Risk Based Log Policy Manager for Cloud Service Usage Monitoring and Control
Publication Date: 2015-Oct-16
The IP.com Prior Art Database
A system or a method to alter the logging level of all actions and events triggered by a user based on the "risk profile" of the user. This enables optimization and maintenance of server and application log files without compromising on the need to retain all the relevant information related to a probable threat and/or for tracing and forensic investigation.
Page 01 of 4
Risk Based Log Policy Manager for Cloud Service Usage Monitoring and Control Analyzing logs, network packets, and system events related to specific user activities on cloud for security risk evaluation, data loss prevention, forensics and intrusion detection is a significant problem.
The key steps involved are the following
• Getting to know the cloud applications accessed by the user
• Logging and understanding the activities performed by the user on these applications
• Measuring the risk related to the activities performed by the user on each application and
• Finally having some actionable insight to prevent any security incidence.
Getting complete visibility into user activity on cloud and preventing data loss involves collecting, storing and retaining a large amount of data/logs. Information logged for every event generated by user actions results into large log files for every application accessed. This often is not always possible and an economically feasible solution. This invention enables only relevant information logged based on risk profile of the user.
By using this invention, a company can optimize the maintenance of server and application log files without compromising on the need to store all relevant information related to systems accessed by probable threat and/or for tracing and forensic investigation. In order to achieve this, the invention takes advantage of the "risk profile" of a user and determines the detail in which each action taken by that user is required to be logged for any SaaS application used.
In this implementation, the example of a Cloud Access Security Broker (CASB) is taken.
A CASB solution may have ability to generate risk based profile for every user accessing the Cloud applications (IaaS, PaaS or SaaS). The risk based access is then implemented based on the user role and profile.
For instance whenever a user tries to access a SaaS application, the system determines the "risk profile" of the user and logs each event with details that is determined based on his/her "risk profile". Thus, if based on the past history, the user profile is determined to be a high risk, more details are logged for every transaction exe...