The present invention relates generally to network security, and in particular to techniques for monitoring and managing activity at individual devices in networked environments.
At a time when many in our society are increasing enjoying greater wealth and status, in large part the benefit of the investment in new technology, such as computer networks and internetworking technologies, a darker side to these technologies has also become increasingly apparent. Sadly, one need not go too far to hear reports that the illicit use of network technology is on the rise. For example, in a number of high-profile cases, the FBI has uncovered child pornography distribution rings that used the Internet to distribute illegal materials. In another example, news and alerts about outbreaks of new computer viruses have become commonplace events. News stories about “hackers,” the malevolent individuals who work havoc on a company or a governmental agency through unauthorized access to, and tampering with, that entity's information via its network assets. Other types of computer crime include sophisticated information technology fraud, identity theft, insider trading, intellectual property theft/corporate espionage and misappropriations of company assets. Thus, the technology consumer, provider and developer have become accustomed to the omnipresent threat of computer crime. These individuals, along with law enforcement agencies and governmental bodies, have long searched for ways to address these problems.
One type of security device that has experienced increased use in recent years is the use of firewalls to protect the network assets of a business enterprise, for example, from potential attack from outside the organization. In conventional network security technology, techniques such as firewalls, encryption and the like provide protection against hackers.
While certain advantages to present approaches are perceived, opportunities for further improvement exist. For example, since hackers typically attack the network from outside of the business enterprise, conventional approaches to network security do little if anything to prevent security threats from within an enterprise. Further, conventional approaches rely upon a centralized authority to monitor the network in order to detect attempts to breach security. Still further, conventional approaches do not address waste of corporate assets by individuals within the enterprise.
What is needed are improved techniques for monitoring and managing activity at individual devices in a networked environment.