US 12,292,970 B2
System and method for automated sensitive information discovery, monitoring and remediation
David Croteau, St-Romauld (CA); Nicolas Berthiaume, Lac-Beauport (CA); Jordan Bourgault, Quebec (CA); and Michael Fortin, St-Aubert (CA)
Assigned to Groupe Elucidia Inc., Quebec (CA)
Appl. No. 17/907,212
Filed by GROUPE ELUCIDIA INC., Quebec (CA)
PCT Filed Mar. 26, 2021, PCT No. PCT/CA2021/050400
§ 371(c)(1), (2) Date Sep. 23, 2022,
PCT Pub. No. WO2021/189152, PCT Pub. Date Sep. 30, 2021.
Claims priority of provisional application 63/000,238, filed on Mar. 26, 2020.
Prior Publication US 2023/0153427 A1, May 18, 2023
Int. Cl. G06F 21/55 (2013.01); G06F 21/62 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/554 (2013.01) [G06F 21/6245 (2013.01); H04L 63/00 (2013.01); H04L 63/10 (2013.01); H04L 63/14 (2013.01)] 20 Claims
OG exemplary drawing
 
12. A computer implemented method for automated sensitive information discovery, monitoring and remediation, the method comprising the steps of:
monitoring activity of a corresponding data source;
detecting an occurrence of events indicative of access to data using the data source or stored on the data source;
identifying events indicative of a potentially threatening access to sensitive information by a user;
identifying the events classified as potentially threatening events regarding sensitive information stored on the data source or accessed using the data source;
performing data extraction of one of data and a file associated to each one of the events classified as potentially threatening events and generating extracted data therefrom;
performing data analysis of the extracted data associated to each one of events classified as potentially threatening events and determining a sensitivity score indicative of a level of sensitivity thereof;
communicating the events classified as potentially threatening events and the sensitivity score of the one of the data and the file associated to each one of the events classified as potentially threatening events to a central platform storing information over time and
generating therefrom additional contextual and historical data relative to one of a specific user or group of users associated to the data source, the data source, a specific file type stored on the data source and a specific data type stored on the data source;
quantifying a sensitivity level of overall data held on or accessed by the specific user or group of users using the data source;
analyzing the sensitivity score associated to each one of the events classified as potentially threatening events in combination with the additional contextual and historical data relative to the one of the specific user or group of users associated to the data source, the data source, the specific file type stored on the data source and the specific data type stored on the data source, to identify a potential security risk relative to the data source or to the specific user or group of users associated to the data source when an overall potential security risk is greater than a predetermined threshold for the data source or the specific user or group of users associated to the data source, the predetermined threshold being adapted to the specific user or group of users associated to the data source and being representative of a quantity of sensitive information the specific user or group of users associated to the data source is allowed to access; and
triggering remediation actions relative to the one of the specific user or group of users associated to the data source, the data source, the specific file type stored on the data source and the specific data type stored on the data source, upon detection of the potential security risk.