Abstract: A method includes monitoring user activities at an endpoint device on a network, determining if a user activity at the endpoint device presents a potential threat to network security, creating an alert of the threat, and providing the alert with a redacted version of a screenshot from the endpoint device. One or more open windows are obscured or removed in the redacted version of the screenshot of the endpoint device. Providing the redacted includes receiving data describing physical characteristics of the open window(s) from an operating system, receiving a screenshot of the screen of the endpoint device, and obscuring the one or more open windows by creating one or more visual covers. Each visual cover matches a size and shape of one of the open windows based on the data that describes the physical characteristics of the open window(s). Each visual cover is placed over the corresponding open window.

Abstract: A computer-based method includes monitoring user activities at an endpoint device on a computer network, determining if one of the user activities at the endpoint device presents a potential threat to network security, creating an alert of the potential threat, and providing, with the alert, a redacted version of a screenshot from the endpoint device. One or more open windows that appeared on the screen of the endpoint device are obscured or removed in the redacted version of the screenshot of the endpoint device.

Abstract: A computer-based method of reducing or limiting data transmissions from a computer to a remote network destination includes receiving an indication, at an agent on a computer, that a recent user activity has occurred at the computer. The indication typically includes data relevant to user context when the user activity occurred. The method further includes determining, with the agent, whether the data relevant to the user's context when the user activity occurred indicates that a change in user context relative to a user activity at the computer immediately prior to the recent user activity and conditioning a transmission of data relevant to the recent user activity from the computer to a remote network destination based on an outcome of the determination.

Abstract: A computer-based method of reducing or limiting data transmissions from a computer to a remote network destination includes receiving an indication, at an agent on a computer, that a recent user activity has occurred at the computer. The indication typically includes data relevant to user context when the user activity occurred. The method further includes determining, with the agent, whether the data relevant to the user's context when the user activity occurred indicates that a change in user context relative to a user activity at the computer immediately prior to the recent user activity and conditioning a transmission of data relevant to the recent user activity from the computer to a remote network destination based on an outcome of the determination.

Abstract: A computer-based method is disclosed to facilitate managing data exfiltration risk in a computer network environment. The method includes collecting computer file management information associated with each respective one of a plurality of computer files in an organization's computer network environment from a computer operating system, collecting user activity information associated with each respective one of a plurality of user sessions by users having access to the organization's computer network environment with a plurality of session monitoring agents, correlating at least some of the collected user activity information to one or more of the computer files associated with the collected file management information; and assessing data exfiltration risk with respect to one or more of the computer files based at least in part on some of the file management information and the correlated user activity information associated with a file history chain.

Abstract: A computer-based method of reducing or limiting data transmissions from a computer to a remote network destination includes receiving an indication, at an agent on a computer, that a recent user activity has occurred at the computer. The indication typically includes data relevant to user context when the user activity occurred. The method further includes determining, with the agent, whether the data relevant to the user's context when the user activity occurred indicates that a change in user context relative to a user activity at the computer immediately prior to the recent user activity and conditioning a transmission of data relevant to the recent user activity from the computer to a remote network destination based on an outcome of the determination.

Abstract: A computer-based method of reducing or limiting data transmissions from a computer to a remote network destination includes receiving an indication, at an agent on a computer, that a recent user activity has occurred at the computer. The indication typically includes data relevant to user context when the user activity occurred. The method further includes determining, with the agent, whether the data relevant to the user's context when the user activity occurred indicates that a change in user context relative to a user activity at the computer immediately prior to the recent user activity and conditioning a transmission of data relevant to the recent user activity from the computer to a remote network destination based on an outcome of the determination.

Abstract: A computer-based method is disclosed to facilitate managing data exfiltration risk in a computer network environment. The method includes collecting computer file management information associated with each respective one of a plurality of computer files in an organization's computer network environment from a computer operating system, collecting user activity information associated with each respective one of a plurality of user sessions by users having access to the organization's computer network environment with a plurality of session monitoring agents, correlating at least some of the collected user activity information to one or more of the computer files associated with the collected file management information; and assessing data exfiltration risk with respect to one or more of the computer files based at least in part on some of the file management information and the correlated user activity information associated with a file history chain.