In a large enterprise environment it is not uncommon for an enterprise (referred to herein as a first entity) to grant vendors, third-party entities or the like (referred to herein as second entities) access to secure information (i.e., access to information that is behind the enterprise's firewall. An example of such accessing of secured information by vendors/third-party entities is business-to-business (B2B) communication, which involves the transaction of goods or services between business entities through. In such instances the vendor/third-party entity has the ability, through a dedicated connection, to constantly access the secured information and, as such, has the ability to access a multitude of different devices and applications that exist behind the enterprise's firewall.
However, in instances in which an enterprise grants access to secured information to vendors/third-parties it is often difficult, if not impossible, to determine information associated with the accesses; such as, who accessed the secured information, the time at which the secured information was accessed and the specific devices and/or applications that were accessed by the vendor/third-parties. Manual attempts at trying to catalog information associated with accesses is not only inefficient but is also prone to be highly inaccurate. In the event that the information associated with the accesses is required for audit purposes, manual processing is too time consuming and the results of the audit are suspect.
In addition to authorized access of secured information, enterprises are highly susceptible to unauthorized entities, such as hackers or the like, attempting to access secured information. In the event that the attack is successful, the enterprise has an immediate need to know the extent of the attack, i.e., who accessed the secure information, the time of the access, the devices/applications affected by the attack and the like. Once again, manual investigations do not provide the required immediacy nor accuracy required in the event of an unauthorized attack on secured information. Moreover, such manual investigations tend to focus on information stored in memory (i.e., tables and the like), which is indicative of previous attacks/threats but does not account for ongoing attacks/threats in which the unauthorized entities are currently accessing secured information.
Therefore, a need exists to develop systems, apparatus, computer program products, methods and the like that a fully automated means for capturing information related to secured communication and the accessing of secured information. The desired systems, apparatus and the like should be able to determine what entity is accessing the secured information and the devices and applications that are being accessed. Moreover, the desired systems, apparatus and the like should not only automatically catalog historical secure information accesses but, in addition, have the capability to capture, in real-time, ongoing secured information accesses. As such, the desired systems, apparatus and the like should provide an efficient and accurate means for auditing the accesses conducting by authorized entities, i.e., vendors and the like, as well as an automated means for real-time investigation of attacks/threats that may be currently ongoing within the secured network environment.