METHOD AND SYSTEM FOR EXTRUSION AND INTRUSION DETECTION IN A CLOUD COMPUTING ENVIRONMENT USING NETWORK COMMUNICATIONS DEVICES

摘要

An analysis trigger monitoring system is provided in a network communications device associated with a cloud computing environment. One or more analysis trigger parameters are defined and analysis trigger data representing the analysis trigger parameters is generated. The analysis trigger data is then provided to the analysis trigger monitoring system and the analysis trigger monitoring system is used to monitor at least a portion of the message traffic sent to, or sent from, virtual assets in the cloud computing environment and relayed by the network communications device through a network communication channel to detect any message including one or more of the one or more analysis trigger parameters. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis using a second communication channel that is separate from the network communication channel.

主权项

1. A system for extrusion detection in a cloud computing environment using network communications devices comprising:
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for extrusion detection in a cloud computing environment using network communications devices, the process for extrusion detection in a cloud computing environment using network communications devices including: providing a cloud computing environment, the cloud computing environment including one or more virtual assets; providing a network communications device, the network communications device receiving message traffic sent from any of the one or more virtual assets through a network communications channel; providing an analysis trigger monitoring system implemented in the network communications device; defining one or more analysis trigger parameters; generating analysis trigger data representing the analysis trigger parameters; providing the analysis trigger data to the analysis trigger monitoring system; using the analysis trigger monitoring system and the analysis trigger data to monitor at least a portion of the message traffic sent from any of the one or more virtual assets to detect any message including one or more of the one or more analysis trigger parameters; classifying any detected message including one or more of the one or more analysis trigger parameters as a suspect message; for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message; and transferring the suspect message copy data to one or more analysis systems for further analysis.