Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.

Abstract: A method, system, and computer program product for recommending an initial database security model. The method may include identifying a plurality of nodes connected to a security network. The method may also include analyzing security characteristics of each node of the plurality of nodes. The method may also include identifying, from the security characteristics, key factors for each node. The method may also include calculating similarities between each node of the plurality of nodes. The method may also include building a self-organized centerless network across the plurality of nodes by grouping nodes with high similarities based on the similarities between each node, where the self-organized centerless network is a centerless network without a central management server, and includes groups of nodes from the plurality of nodes. The method may also include generating federated security models for the groups of nodes.

Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.

Abstract: Data traffic is monitored on a network with data access elements thereof collected and compared to security rules. An audit data collection is sent to a repository responsive to data access elements matching a condition of the security rules, where security rules having the condition designate the audit data collection and repository. A tag to data traffic is applied responsive to the matching condition. Comparing of collected data access elements to the corresponding security rules having the matching condition is discontinued responsive to applying the tag. The tag indicates a repository and the data traffic includes a connection and session. An audit data collection is sent to the repository indicated by the tag for a data access responsive to the tag in the tagged data traffic. The method continues sending audit data for future data accesses in the tagged data traffic without comparing to the corresponding security rules again.

Abstract: Data traffic is monitored on a network with data access elements thereof collected and compared to security rules. An audit data collection is sent to a repository responsive to data access elements matching a condition of the security rules, where security rules having the condition designate the audit data collection and repository. A tag to data traffic is applied responsive to the matching condition. Comparing of collected data access elements to the corresponding security rules having the matching condition is discontinued responsive to applying the tag. The tag indicates a repository and the data traffic includes a connection and session. An audit data collection is sent to the repository indicated by the tag for a data access responsive to the tag in the tagged data traffic. The method continues sending audit data for future data accesses in the tagged data traffic without comparing to the corresponding security rules again.

Abstract: Data traffic is monitored on a network with data access elements thereof collected and compared to security rules. An audit data collection is sent to a repository responsive to data access elements matching a condition of the security rules, where security rules having the condition designate the audit data collection and repository. A tag to data traffic is applied responsive to the matching condition. Comparing of collected data access elements to the corresponding security rules having the matching condition is discontinued responsive to applying the tag. The tag indicates a repository and the data traffic includes a connection and session. An audit data collection is sent to the repository indicated by the tag for a data access responsive to the tag in the tagged data traffic. The method continues sending audit data for future data accesses in the tagged data traffic without comparing to the corresponding security rules again.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules. A first audit data collection is sent to a first repository in response to one or more data access elements of a first data access matching a first condition of one of the security rules. The one of the security rules having the first condition designates the first audit data collection and the first repository. A second audit data collection is sent to a second repository in response to one or more data access elements of a second data access matching a second condition of one of the security rules. The one of the security rules having the second condition designates the second audit data collection and the second repository.

Abstract: Data traffic is monitored on a network with data access elements thereof collected and compared to security rules. An audit data collection is sent to a repository responsive to data access elements matching a condition of the security rules, where security rules having the condition designate the audit data collection and repository. A tag to data traffic is applied responsive to the matching condition. Comparing of collected data access elements to the corresponding security rules having the matching condition is discontinued responsive to applying the tag. The tag indicates a repository and the data traffic includes a connection and session. An audit data collection is sent to the repository indicated by the tag for a data access responsive to the tag in the tagged data traffic. The method continues sending audit data for future data accesses in the tagged data traffic without comparing to the corresponding security rules again.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules. A first audit data collection is sent to a first repository in response to one or more data access elements of a first data access matching a first condition of one of the security rules. The one of the security rules having the first condition designates the first audit data collection and the first repository. A second audit data collection is sent to a second repository in response to one or more data access elements of a second data access matching a second condition of one of the security rules. The one of the security rules having the second condition designates the second audit data collection and the second repository.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules providing sets of predefined data access elements for identifying predefined data accesses. First audit data collections for data accesses are sent to a first repository. For a data access that matches one of the rules, a second audit data collection defined by the matching rule is sent to at least a second repository designated by the matching rule.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules providing sets of predefined data access elements for identifying predefined data accesses. First audit data collections for data accesses are sent to a first repository. For a data access that matches one of the rules, a second audit data collection defined by the matching rule is sent to at least a second repository designated by the matching rule.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules providing sets of predefined data access elements for identifying predefined data accesses. First audit data collections for data accesses are sent to a first repository. For a data access that matches one of the rules, a second audit data collection defined by the matching rule is sent to at least a second repository designated by the matching rule.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules providing sets of predefined data access elements for identifying predefined data accesses. First audit data collections for data accesses are sent to a first repository. For a data access that matches one of the rules, a second audit data collection defined by the matching rule is sent to at least a second repository designated by the matching rule.