to data of a data asset; generating metadata and an annotation to predict importance, relevance and sensitivity of the data asset relative to the data access request; comparing the metadata associated with the data access request to a rule; based on a result of the comparing, sending a trigger to a graph service, wherein the trigger is based on the data access request in combination with another data access request that also concerns the data; and generating a visual representation of the data access request based in part on information in the trigger, user metadata, group metadata, and asset metadata, wherein the visual representation indicates an extent to which the data access request is considered to constitute a potential threat to the data, wherein the visual representation comprises a graph in which data assets and users are denoted by respective nodes, wherein data access attempts by one or more of the users directed to one or more of the data assets are denoted by respective edges connecting the nodes and the one or more data assets, wherein each data asset is individually identified by a globally unique identification in the visual representation, wherein the metadata includes information comprising a file type, a file location, a file size, and a file owner of each data asset, and the annotation includes flags that indicate a type of data found, wherein edges denoting successful data access attempts are denoted by a first type of visual representation, and wherein edges denoting risky data access attempts are denoted by a second type of visual representation that is visually distinguishable from the first type of visual representation. 10. The non-transitory computer readable storage medium as recited in claim 9 , wherein the monitoring and the sending are performed by a malicious behavior service. 11. The non-transitory computer readable storage medium as recited in claim 9 , wherein generation of the visual representation of the data access request is performed by the graph service. 12. The non-transitory computer readable storage medium as recited in claim 9 , wherein the metadata comprises metadata of a user who originated the data access request. 13. The non-transitory computer readable storage medium as recited in claim 9 , wherein the user metadata is associated with a user who made the data access request, the group metadata is associated with a group to which the user belongs, and the data asset metadata is associated with the data with which the data access request is concerned. 14. The non-transitory computer readable storage medium as recited in claim 9 , wherein the another data access request is made by a same user that made the data access request or is made by a different user than the user that made the data access request. 15. The non-transitory computer readable storage medium as recited in claim 9 , wherein, in the visual representation, a data access request that is considered a potential threat to the data is visually distinguishable from another data access request that is not considered to be a potential threat to the data. 16. The non-transitory computer readable storage medium as recited in claim 9 , further comprising taking an action regarding the data based on information presented in the visual representation.
Assignees
Inventors
Classifications
Drawing of charts or graphs · CPC title
Test or assess a computer or a system · CPC title
Entity profiles · CPC title
Event detection, e.g. attack signature detection · CPC title
- G06F21/554Primary
involving event detection and direct action · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12326931B2 cover?
- One example method includes monitoring a data access pattern, registering a data access request directed to data, comparing metadata associated with the data access request to a rule, based on a result of the comparing, sending a trigger to a graph service, and using information in the trigger to generate a visual representation of the data access request, wherein the visual representation indi…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 10 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).