US 12,244,621 B1
Using activity monitored by multiple data sources to identify shadow systems
Vikram Kapoor, Cupertino, CA (US); Harish Kumar Bharat Singh, Pleasanton, CA (US); Weifei Zeng, Sunnyvale, CA (US); Vimalkumar Jeyakumar, Los Altos, CA (US); Theron Tock, Mountain View, CA (US); Ying Xie, Cupertino, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by LACEWORK, INC., San Jose, CA (US)
Filed on Jul. 6, 2022, as Appl. No. 17/858,866.
Application 17/858,866 is a continuation of application No. 17/836,813, filed on Jun. 9, 2022, abandoned.
Application 17/836,813 is a continuation in part of application No. 17/196,887, filed on Mar. 9, 2021, granted, now 11,689,553.
Application 17/196,887 is a continuation of application No. 16/459,207, filed on Jul. 1, 2019, granted, now 10,986,114, issued on Apr. 20, 2021.
Application 16/459,207 is a continuation of application No. 16/134,821, filed on Sep. 18, 2018, granted, now 10,419,469, issued on Sep. 17, 2019.
Claims priority of provisional application 63/240,818, filed on Sep. 3, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 29/06 (2006.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 9/40 (2022.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method of using activity monitored by multiple data sources to identify shadow systems, the method comprising:
gathering, from one or more resources or providers of the one or more resources, first information describing access to the one or more resources by one or more user devices of a user;
gathering, from one or more client applications of at least a subset of the one or more user devices, second information describing access to the one or more resources; and
identifying one or more shadow systems based on a discrepancy between the first information and the second information, wherein the one or more shadow systems comprise one or more of the at least a subset of the one or more user devices engaging in shadow information technology (IT) activity, wherein identifying the one or more shadow systems comprises identifying one or more accesses described in the first information but not described in the second information and identifying, as one or more shadow systems, one or more user devices corresponding to the one or more accesses.