公开(公告)号：WO2017058314A1

公开(公告)日：2017-04-06

申请号：PCT/US2016/038509

申请日：2016-06-21

Applicant: SYMANTEC CORPORATION

Inventor： SARIN, Sumit Manmohan ,  JAISWAL, Sumesh ,  CHATURVEDI, Bishnu

IPC: G06F21/55 ,  H04L29/06 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/55 ,  G06F21/60 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20

Abstract: The present disclosure relates to using reputation information (e.g., of applications, libraries, network destinations, etc.) in a data loss prevention system. According to one embodiment, a computer system (e.g., an endpoint or server system) identifies a first application requesting to access a file accessible through the computer system. The DLP system present on the computer system determines a reputation associated with the first application. The DLP system may determine reputation from information stored locally on the computer system or from a reputation service in the cloud. If the reputation information indicates that the first application is trusted, the computer system allows the first application to access the file, subject to a data loss prevention (DLP) policy. If, however, the reputation information indicates that the first application is untrusted, the computer system blocks access to the file.

Abstract translation: 本公开涉及在数据丢失预防系统中使用信誉信息（例如，应用程序，库，网络目的地等）。 根据一个实施例，计算机系统（例如，端点或服务器系统）识别请求访问通过计算机系统可访问的文件的第一应用。 存在于计算机系统上的DLP系统确定与第一应用相关联的信誉。 DLP系统可以通过计算机系统上本地存储的信息或者从云中的信誉服务来确定信誉。 如果信誉信息指示第一应用程序是可信任的，则计算机系统允许第一应用程序访问文件，并遵守数据丢失防护（DLP）策略。 但是，如果信誉信息表明第一个应用程序不受信任，则计算机系统阻止对该文件的访问。

公开(公告)号：WO2019135919A1

公开(公告)日：2019-07-11

申请号：PCT/US2018/066614

申请日：2018-12-19

Applicant: SYMANTEC CORPORATION

Inventor： SARIN, Sumit ,  DODKE, Dhananjay ,  CHATURVEDI, Bishnu ,  APTE, Kedar

IPC: G06F21/44 ,  G06F21/74 ,  G06F21/85

CPC classification number: H04L63/20 ,  G06F21/44 ,  G06F21/6218 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/2101 ,  G06F2221/2113 ,  H04L63/1408 ,  H04L63/1441

Abstract: The disclosed computer-implemented method for enforcing data loss prevention policies on endpoint devices may include (i) detecting that an endpoint device has terminated a connection with a protected network that is protected by a network-level data loss prevention system and has connected to an external network that is not protected, (ii) switching, in response to detecting that the endpoint device has connected to the external network, from an in-network data loss prevention policy to an out-of-network data loss prevention policy, (iii) detecting an inbound data transfer to the endpoint device, (iv) determining that the inbound data transfer comprises a transfer from a protected source that is protected by the out-of-network data loss prevention policy, and (v) performing a security action in response to determining that the inbound data transfer to the endpoint device comprises the transfer from the protected source. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：WO2017058842A1

公开(公告)日：2017-04-06

申请号：PCT/US2016/054064

申请日：2016-09-28

Applicant: SYMANTEC CORPORATION

Inventor： SARIN, Sumit Manmohan ,  JAISWAL, Sumesh ,  CHATURVEDI, Bishnu ,  SCOMPARIN, Arnaud

IPC: G06F21/62 ,  H04L12/58 ,  H04L29/06 ,  H04W12/02

CPC classification number: H04L63/20 ,  G06F21/6218 ,  H04L51/12 ,  H04L63/0227 ,  H04L63/105 ,  H04L63/14 ,  H04W12/02

Abstract: Techniques are disclosed for performing data loss prevention (DLP) by monitoring file system activity of an application having a network connection. A DLP agent tracks file system activity (e.g., file open and read operations) being initiated by the application. The DLP agent intercepts the file system activity and evaluates a file specified by the file system operation to determine whether the file includes sensitive data. If so determined, the DLP agent prevents the sensitive data from being transmitted (e.g., by blocking the file system activity, redacting the sensitive data from the file, etc.).

Abstract translation: 公开了通过监视具有网络连接的应用的文件系统活动来执行数据丢失预防（DLP）的技术。 DLP代理跟踪由应用启动的文件系统活动（例如，文件打开和读取操作）。 DLP代理拦截文件系统活动，并评估由文件系统操作指定的文件，以确定文件是否包含敏感数据。 如果这样确定，则DLP代理防止敏感数据被传输（例如，通过阻止文件系统活动，从文件中修改敏感数据等）。