Claims:We Claim:

1. A system to protect data exfiltraion through detection and validation wherein the network server (4) and a user device (1) are coupled to a network (5) comprises:

the network server (4) coupled to the network (5) provides storing mechanism of resources and information;

a protection device (3) facilitates administration and management to access the resources and information between the network server (4) and the user device (1) via the network (5);

wherein the protection device (3) includes means for storing security credentials and firewall to monitor and control incoming and outgoing the network traffic on predetermined security rules registered with the user device (1);

wherein the user device (1) installed with an endpoint agent (2) that ensures compliance with security standards.

2. The system to protect data exfiltraion detection and validation as claimed in claim 1 wherein a security credentials stored with the protection device (3) has means to match security credential with the end point agent (2) of the user device (1).

3. The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4).

4. The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4).

5. The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the end point agent (2) has means to match security credential of the network (5) with the security credentials stored with the protection device (3).

6. The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the end point agent (2) has means to determine whether the network (5) is an authenticated network (5) that is allowed the user device (1) to access the network server (4).

7. The system to protect data exfiltraion through detection and validation as claimed in claim 1 wherein the end point agent (2) has means to restrict the transfer of data through fake network (5f) to access the unauthenticated network server (4).

8. A method to protect data exfiltraion through detection and validation wherein the network server (4) and a user device (1) are coupled to a network (5) comprises:

transmitting access request from the user device (1) installed with endpoint agent (2) to the network server (4) routing through a protection device (3) via the network (5);

matching security credential of the network (5) with the security credentials stored with a protection device (3) by matching means of the end point agent (2);

determining authenticity of the network (5) that allows/rejects the user device (1) to access the network server (4) by determining means of the end point agent (2);

matching security credential to the end point agent (2) of the user device (1) with the security credentials stored with the protection device (3);

determining authenticity of the user device (1) and allows/rejects to access the network server (4) by determining means of the protection device (3).

9. The method to protect data exfiltraion through detection and validation as claimed in claim 8 wherein the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4).

10. The method to protect data exfiltraion through detection and validation as claimed in claim 8 wherein the end point agent (2) restricts the transfer of data through fake network (5f) to access the unauthenticated network server (4) by restriction means.

Dated this 13th day of November 2020
, Description:FORM 2
THE PATENTS ACT 1970
(39 of 1970)
&
The Patents Rules, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)

1. TITLE OF THE INVENTION:
“A SYSTEM TO PROTECT DATA EXFILTERATION THROUGH DETECTION AND VALIDATION AND METHOD THEREOF”

2. APPLICANT:

(a) NAME :
(b) NATIONALITY :
(c) ADDRESS :

Synersoft Technologies Private Limited
Indian
5th Floor, Onyx 2,
Near Paldi Bus Terminus,
Beside Navchetan High School,
Paldi, Ahmedabad - 380007

3. PREAMBLE TO THE DESCRIPTION
PROVISIONAL

The following specification describes the invention. ? COMPLETE

The following specification particularly describes the invention and the manner in which it is to be performed.

Field of the invention
The present invention relates to an enhanced system to protect data exfilteration through detection and validation and method thereof. The present invention is also related for solutions to protect data theft by hostile attempt to access data by network environment.

Background of the invention
Computers and computer networks are increasingly interconnected over private and public networks, exposing them to increased risk of attack. A specific type of attack called a data exfiltration is one that occurs when data is taken from within a computer network. Data exfilteration is an unauthorized release of data from within a computer system or network. Malicious and other illegitimate potential users of network computing resources may attempt to gain unauthorized access to such computing resources, using a variety of techniques. For example, such unauthorized users sometimes referred to as hackers may attempt to gain access to data or other resources which have been made available on the network in a manner intended to provide secure, confidential access to a limited set of authorized users.
Most of the current networks that connect users and network elements do not have the necessary security mechanisms to provide the adequate and desired protection to the network elements. Most of the protection measures currently available in large networks are offered by the individual network elements and therefore, are not effective and sufficient for the entire networking environment.
Technically, data breaches occur after unauthorized access is obtained and the attacker begins to steal data, this is commonly referred to as a "data exfilteratiion". Mostly, computers or workstations may be linked through a computer network to allow the sharing of data, applications, files, processing power, communications and other resources, such as printers, modems and mass storage. Generally, the sharing of resources is accomplished the use of a network server. The server is a processing unit dedicated managing the centralized resources, managing data and sharing these resources with other PC's and workstations. The server, network and PC's or workstations, combined together, constitute client/server computer network.
Various prior arts have been disclosed describing to protect data exfilteration from network. The prior art document WO 2017/209970 Al discloses a system includes one or more protected nodes (102, 102a-102n) within a protected system, where each protected node is configured to be coupled to a storage device (402). The system also includes a server (105) configured to perform a check-in process so that one or more files on the storage device are (i) accessible by the one or more protected nodes within the protected system and (ii) not accessible by nodes (702) outside of the protected system while the storage device is checked-in. The server is also configured to perform a check-out process so that the one or more files on the storage device are (i) accessible by the nodes outside of the protected system and (ii) not accessible by the one or more protected nodes within the protected system while the storage device is checked-out. The server could be configured to modify a file system of the storage device during the check-in process.
Another prior art document US 8,261,058 relates to a system, method and apparatus are disclosed for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer. The pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication.
Overall, once the access of network has been gained, there is no easy solution to get it back. Depending on each server access, some may be possible to crack but this is an opportunistic and not long-term solution against data exfilteration. While numerous organizations have private computing networks supporting some type of access controls or other cyber - security controls to limit network access but the organizations do not have an automated and repeatable method to test their networks and security controls for common methods of data exfiltration.
Organizations have to protect files from theft. These files are vulnerable to unauthorized hostile access attempts. In normal enterprise environment data is stored on servers. Users access data from the servers and work on the same. Users copy data to the server after the work is done for the purpose of centralization. Such operations are prone to certain tactics used by fraudster to access this data in unauthorized manner or direct the storage of data to their servers. For example a user device containing data acts as a client to the server in local area network, it can be defrauded by taking the user device in another network and providing a fake server with same IP and same user credentials. By doing so, the user device can copy the digital assets of the company to fake server. Accordingly, it becomes necessary to have a solution which can prevent such data exfiltration from user device. There needs to be a solution which can help to protect file data from hostile access or copy attempt on the data in minimum time to be able to continue business.
Hence, protect data exfilteration through detection and validation still leaves some scope for improvement of solutions to protect data theft by hostile attempt to access data by network environment.

Object of the invention

The main object of the present invention is to protect data exfilteration through detection and validation.
Another object of the present invention is to provide solutions to protect data theft by hostile attempt to access data by network environment.
The further object of the present invention is to provide hardware property to protect file data from hostile access or copy attempt on the data.
Another object of the present invention is to provide an ability to monitor hardware configurations, monitors real-time traffic and applies security over network.
Yet, the further object of the present invention is system to protect data exfilteration through detection and validation in which a real-time monitoring and detection of threats the instant they occur on a device.
Another object of the present invention is to tests the ability of network defenders to successfully detect and respond to security incidents.
The further object of the present invention is to provide security to prevent sensitive data from being accessed by external or fake network.
Still another object of the present invention is to provide system to protect data exfilteration through detection and validation and method thereof in which the ability to act on threats via the protection device itself and stopping a threat in its tracks.

Summary of the Invention
The present invention relates to a system to protect data exfilteration through detection and validation and method thereof. The present invention also describes a process for protecting file data from hostile access or copy attempt on the data by network environment. This system is a real-time monitoring and detection of unauthenticated network server on a user device. Further, the network server coupled to the network provides storing mechanism of resources and information. In the present invention a protection device facilitates administration and management to access the resources and information between the network server and the user device via the network. In this system the user device installed with an endpoint agent to remote the device that communicates back and forth with the network to which it is connected. Furthermore, the protection device storing security credentials and it has to determine whether the user device is an authenticated user device that is allowed to access the network server.

Brief Description of the Drawings
Aforementioned aspect and the advantage of the present invention will be more fully understood after reading implementation below and after with reference to schema, in the drawings:
FIG. 1 illustrates a system to protect data exfilteration through detection and validation.
FIG. 2 also illustrates the system to protect data exfilteration through detection and validation wherein the endpoint agent is absent.
FIG. 3 describes fake network situation of the system to protect data exfilteration.
FIG. 4A illustrates a communication session of the system mention in Fig.2.
FIG. 4B illustrates the communication session between the user device and the fake network situation of the system mention in Fig. 3.

Detailed description of the Invention
Before explaining the present invention in detail, it is to be understood that the invention is not limited in its application. The nature of invention and the manner in which it is performed is clearly described in the specification. The invention has various components and they are clearly described in the following pages of the complete specification. It is to be understood that the phraseology and terminology employed herein is for the purpose of description and not of limitation.
The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of various embodiments of the present disclosure as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the various embodiments described herein can be made without departing from the scope and spirit of the present disclosure.
The present disclosure is generally directed to system to protect data exfilteration through detection and validation and method thereof. As will be explained in greater detail, embodiments discussed herein can be implemented in suitable computer-executable instructions that may reside on a computer readable medium (e.g., a hard disk drive, flash drive or other memory), hardware circuitry or the like, or any combination.
Before discussing specific embodiments, it is to be noted that the term “user device” may include mobile phone, tablet, desktop and laptop. System and method that stores sensitive data and then accesses it (e.g., a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a security device, a surveillance device or a combination thereof).
The ‘network server’ can include a central processing unit (“CPU”), at least one read-only memory (“ROM), at least one random access memory (“RAM), at least one hard drive (“HD), at least one network card and one or more input/output (“I/O”) device(s).
Further the ‘protection device’ means hardware that refers to the physical parts of the computer and related devices. The protection device includes motherboards, drive (e.g., Blu-ray, CD-ROM, DVD, floppy drive, hard drive, and SSD), Fan (heat sink), modem, motherboard and monitors.
The ‘network’ is known for communication and interaction between user device on the network server. The network must contain transmission media, routers, repeaters, gateways, network adapters and cables. The network is placed in (Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N)) in which network server is storing and giving data to user device.
The present disclosure comprises a network server (4) that act as central repository of data and various files that are shared by many users. The present invention utilizes a protection device (3) to storage memory level and manages security credential of a user device (1). It also manages access to the resources and information between the network server (4) and the user device (1). Furthermore, the present invention also discloses an endpoint agent (2). The endpoint agent (2) is device that is physically an end point on a user device (1). The present system gives the ability to monitor, detect, and resolve threats and vulnerabilities across the network (5) from wherever they originate.
FIG. 1 depicts a system for protecting data exfilteration through detection and validation and method thereof. The system comprises the network server (4) coupled to the network (5) provides storing mechanism of resources and information. As shown in Fig.1 an protection device (3) facilitates administration and management to access the resources and information between the network server (4) and the user device (1) via the network (5). The protection device (3) includes means for storing security credentials and firewall to monitor and control incoming and outgoing the network traffic on predetermined security rules registered with the user device (1).
As described in Fig.1 the user device (1) installed with an endpoint agent (2) that ensures compliance with security standards. The user device (1) is installed with endpoint agent (2) is fed with IP address of the protection device (3). The protection device (3) is fed with security credential of the user device (1).
As per Fig. 1, the protection device (3) has means to match security credential with the end point agent (2) of the user device (1). Further, the end point agent (2) has means to determine whether the network (5) is an authenticated network that is allowed the user device (1) to access the network server (4). If the security credential is successfully validated, the endpoint agent (2) will allow the user device (1) to access or store data over the network server (4) through the network (5).
A method to protect data exfilteration through detection and validation comprises transmitting access request from the user device (1) installed with the endpoint agent (2) to the network server (4) routing through a protection device (3) via the network (5). The matching means of the endpoint agent (2) matches security credential stored with the protection device (3) of the network (5) with the security credentials to the end point agent (2) of the user device (1). The authenticity of the network (5) is determined and allows/reject the user device (1) to access the network server (4) by determining means of the endpoint agent (2). The security credential of the endpoint agent (2) of the user device (1) is matches with the security credentials stored with the protection device (3). The authenticity of the user device (1) allow/reject access to the network server (4) by determining means of the protection device (3).
FIG. 2 also illustrates the system to protect data exfilteration through detection and validation wherein the endpoint agent (2) is absent. In the present invention, the protection device (4) has means to match the security credential to the end point agent (2) of the user device (1). Specifically as per Fig.2 the user device (1) in the network server (4) is not having the endpoint agent (2), wherein the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). If the unauthenticated user device (1) in the network server (4) then the protection device (3) has means to restrict the unauthenticated user device (1) to access the network server (4). Further, the protection device (3) will deny for any data access and blocks the data exfiltration to the user device (1).
Furthermore, Fig 4A illustrates a communication session of the system mention in Fig.2. In Fig 4A, the method further include the user device (1) without the endpoint agent (2) transmits the access request to the network server (4) routing through the protection device (3) via the network (5). The security credentials stored with the protection device (3) has means to match security credential with the end point agent (2) of the user device (1) but due to absent of the endpoint agent (2) in the user device (1) its fails to communicate with the network server (4).
Accordingly, the protection device (3) has means to determine whether the user device (1) is an authenticated user device (1) that is allowed to access the network server (4). So, the protection device (3) has restricted the unauthenticated user device (1) to access the network server (4). Furthermore, the protection device (3) blocks the user device (1) and stops all possible communication to the user device (1) in absence of the endpoint agent (2).
Accordingly Fig. 3 describes fake network situation of the system to protect data exfilteration., the network server (4) without the protection device (3) detects the user device (1) with the endpoint agent (2) in the fake network (5f) wherein the end point agent (2) has means to match security credential of the fake network (5f) with the security credentials stored with the protection device (3) but due to absence of the protection device (3) its fails to communicate with the endpoint agent (2). Further, the end point agent (2) has means to determine whether the fake network (5f) is an authenticated network (5) that is allowed the user device (1) to access the network server (4). The end point agent (2) has means to restrict the transfer of data through fake network (5f) to access the unauthenticated network server (4). Additionally, the endpoint agent (2) will immediately stop data exfilteration or data access from the user device (1) via the fake network (5f).
Additionally FIG. 4B illustrates the communication session between the user device and the fake network situation of the system mention in Fig. 3. The method comprises the user device (1) with the endpoint agent (2) containing protected data is taken into the network server (4) without the protection device (3) than the endpoint agent (2) requesting for security credential of the protection device (3) in the fake network (5f) but the fake network (5f) fails to provide security credential to the endpoint agent (2) due to absence of the protection device (3) in the fake network (5f). In such situation, the endpoint agent (2) will not allow data transfer to the network server (4) as well as will not allow any data exfiltration from the user device (1) to the network server (4) through the fake network (5f).
It is an advantage of the present invention that only validated data can be transfer on the network (5). A secure network procedure illustrates which is easily accomplished through use of the above mentioned processes is well-suited for situations in which the network (5) allow data exfilteration. It prevents data and information from leakage. It secures the sensitive data while user using the network server (4), prevent the data storage, files and documents from leakage on the network server (4) from attackers.
Consequently, present application provides solutions to prevent such data exfiltration from the user device (1). This device is very effective in protecting data theft by hostile attempt to access data by the network (5) environment in minimum time.
While various elements of the present invention have been described in detail, it is apparent that modification and adaptation of those elements will occur to those skilled in the art. It is expressly understood, however, that such modifications and adaptations are within the spirit and scope of the present invention as set forth in the following claims.