| CPC H04L 63/1433 (2013.01) [H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method comprising:
based on analyzing first endpoint data obtained from a plurality of endpoint devices associated with an organization,
determining that a first endpoint device of the plurality of endpoint devices has established a first network connection to a first external network that is not associated with the organization based, at least in part, on determining that a first public Internet Protocol (IP) address corresponding to the first external network is not associated with the organization; and
determining that a second endpoint device of the plurality of endpoint devices has established a second network connection to a second external network that is not associated with the organization, wherein the second external network is different from the first external network;
correlating a first subset of the first endpoint data corresponding to the first endpoint device with first data obtained from probing the first public IP address associated with the first external network;
correlating a second subset of the first endpoint data corresponding to the second endpoint device with second data obtained from probing a second public IP address associated with the second external network;
determining, based on at least one of the first data and the second data, that at least one of the first external network and the second external network is associated with a security risk; and
indicating that at least one of the first network connection established by the first endpoint device and the second network connection established by the second endpoint device is a security issue for the organization.
|