WO2022101934A1 - A system to protect data exfilteration through detection and validation and method thereof - Google Patents

A system to protect data exfilteration through detection and validation and method thereof Download PDF

Info

Publication number
WO2022101934A1
WO2022101934A1 PCT/IN2021/051063 IN2021051063W WO2022101934A1 WO 2022101934 A1 WO2022101934 A1 WO 2022101934A1 IN 2021051063 W IN2021051063 W IN 2021051063W WO 2022101934 A1 WO2022101934 A1 WO 2022101934A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
user device
access
data
network server
Prior art date
Application number
PCT/IN2021/051063
Other languages
French (fr)
Inventor
Vishal Prakash Shah
Original Assignee
Synersoft Technologies Private Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Synersoft Technologies Private Limited filed Critical Synersoft Technologies Private Limited
Publication of WO2022101934A1 publication Critical patent/WO2022101934A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the present invention relates to an enhanced system to protect data exfilteration through detection and validation and method thereof.
  • the present invention is also related for solutions to protect data theft by hostile attempt to access data by network environment.
  • Computers and computer networks are increasingly interconnected over private and public networks, exposing them to increased risk of attack.
  • a specific type of attack called a data exfiltration is one that occurs when data is taken from within a computer network.
  • Data exfilteration is an unauthorized release of data from within a computer system or network.
  • Malicious and other illegitimate potential users of network computing resources may attempt to gain unauthorized access to such computing resources, using a variety of techniques. For example, such unauthorized users sometimes referred to as hackers may attempt to gain access to data or other resources which have been made available on the network in a manner intended to provide secure, confidential access to a limited set of authorized users.
  • computers or workstations may be linked through a computer network to allow the sharing of data, applications, files, processing power, communications and other resources, such as printers, modems and mass storage.
  • the server is a processing unit dedicated managing the centralized resources, managing data and sharing these resources with other PCs and workstations.
  • WO 2017/209970 Al discloses a system includes one or more protected nodes (102, 102a-102n) within a protected system, where each protected node is configured to be coupled to a storage device (402).
  • the system also includes a server (105) configured to perform a check-in process so that one or more files on the storage device are (i) accessible by the one or more protected nodes within the protected system and (ii) not accessible by nodes (702) outside of the protected system while the storage device is checked-in.
  • the server is also configured to perform a check-out process so that the one or more files on the storage device are (i) accessible by the nodes outside of the protected system and (ii) not accessible by the one or more protected nodes within the protected system while the storage device is checked-out.
  • the server could be configured to modify a file system of the storage device during the check-in process.
  • Another prior art document US 8,261,058 relates to a system, method and apparatus are disclosed for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer.
  • the pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication.
  • the main object of the present invention is to protect data exfilteration through detection and validation.
  • Another object of the present invention is to provide solutions to protect data theft by hostile attempt to access data by network environment.
  • the further object of the present invention is to provide hardware property to protect file data from hostile access or copy attempt on the data.
  • Another object of the present invention is to provide an ability to monitor hardware configurations, monitors real-time traffic and applies security over network. Yet, the further object of the present invention is system to protect data exfilteration through detection and validation in which a real-time monitoring and detection of threats the instant they occur on a device.
  • Another object of the present invention is to tests the ability of network defenders to successfully detect and respond to security incidents.
  • the further object of the present invention is to provide security to prevent sensitive data from being accessed by external or fake network.
  • Still another object of the present invention is to provide system to protect data exfilteration through detection and validation and method thereof in which the ability to act on threats via the protection device itself and stopping a threat in its tracks.
  • the present invention relates to a system to protect data exfilteration through detection and validation and method thereof.
  • the present invention also describes a process for protecting file data from hostile access or copy attempt on the data by network environment.
  • This system is a real-time monitoring and detection of unauthenticated network server on a user device.
  • the network server coupled to the network provides storing mechanism of resources and information.
  • a protection device facilitates administration and management to access the resources and information between the network server and the user device via the network.
  • the user device installed with an endpoint agent to remote the device that communicates back and forth with the network to which it is connected.
  • the protection device storing security credentials and it has to determine whether the user device is an authenticated user device that is allowed to access the network server.
  • FIG. 1 illustrates a system to protect data exfilteration through detection and validation.
  • FIG. 2 also illustrates the system to protect data exfilteration through detection and validation wherein the endpoint agent is absent.
  • FIG. 3 describes fake network situation of the system to protect data exfilteration.
  • FIG. 4A illustrates a communication session of the system mention in Fig.2.
  • FIG. 4B illustrates the communication session between the user device and the fake network situation of the system mention in Fig. 3.
  • the present disclosure is generally directed to system to protect data exfilteration through detection and validation and method thereof.
  • a computer readable medium e.g., a hard disk drive, flash drive or other memory
  • hardware circuitry e.g.
  • the term "user device” may include mobile phone, tablet, desktop and laptop.
  • System and method that stores sensitive data and then accesses it (e.g., a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a security device, a surveillance device or a combination thereof).
  • the 'network server' can include a central processing unit (“CPU”), at least one read-only memory (“ROM), at least one random access memory (RAM), at least one hard drive ( HD), at least one network card and one or more input/output (“I/O") device(s).
  • CPU central processing unit
  • ROM read-only memory
  • RAM random access memory
  • HD hard drive
  • I/O input/output
  • the 'protection device' means hardware that refers to the physical parts of the computer and related devices.
  • the protection device includes motherboards, drive (e.g., Blu-ray, CD-ROM, DVD, floppy drive, hard drive, and SSD), Fan (heat sink), modem, motherboard and monitors.
  • the 'network' is known for communication and interaction between user device on the network server.
  • the network must contain transmission media, routers, repeaters, gateways, network adapters and cables.
  • the network is placed in (Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N)) in which network server is storing and giving data to user device.
  • L.A.N. Local Area Network
  • W.A.N. Wide Area Network
  • V.P.N Virtual Private Network
  • the present disclosure comprises a network server (4) that act as central repository of data and various files that are shared by many users.
  • the present invention utilizes a protection device (3) to storage memory level and manages security credential of a user device (1). It also manages access to the resources and information between the network server (4) and the user device (1).
  • the present invention also discloses an endpoint agent (2).
  • the endpoint agent (2) is device that is physically an end point on a user device (1).
  • the present system gives the ability to monitor, detect, and resolve threats and vulnerabilities across the network (5) from wherever they originate.
  • FIG. 1 depicts a system for protecting data exfilteration through detection and validation and method thereof.
  • the system comprises the network server (4) coupled to the network (5) provides storing mechanism of resources and information.
  • an protection device (3) facilitates administration and management to access the resources and information between the network server (4) and the user device (1) via the network (5).
  • the protection device (3) includes means for storing security credentials and firewall to monitor and control incoming and outgoing the network traffic on predetermined security rules registered with the user device (1).
  • the user device (1) installed with an endpoint agent (2) that ensures compliance with security standards.
  • the user device (1) is installed with endpoint agent (2) is fed with IP address of the protection device (3).
  • the protection device (3) is fed with security credential of the user device (1).
  • the protection device (3) has means to match security credential with the end point agent (2) of the user device (1). Further, the end point agent (2) has means to determine whether the network (5) is an authenticated network that is allowed the user device (1) to access the network server (4). If the security credential is successfully validated, the endpoint agent (2) will allow the user device (1) to access or store data over the network server (4) through the network (5).
  • a method to protect data exfilteration through detection and validation comprises transmitting access request from the user device (1) installed with the endpoint agent (2) to the network server (4) routing through a protection device (3) via the network (5).
  • the matching means of the endpoint agent (2) matches security credential stored with the protection device (3) of the network (5) with the security credentials to the end point agent (2) of the user device (1).
  • the authenticity of the network (5) is determined and allows/reject the user device (1) to access the network server (4) by determining means of the endpoint agent (2).
  • the security credential of the endpoint agent (2) of the user device (1) is matches with the security credentials stored with the protection device (3).
  • the authenticity of the user device (1) allow/reject access to the network server (4) by determining means of the protection device (3).
  • FIG. 2 also illustrates the system to protect data exfilteration through detection and validation wherein the endpoint agent (2) is absent.
  • the protection device (4) has means to match the security credential to the end point agent (2) of the user device (1).
  • the user device (1) in the network server (4) is not having the endpoint agent (2), wherein the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). If the unauthenticated user device (1) in the network server (4) then the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4). Further, the protection device (3) will deny for any data access and blocks the data exfiltration to the user device (1).
  • Fig 4A illustrates a communication session of the system mention in Fig.2.
  • the method further include the user device (1) without the endpoint agent (2) transmits the access request to the network server (4) routing through the protection device (3) via the network (5).
  • the security credentials stored with the protection device (3) has means to match security credential with the end point agent (2) of the user device (1) but due to absent of the endpoint agent (2) in the user device (1) its fails to communicate with the network server (4).
  • the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). So, the protection device (3) has restricted the unauthenticated user device (1) to access the network server (4). Furthermore, the protection device (3) blocks the user device (1) and stops all possible communication to the user device (1) in absence of the endpoint agent (2).
  • Fig. 3 describes fake network situation of the system to protect data exfilteration.
  • the network server (4) without the protection device (3) detects the user device (1) with the endpoint agent (2) in the fake network (5f) wherein the end point agent (2) has means to match security credential of the fake network (5f) with the security credentials stored with the protection device (3) but due to absence of the protection device (3) its fails to communicate with the endpoint agent (2).
  • the end point agent (2) has means to determine whether the fake network (5f) is an authenticated network (5) that is allowed the user device (1) to access the network server (4).
  • the end point agent (2) has means to restrict the transfer of data through fake network (5f) to access the unauthenticated network server (4).
  • FIG. 4B illustrates the communication session between the user device and the fake network situation of the system mention in Fig. 3.
  • the method comprises the user device (1) with the endpoint agent (2) containing protected data is taken into the network server (4) without the protection device (3) than the endpoint agent (2) requesting for security credential of the protection device (3) in the fake network (5f) but the fake network (5f) fails to provide security credential to the endpoint agent (2) due to absence of the protection device (3) in the fake network (5f).
  • the endpoint agent (2) will not allow data transfer to the network server (4) as well as will not allow any data exfiltration from the user device (1) to the network server (4) through the fake network (5f).
  • a secure network procedure illustrates which is easily accomplished through use of the above mentioned processes is well- suited for situations in which the network (5) allow data exfilteration. It prevents data and information from leakage. It secures the sensitive data while user using the network server (4), prevent the data storage, files and documents from leakage on the network server (4) from attackers.

Abstract

The present invention relates to a system to protect data exfilteration through detection and validation and method thereof. The present invention serves also describes a process for protecting file data from hostile access or copy attempt on the data by network environment. This system is a real-time monitoring and detection of unauthenticated network server (4) on a user device (1). Further, the network server (4) coupled to the network (5) provides storing mechanism of resources and information. In the present invention a protection device (3) facilitates administration and management to access the resources and information between the network server (4) and the user device (1) via the network (5). In this system the user device (1) installed with endpoint agent (2) to remote the device that communicates back and forth with a network (5) to which it is connected that ensures compliance with security standards. Furthermore, the protection device (3) storing security credentials and it has to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4).

Description

A SYSTEM TO PROTECT DATA EXFILTERATION THROUGH DETECTION AND VALIDATION AND METHOD THEREOF
Field of the invention
The present invention relates to an enhanced system to protect data exfilteration through detection and validation and method thereof. The present invention is also related for solutions to protect data theft by hostile attempt to access data by network environment.
Background of the invention
Computers and computer networks are increasingly interconnected over private and public networks, exposing them to increased risk of attack. A specific type of attack called a data exfiltration is one that occurs when data is taken from within a computer network. Data exfilteration is an unauthorized release of data from within a computer system or network. Malicious and other illegitimate potential users of network computing resources may attempt to gain unauthorized access to such computing resources, using a variety of techniques. For example, such unauthorized users sometimes referred to as hackers may attempt to gain access to data or other resources which have been made available on the network in a manner intended to provide secure, confidential access to a limited set of authorized users.
Most of the current networks that connect users and network elements do not have the necessary security mechanisms to provide the adequate and desired protection to the network elements. Most of the protection measures currently available in large networks are offered by the individual network elements and therefore, are not effective and sufficient for the entire networking environment.
Technically, data breaches occur after unauthorized access is obtained and the attacker begins to steal data, this is commonly referred to as a "data exfilteratiion". Mostly, computers or workstations may be linked through a computer network to allow the sharing of data, applications, files, processing power, communications and other resources, such as printers, modems and mass storage. Generally, the sharing of resources is accomplished the use of a network server. The server is a processing unit dedicated managing the centralized resources, managing data and sharing these resources with other PCs and workstations. The server, network and PC's or workstations, combined together, constitute client/server computer network.
Various prior arts have been disclosed describing to protect data exfilteration from network. The prior art document WO 2017/209970 Al discloses a system includes one or more protected nodes (102, 102a-102n) within a protected system, where each protected node is configured to be coupled to a storage device (402). The system also includes a server (105) configured to perform a check-in process so that one or more files on the storage device are (i) accessible by the one or more protected nodes within the protected system and (ii) not accessible by nodes (702) outside of the protected system while the storage device is checked-in. The server is also configured to perform a check-out process so that the one or more files on the storage device are (i) accessible by the nodes outside of the protected system and (ii) not accessible by the one or more protected nodes within the protected system while the storage device is checked-out. The server could be configured to modify a file system of the storage device during the check-in process.
Another prior art document US 8,261,058 relates to a system, method and apparatus are disclosed for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer. The pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication.
Overall, once the access of network has been gained, there is no easy solution to get it back. Depending on each server access, some may be possible to crack but this is an opportunistic and not long-term solution against data exfilteration. While numerous organizations have private computing networks supporting some type of access controls or other cyber - security controls to limit network access but the organizations do not have an automated and repeatable method to test their networks and security controls for common methods of data exfiltration.
Organizations have to protect files from theft. These files are vulnerable to unauthorized hostile access attempts. In normal enterprise environment data is stored on servers. Users access data from the servers and work on the same. Users copy data to the server after the work is done for the purpose of centralization. Such operations are prone to certain tactics used by fraudster to access this data in unauthorized manner or direct the storage of data to their servers. For example a user device containing data acts as a client to the server in local area network, it can be defrauded by taking the user device in another network and providing a fake server with same IP and same user credentials. By doing so, the user device can copy the digital assets of the company to fake server. Accordingly, it becomes necessary to have a solution which can prevent such data exfiltration from user device. There needs to be a solution which can help to protect file data from hostile access or copy attempt on the data in minimum time to be able to continue business.
Hence, protect data exfilteration through detection and validation still leaves some scope for improvement of solutions to protect data theft by hostile attempt to access data by network environment.
Object of the invention
The main object of the present invention is to protect data exfilteration through detection and validation.
Another object of the present invention is to provide solutions to protect data theft by hostile attempt to access data by network environment.
The further object of the present invention is to provide hardware property to protect file data from hostile access or copy attempt on the data.
Another object of the present invention is to provide an ability to monitor hardware configurations, monitors real-time traffic and applies security over network. Yet, the further object of the present invention is system to protect data exfilteration through detection and validation in which a real-time monitoring and detection of threats the instant they occur on a device.
Another object of the present invention is to tests the ability of network defenders to successfully detect and respond to security incidents.
The further object of the present invention is to provide security to prevent sensitive data from being accessed by external or fake network.
Still another object of the present invention is to provide system to protect data exfilteration through detection and validation and method thereof in which the ability to act on threats via the protection device itself and stopping a threat in its tracks.
Summary of the Invention
The present invention relates to a system to protect data exfilteration through detection and validation and method thereof. The present invention also describes a process for protecting file data from hostile access or copy attempt on the data by network environment. This system is a real-time monitoring and detection of unauthenticated network server on a user device. Further, the network server coupled to the network provides storing mechanism of resources and information. In the present invention a protection device facilitates administration and management to access the resources and information between the network server and the user device via the network. In this system the user device installed with an endpoint agent to remote the device that communicates back and forth with the network to which it is connected. Furthermore, the protection device storing security credentials and it has to determine whether the user device is an authenticated user device that is allowed to access the network server.
Brief Description of the Drawings
Aforementioned aspect and the advantage of the present invention will be more fully understood after reading implementation below and after with reference to schema, in the drawings :
FIG. 1 illustrates a system to protect data exfilteration through detection and validation.
FIG. 2 also illustrates the system to protect data exfilteration through detection and validation wherein the endpoint agent is absent.
FIG. 3 describes fake network situation of the system to protect data exfilteration.
FIG. 4A illustrates a communication session of the system mention in Fig.2.
FIG. 4B illustrates the communication session between the user device and the fake network situation of the system mention in Fig. 3.
Detailed description of the Invention
Before explaining the present invention in detail, it is to be understood that the invention is not limited in its application. The nature of invention and the manner in which it is performed is clearly described in the specification. The invention has various components and they are clearly described in the following pages of the complete specification. It is to be understood that the phraseology and terminology employed herein is for the purpose of description and not of limitation.
The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of various embodiments of the present disclosure as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the various embodiments described herein can be made without departing from the scope and spirit of the present disclosure.
The present disclosure is generally directed to system to protect data exfilteration through detection and validation and method thereof. As will be explained in greater detail, embodiments discussed herein can be implemented in suitable computer-executable instructions that may reside on a computer readable medium (e.g., a hard disk drive, flash drive or other memory), hardware circuitry or the like, or any combination.
Before discussing specific embodiments, it is to be noted that the term "user device" may include mobile phone, tablet, desktop and laptop. System and method that stores sensitive data and then accesses it (e.g., a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a security device, a surveillance device or a combination thereof).
The 'network server' can include a central processing unit ("CPU"), at least one read-only memory ("ROM), at least one random access memory ( RAM), at least one hard drive ( HD), at least one network card and one or more input/output ("I/O") device(s).
Further the 'protection device' means hardware that refers to the physical parts of the computer and related devices. The protection device includes motherboards, drive (e.g., Blu-ray, CD-ROM, DVD, floppy drive, hard drive, and SSD), Fan (heat sink), modem, motherboard and monitors.
The 'network' is known for communication and interaction between user device on the network server. The network must contain transmission media, routers, repeaters, gateways, network adapters and cables. The network is placed in (Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N)) in which network server is storing and giving data to user device.
The present disclosure comprises a network server (4) that act as central repository of data and various files that are shared by many users. The present invention utilizes a protection device (3) to storage memory level and manages security credential of a user device (1). It also manages access to the resources and information between the network server (4) and the user device (1). Furthermore, the present invention also discloses an endpoint agent (2). The endpoint agent (2) is device that is physically an end point on a user device (1). The present system gives the ability to monitor, detect, and resolve threats and vulnerabilities across the network (5) from wherever they originate.
FIG. 1 depicts a system for protecting data exfilteration through detection and validation and method thereof. The system comprises the network server (4) coupled to the network (5) provides storing mechanism of resources and information. As shown in Fig.l an protection device (3) facilitates administration and management to access the resources and information between the network server (4) and the user device (1) via the network (5). The protection device (3) includes means for storing security credentials and firewall to monitor and control incoming and outgoing the network traffic on predetermined security rules registered with the user device (1).
As described in Fig.l the user device (1) installed with an endpoint agent (2) that ensures compliance with security standards. The user device (1) is installed with endpoint agent (2) is fed with IP address of the protection device (3). The protection device (3) is fed with security credential of the user device (1).
As per Fig. 1, the protection device (3) has means to match security credential with the end point agent (2) of the user device (1). Further, the end point agent (2) has means to determine whether the network (5) is an authenticated network that is allowed the user device (1) to access the network server (4). If the security credential is successfully validated, the endpoint agent (2) will allow the user device (1) to access or store data over the network server (4) through the network (5).
A method to protect data exfilteration through detection and validation comprises transmitting access request from the user device (1) installed with the endpoint agent (2) to the network server (4) routing through a protection device (3) via the network (5). The matching means of the endpoint agent (2) matches security credential stored with the protection device (3) of the network (5) with the security credentials to the end point agent (2) of the user device (1). The authenticity of the network (5) is determined and allows/reject the user device (1) to access the network server (4) by determining means of the endpoint agent (2). The security credential of the endpoint agent (2) of the user device (1) is matches with the security credentials stored with the protection device (3). The authenticity of the user device (1) allow/reject access to the network server (4) by determining means of the protection device (3).
FIG. 2 also illustrates the system to protect data exfilteration through detection and validation wherein the endpoint agent (2) is absent. In the present invention, the protection device (4) has means to match the security credential to the end point agent (2) of the user device (1). Specifically as per Fig.2 the user device (1) in the network server (4) is not having the endpoint agent (2), wherein the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). If the unauthenticated user device (1) in the network server (4) then the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4). Further, the protection device (3) will deny for any data access and blocks the data exfiltration to the user device (1).
Furthermore, Fig 4A illustrates a communication session of the system mention in Fig.2. In Fig 4A, the method further include the user device (1) without the endpoint agent (2) transmits the access request to the network server (4) routing through the protection device (3) via the network (5). The security credentials stored with the protection device (3) has means to match security credential with the end point agent (2) of the user device (1) but due to absent of the endpoint agent (2) in the user device (1) its fails to communicate with the network server (4).
Accordingly, the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). So, the protection device (3) has restricted the unauthenticated user device (1) to access the network server (4). Furthermore, the protection device (3) blocks the user device (1) and stops all possible communication to the user device (1) in absence of the endpoint agent (2).
Accordingly Fig. 3 describes fake network situation of the system to protect data exfilteration., the network server (4) without the protection device (3) detects the user device (1) with the endpoint agent (2) in the fake network (5f) wherein the end point agent (2) has means to match security credential of the fake network (5f) with the security credentials stored with the protection device (3) but due to absence of the protection device (3) its fails to communicate with the endpoint agent (2). Further, the end point agent (2) has means to determine whether the fake network (5f) is an authenticated network (5) that is allowed the user device (1) to access the network server (4). The end point agent (2) has means to restrict the transfer of data through fake network (5f) to access the unauthenticated network server (4). Additionally, the endpoint agent (2) will immediately stop data exfilteration or data access from the user device (1) via the fake network (5f). Additionally FIG. 4B illustrates the communication session between the user device and the fake network situation of the system mention in Fig. 3. The method comprises the user device (1) with the endpoint agent (2) containing protected data is taken into the network server (4) without the protection device (3) than the endpoint agent (2) requesting for security credential of the protection device (3) in the fake network (5f) but the fake network (5f) fails to provide security credential to the endpoint agent (2) due to absence of the protection device (3) in the fake network (5f). In such situation, the endpoint agent (2) will not allow data transfer to the network server (4) as well as will not allow any data exfiltration from the user device (1) to the network server (4) through the fake network (5f).
It is an advantage of the present invention that only validated data can be transfer on the network (5). A secure network procedure illustrates which is easily accomplished through use of the above mentioned processes is well- suited for situations in which the network (5) allow data exfilteration. It prevents data and information from leakage. It secures the sensitive data while user using the network server (4), prevent the data storage, files and documents from leakage on the network server (4) from attackers.
Consequently, present application provides solutions to prevent such data exfiltration from the user device (1). This device is very effective in protecting data theft by hostile attempt to access data by the network (5) environment in minimum time.
While various elements of the present invention have been described in detail, it is apparent that modification and adaptation of those elements will occur to those skilled in the art. It is expressly understood, however, that such modifications and adaptations are within the spirit and scope of the present invention as set forth in the following claims.

Claims

We Claim:
1. A system to protect data exfiltraion through detection and validation wherein the network server (4) and a user device (1) are coupled to a network (5) comprises: the network server (4) coupled to the network (5) provides storing mechanism of resources and information; a protection device (3) facilitates administration and management to access the resources and information between the network server (4) and the user device (1) via the network (5); wherein the protection device (3) includes means for storing security credentials and firewall to monitor and control incoming and outgoing the network traffic on predetermined security rules registered with the user device (1); wherein the user device (1) installed with an endpoint agent (2) that ensures compliance with security standards.
2. The system to protect data exfiltraion detection and validation as claimed in claim 1 wherein a security credentials stored with the protection device (3) has means to match security credential with the end point agent (2) of the user device (1).
3. The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4). The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the end point agent (2) has means to match security credential of the network (5) with the security credentials stored with the protection device (3). The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the end point agent (2) has means to determine whether the network (5) is an authenticated network (5) that is allowed the user device (1) to access the network server (4). The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the end point agent (2) has means to restrict the transfer of data through fake network (5f) to access the unauthenticated network server (4). A method to protect data exfiltraion through detection and validation wherein the network server (4) and a user device (1) are coupled to a network (5) comprises: transmitting access request from the user device (1) installed with endpoint agent (2) to the network server (4) routing through a protection device (3) via the network (5); matching security credential of the network (5) with the security credentials stored with a protection device (3) by matching means of the end point agent (2); determining authenticity of the network (5) that allows/rejects the user device (1) to access the network server (4) by determining means of the end point agent (2); matching security credential to the end point agent (2) of the user device (1) with the security credentials stored with the protection device (3); determining authenticity of the user device (1) and allows/rejects to access the network server (4) by determining means of the protection device (3). The method to protect data exfiltraion through detection and validation as claimed in claim 8 wherein the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4). The method to protect data exfiltraion through detection and validation as claimed in claim 8 wherein the end point agent (2) restricts the transfer of data through fake network (5f) to access the unauthenticated network server (4) by restriction means.
16
PCT/IN2021/051063 2020-11-13 2021-11-11 A system to protect data exfilteration through detection and validation and method thereof WO2022101934A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202021049678 2020-11-13
IN202021049678 2020-11-13

Publications (1)

Publication Number Publication Date
WO2022101934A1 true WO2022101934A1 (en) 2022-05-19

Family

ID=81602347

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2021/051063 WO2022101934A1 (en) 2020-11-13 2021-11-11 A system to protect data exfilteration through detection and validation and method thereof

Country Status (1)

Country Link
WO (1) WO2022101934A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009272737A (en) * 2008-05-01 2009-11-19 Panasonic Corp Secret authentication system
US8185933B1 (en) * 2006-02-02 2012-05-22 Juniper Networks, Inc. Local caching of endpoint security information

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8185933B1 (en) * 2006-02-02 2012-05-22 Juniper Networks, Inc. Local caching of endpoint security information
JP2009272737A (en) * 2008-05-01 2009-11-19 Panasonic Corp Secret authentication system

Similar Documents

Publication Publication Date Title
US9948652B2 (en) System for resource-centric threat modeling and identifying controls for securing technology resources
Hababeh et al. An integrated methodology for big data classification and security for improving cloud systems data mobility
US7793094B2 (en) HTTP cookie protection by a network security device
US9374339B2 (en) Authentication of remote host via closed ports
WO2022224262A1 (en) Cybersecurity system
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
KR101373542B1 (en) System for Privacy Protection which uses Logical Network Division Method based on Virtualization
US20210314355A1 (en) Mitigating phishing attempts
US9832201B1 (en) System for generation and reuse of resource-centric threat modeling templates and identifying controls for securing technology resources
Hasan et al. Towards a threat model and security analysis of video conferencing systems
Arogundade Network security concepts, dangers, and defense best practical
AL-Hawamleh Predictions of cybersecurity experts on future cyber-attacks and related cybersecurity measures
Patil Madhubala Survey on security concerns in Cloud computing
US7565690B2 (en) Intrusion detection
Milligan et al. Business risks and security assessment for mobile devices
Kumar et al. A survey on cloud computing security threats and vulnerabilities
Sharma et al. Smartphone security and forensic analysis
WO2022101934A1 (en) A system to protect data exfilteration through detection and validation and method thereof
Hutchings et al. Criminals in the cloud: Crime, security threats, and prevention measures
Kang et al. A study on the needs for enhancement of personal information protection in cloud computing security certification system
Rekha Determining Intrusion Attacks Against Online Applications Using Cloud-Based Data Security
Shadmanov et al. Summarization of various security aspects and attacks in distributed systems: A review
Sailakshmi Analysis of Cloud Security Controls in AWS, Azure, and Google Cloud
Pillutla et al. A Survey of Security Concerns, Mechanisms and Testing in Cloud Environment
Bhandari et al. A Preliminary Study On Emerging Cloud Computing Security Challenges

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21891386

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21891386

Country of ref document: EP

Kind code of ref document: A1