WO2013150507A2 - Enterprise level data element review systems and methodologies - Google Patents

Enterprise level data element review systems and methodologies Download PDF

Info

Publication number
WO2013150507A2
WO2013150507A2 PCT/IL2012/000147 IL2012000147W WO2013150507A2 WO 2013150507 A2 WO2013150507 A2 WO 2013150507A2 IL 2012000147 W IL2012000147 W IL 2012000147W WO 2013150507 A2 WO2013150507 A2 WO 2013150507A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
data elements
multiplicity
metadata
collect
Prior art date
Application number
PCT/IL2012/000147
Other languages
English (en)
French (fr)
Other versions
WO2013150507A3 (en
Inventor
Yakov Faitelson
Ohad Korkus
David Bass
Yzhar KAYSAR
Ophir Kretzer-Katzir
Original Assignee
Varonis Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Varonis Systems, Inc. filed Critical Varonis Systems, Inc.
Priority to EP12873556.0A priority Critical patent/EP2834733A4/en
Priority to PCT/IL2012/000147 priority patent/WO2013150507A2/en
Priority to IN8750DEN2014 priority patent/IN2014DN08750A/en
Priority to CN201280073615.6A priority patent/CN104662510B/zh
Priority to CN201711057610.5A priority patent/CN107657065B/zh
Publication of WO2013150507A2 publication Critical patent/WO2013150507A2/en
Publication of WO2013150507A3 publication Critical patent/WO2013150507A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/70Information retrieval; Database structures therefor; File system structures therefor of video data
    • G06F16/78Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/783Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
    • G06F16/7844Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content using original textual content or text extracted from visual content or transcript of audio data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/907Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually

Definitions

  • the present invention relates generally to enterprise level data element systems and methodologies.
  • the present invention seeks to provide enterprise level data element review systems and methodologies.
  • an enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a selected plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
  • an enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element modified metadata collector which is operative to collect at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements, and a data element crawler operative to crawl over the multiplicity of data elements thereby to collect at least one of metadata and access permissions for the multiplicity of data elements.
  • an enterprise level data element review system including a data access event collection failure monitoring subsystem operative to ascertain failure to collect data access events and to provide a failure notification, and a data element crawler operative in response to receipt of the failure notification to crawl over the multiplicity of data elements thereby to collect at least one of metadata and access permissions for the multiplicity of data elements.
  • a method for enterprise level data element review including collecting data access event notifications relating to ones of a multiplicity of data elements, providing a script indicating which data elements have had a metadata modification over a given period of time, and collecting at least one of metadata and access permissions for a selected plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
  • a method for enterprise level data element review including collecting data access event notifications relating to ones of a multiplicity of data elements collecting at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements, and crawling over the multiplicity of data elements thereby to collect at least one of metadata and access permissions for the multiplicity of data elements.
  • a method for enterprise level data element review including ascertaining failure to collect data access events, providing a failure notification, and in response to receipt of the failure notification, crawling over the multiplicity of data elements thereby to collect at least one of metadata and access permissions for the multiplicity of data elements.
  • FIG. 1 is a simplified illustration of an enterprise level data element review system constructed and operative in accordance with a preferred embodiment of the invention
  • FIG. 2 is an alternative simplified illustration of the enterprise level data element review system of Fig. 1;
  • Fig. 3 is a simplified block diagram illustration of the system and methodology of Fig. 1;
  • Fig. 4 is a simplified block diagram illustration of the operation of the system of Fig. 1;
  • Fig. 5 is a simplified block diagram illustration of another aspect of the use of the system of Fig. 1.
  • Fig. 1 is a simplified illustration of an enterprise level data element review system constructed and operative in accordance with a preferred embodiment of the invention.
  • the system of Fig. 1 is preferably suitable for operating in an enterprise computer network which includes, inter alia, multiple disparate servers and clients storing data elements such as files and folders.
  • the system of Fig. 1 preferably includes a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a selected plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script.
  • the system resides on a server 100 which is connected to a computer network 102 to which are connected a plurality of computer servers 104 and storage devices 106, and preferably continuously operates in the background to collect data access event notifications relating to the multiplicity of data elements stored on servers 104 and storage devices 106.
  • an administrator of the system wishes to utilize the system to collect metadata of folders that were modified during a particular period of time, such as between 8AM - 12PM on January 5, 2012.
  • the system provides the administrator with a script 120 which comprises a list of folders which have been accessed during the period of interest. Thereafter, the administrator instructs the system to collect metadata of the folders which appear in the script.
  • continuous collection of data access event notifications by the system is operative to enable efficient maintaining of a generally up-to-date collection of metadata of all data elements by periodically selectively collecting metadata only of data elements which are known to have been accessed during a particular period of time. It is appreciated that the time and computer resources needed to periodically selectively collect metadata only from data elements which are known to have been accessed during a particular period of time is substantially less than the time needed to collect metadata from all data elements.
  • a data element dancer 150 begins to dance through a plurality of data elements 152 at 8:27 AM. As clearly shown in the illustration of option A, as dancer 150 dances through data elements 152, he lands on only a subset of data elements 152 which correspond to data elements listed in script 120, and completes dancing over data elements 152 at 8:30 AM.
  • a data element crawler 160 begins to crawl through a plurality of data elements 162 at 8:27 AM., however, as crawler 160 crawls through data elements 162, he lands on every one of data elements 162, thereby completing to crawl over data elements 162 at 8:47 AM., significantly later than data element dancer 150.
  • the system also comprises a data access event collection failure monitoring subsystem operative to ascertain failure to collect data access events and to provide a corresponding failure notification to a data element crawler which is operative in response to receipt of the failure notification to crawl over the multiplicity of data elements stored on servers 104 and storage devices 106 and to thereby collect at least one of metadata and access permissions for the multiplicity of data elements.
  • a data access event collection failure monitoring subsystem operative to ascertain failure to collect data access events and to provide a corresponding failure notification to a data element crawler which is operative in response to receipt of the failure notification to crawl over the multiplicity of data elements stored on servers 104 and storage devices 106 and to thereby collect at least one of metadata and access permissions for the multiplicity of data elements.
  • FIG. 2 is an alternative simplified illustration of the enterprise level data element review system of Fig. 1.
  • Fig. 2 further illustrates the particular feature of the present invention, whereby initially ascertaining which particular elements of a group need to be treated and thereafter selectively treating only those particular elements is substantially more efficient than treating all the elements of the group.
  • a first pesticide applicator 200 begins to walk through the rows of a planted field 202 at 6:00 AM.
  • pesticide applicator 200 walks through field 202, he applies pesticide only to plants which have been identified as being infested, and completes walking through the entire filed at 6:30 AM.
  • a second pesticide applicator 210 begins to walk through the rows of a planted field 212 at 6:00 AM., however as second pesticide applicator 210 walks through field 212 he applies pesticide to every one of the plants of field 212 regardless of whether they are infested or not, thereby completing to walk through the field at 7:15 AM, significantly later than first pesticide applicator 200.
  • FIG. 3 is a simplified block diagram illustration of the system of Fig. 1, to Fig. 4, which is a simplified block diagram illustration of the operation of the system of Fig. 1, and to Fig. 5, which is a simplified block diagram illustration of another aspect of the use of the system of Fig. 1.
  • the enterprise level data element review system 300 comprises a data access event collection subsystem 302 operative to collect data access event notifications relating to ones of a multiplicity of data elements and to communicate with a data element metadata modification subassembly 304.
  • Data element metadata modification subassembly 304 preferably communicates with a data element dancer 306.
  • System 300 also includes a data access event collection failure monitoring subsystem 310 operative to ascertain failure of data access event collection subsystem 302 to collect data access events and to provide a corresponding failure notification to a data element crawler 312 which is operative in response to receipt of the failure notification to crawl over the multiplicity of data elements stored in the enterprise and to thereby collect at least one of metadata and access permissions for the multiplicity of data elements.
  • a data access event collection failure monitoring subsystem 310 operative to ascertain failure of data access event collection subsystem 302 to collect data access events and to provide a corresponding failure notification to a data element crawler 312 which is operative in response to receipt of the failure notification to crawl over the multiplicity of data elements stored in the enterprise and to thereby collect at least one of metadata and access permissions for the multiplicity of data elements.
  • data access event collection subsystem 302 continuously collects data access event notifications relating to ones of a multiplicity of data elements and sends an output to data element metadata modification subassembly 304.
  • Data element metadata modification subassembly 304 preferably provides a script indicating which data elements have had a metadata modification over a given period of time to data element dancer 306 which then collects at least one of metadata and access permissions only for the data elements included in the script.
  • data access event collection failure monitoring subsystem 310 ascertains failure to collect data access events and provides a failure notification. Responsive to the failure notification, data element crawler 312 preferably crawls over the multiplicity of data elements thereby to collect at least one of metadata and access permissions for the multiplicity of data elements.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Library & Information Science (AREA)
  • Multimedia (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
PCT/IL2012/000147 2012-04-04 2012-04-04 Enterprise level data element review systems and methodologies WO2013150507A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP12873556.0A EP2834733A4 (en) 2012-04-04 2012-04-04 SYSTEMS AND METHODS FOR DATA ELEMENT VERIFICATION AT COMPANY LEVEL
PCT/IL2012/000147 WO2013150507A2 (en) 2012-04-04 2012-04-04 Enterprise level data element review systems and methodologies
IN8750DEN2014 IN2014DN08750A (enrdf_load_stackoverflow) 2012-04-04 2012-04-04
CN201280073615.6A CN104662510B (zh) 2012-04-04 2012-04-04 企业级数据元素检查系统和方法
CN201711057610.5A CN107657065B (zh) 2012-04-04 2012-04-04 包括计算机可读介质的系统和企业级数据元素检查的方法

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IL2012/000147 WO2013150507A2 (en) 2012-04-04 2012-04-04 Enterprise level data element review systems and methodologies

Publications (2)

Publication Number Publication Date
WO2013150507A2 true WO2013150507A2 (en) 2013-10-10
WO2013150507A3 WO2013150507A3 (en) 2015-06-18

Family

ID=49301123

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2012/000147 WO2013150507A2 (en) 2012-04-04 2012-04-04 Enterprise level data element review systems and methodologies

Country Status (4)

Country Link
EP (1) EP2834733A4 (enrdf_load_stackoverflow)
CN (2) CN104662510B (enrdf_load_stackoverflow)
IN (1) IN2014DN08750A (enrdf_load_stackoverflow)
WO (1) WO2013150507A2 (enrdf_load_stackoverflow)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10320798B2 (en) 2013-02-20 2019-06-11 Varonis Systems, Inc. Systems and methodologies for controlling access to a file system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7555482B2 (en) 2005-06-07 2009-06-30 Varonis Systems, Inc. Automatic detection of abnormal data access activities
US7653836B1 (en) 2005-06-10 2010-01-26 American Megatrends, Inc Logging metadata modifications in a data storage system
US20110061111A1 (en) 2009-09-09 2011-03-10 Yakov Faitelson Access permissions entitlement review
US20110060916A1 (en) 2009-09-09 2011-03-10 Yakov Faitelson Data management utilizing access and content information
US20110296490A1 (en) 2010-05-27 2011-12-01 Yakov Faitelson Automatic removal of global user security groups

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6574630B1 (en) * 2000-01-28 2003-06-03 Ccbn.Com, Inc. Investor relations event notification system and method
WO2001063479A1 (en) * 2000-02-22 2001-08-30 Metacarta, Inc. Spatially coding and displaying information
US7444655B2 (en) * 2002-06-11 2008-10-28 Microsoft Corporation Anonymous aggregated data collection
US20040123183A1 (en) * 2002-12-23 2004-06-24 Ashutosh Tripathi Method and apparatus for recovering from a failure in a distributed event notification system
JP4794130B2 (ja) * 2004-01-20 2011-10-19 ルネサスエレクトロニクス株式会社 マスクパターンデータ自動補正方法及びそのプログラム
US7596571B2 (en) * 2004-06-30 2009-09-29 Technorati, Inc. Ecosystem method of aggregation and search and related techniques
US7506379B2 (en) * 2004-11-04 2009-03-17 International Business Machines Corporation Method and system for storage-based intrusion detection and recovery
CN101964732B (zh) * 2010-09-02 2012-08-15 海信集团有限公司 计算丢包率的方法及装置、控制网络传输的方法及装置
CN102436556B (zh) * 2012-01-09 2015-03-25 国电南瑞科技股份有限公司 轨道交通事故反演系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7555482B2 (en) 2005-06-07 2009-06-30 Varonis Systems, Inc. Automatic detection of abnormal data access activities
US7606801B2 (en) 2005-06-07 2009-10-20 Varonis Inc. Automatic management of storage access control
US7653836B1 (en) 2005-06-10 2010-01-26 American Megatrends, Inc Logging metadata modifications in a data storage system
US20110061111A1 (en) 2009-09-09 2011-03-10 Yakov Faitelson Access permissions entitlement review
US20110060916A1 (en) 2009-09-09 2011-03-10 Yakov Faitelson Data management utilizing access and content information
US20110296490A1 (en) 2010-05-27 2011-12-01 Yakov Faitelson Automatic removal of global user security groups

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2834733A4

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10320798B2 (en) 2013-02-20 2019-06-11 Varonis Systems, Inc. Systems and methodologies for controlling access to a file system

Also Published As

Publication number Publication date
CN107657065A (zh) 2018-02-02
EP2834733A4 (en) 2016-06-22
CN104662510A (zh) 2015-05-27
CN107657065B (zh) 2021-05-25
WO2013150507A3 (en) 2015-06-18
CN104662510B (zh) 2017-11-28
EP2834733A2 (en) 2015-02-11
IN2014DN08750A (enrdf_load_stackoverflow) 2015-05-22

Similar Documents

Publication Publication Date Title
US10181046B2 (en) Enterprise level data element review systems and methodologies
Yu et al. Winter and spring warming result in delayed spring phenology on the Tibetan Plateau
CN107895009A (zh) 一种基于分布式的互联网数据采集方法及系统
EP2962242B1 (fr) Procede de detection d'attaques de machines virtuelles
CN102592103B (zh) 文件安全处理方法、设备及系统
US11494503B2 (en) Hybrid approach to data governance
CN106294351A (zh) 日志事件处理方法和装置
CN103970788A (zh) 一种基于网页爬取的爬虫技术
EP2529296B1 (en) Data management utilizing access and content information
EP2619664A1 (en) Validating the resiliency of networked applications
Mekala et al. A survey: energy-efficient sensor and VM selection approaches in green computing for X-IoT applications
CN107508718A (zh) 日志采集系统、日志采集单元以及日志采集方法
US8644678B2 (en) Video recording management
CN104169895B (zh) 存储内容保护
CN102968591A (zh) 基于行为片段共享的恶意软件特征聚类分析方法及系统
CN106372080A (zh) 一种文件清除方法、装置和系统
CN109815198B (zh) 移动游戏大数据贴源层实现方法及装置
Buddhika et al. Living on the edge: Data transmission, storage, and analytics in continuous sensing environments
JP6286559B2 (ja) 対話式アプリケーションにおいて標識アイコンを追加するための方法およびデバイス
EP3494491A1 (en) Reducing memory usage for long standing computations
EP2834733A2 (en) Enterprise level data element review systems and methodologies
Rowley et al. Secondary forest buffers the effects of fragmentation on aerial insectivorous bat species following 30 years of passive forest restoration
US20180293089A1 (en) Method and device for adding indicative icon in interactive application
FR2899412A1 (fr) "procede et systeme pour mettre a jour des changements de topologie d'un reseau informatique"
CN102200943A (zh) 一种基于后台自动检测cpu使用率的方法和设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12873556

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2012873556

Country of ref document: EP