Systems and methods for data loss prevention of unidentifiable and unsupported object types
地域:
Mountain View
摘要
A computer-implemented method for data loss prevention of unidentifiable and unsupported object types may include (1) monitoring, through at least one filter, data input to an application during execution, (2) scanning, through a data loss prevention scanner, the data input to the application to detect whether the data includes sensitive data that is protected by a data loss prevention policy, (3) flagging, based on the scanning, the application as having accessed the sensitive data that is protected by the data loss prevention policy, (4) detecting that the application is requesting to output a data object in a format that obscures underlying content, and (5) performing, by a data loss prevention program, a remedial action to prevent loss of the sensitive data based on both flagging the application and detecting that the application is requesting to output the data object in the format that obscures underlying content.
說明書
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Individuals and organizations often possess sensitive information that they wish to protect from leaking to the outside world. Accordingly, these individuals and organizations may employ one or more systems to ensure that the sensitive information is maintained as a private secret. For example, enterprise organizations typically encrypt private communications between their own members. Similarly, enterprise organizations may request that their employees contractually promise to maintain the secrecy and confidentiality of internal work product and intellectual property.
Instead of relying on legal, ad hoc, or manual methods for protecting the secrecy of sensitive information, enterprise corporations increasingly employ comprehensive data loss prevention systems. These systems may monitor activities on corporate computing systems and network environments to detect and prevent the loss of sensitive information. For example, data loss prevention systems may scan the textual content of a file or document, detect the presence of sensitive information, and then perform an action to prevent the loss or leaking of the sensitive information. Nevertheless, traditional systems for preventing data loss may fail to perform optimally along one or more dimensions, as discussed further below. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for data loss prevention of unidentifiable and unsupported object types.
權(quán)利要求
What is claimed is:1. A computer-implemented method for data loss prevention of unidentifiable and unsupported object types, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:monitoring, through at least one filter, data input to an application during execution; scanning, through a data loss prevention scanner, the data input to the application to detect whether the data includes sensitive data that is protected by a data loss prevention policy; flagging, based on the scanning and based on determining that a quantity of sensitive data accessed by the application is greater than a threshold amount that defines a threshold beyond which the application is flagged, the application as having accessed the sensitive data that is protected by the data loss prevention policy; detecting, after flagging the application, that the application is requesting to output a data object in a format that obscures underlying content such that the data loss prevention scanner is prevented from scanning the data object to determine whether the underlying content includes the sensitive data; and performing, by a data loss prevention program, a remedial action to prevent loss of the sensitive data based on both flagging the application and detecting that the application is requesting to output the data object in the format that obscures underlying content, the remedial action comprising tagging the data object with a tag that designates that the data object was created after the sensitive data was input to the application, wherein: the format that obscures underlying content comprises an image format; and the image format enables an image to leak sensitive data by displaying text without the text being computer-readable as a string. 2. The method of claim 1 , wherein tagging the data object with the tag is performed in response to a user selecting a tag button within a graphical user interface. 3. The method of claim 1 , wherein tagging the data object comprises fixing an item of metadata that the data loss prevention scanner is configured to read. 4. The method of claim 3 , wherein fixing the item of metadata converts the data object from an unreadable format to a readable format. 5. The method of claim 1 , wherein the tag further specifies at least some of the sensitive data that the application accessed. 6. The method of claim 1 , further comprising providing an option to a user to remove the sensitive data. 7. The method of claim 6 , further comprising permitting the request to output the data object after removal of the sensitive data. 8. The method of claim 1 , further comprising allowing the tagged data object to be output to at least one of a file system, a network, and an operating system clipboard. 9. The method of claim 8 , further comprising referencing, by an additional filter, the tag to determine that the data object should not be permitted to be transmitted outside of an organization. 10. The method of claim 9 , further comprising preventing, by the additional filter, the data object from leaking outside of the organization based on the tag indicating that the data object should not be permitted to be transmitted outside the organization. 11. A system for data loss prevention, the system comprising:a monitoring module, stored in memory, that monitors, through at least one filter, data input to an application during execution; a scanning module, stored in memory, that scans, through a data loss prevention scanner, the data input to the application to detect whether the data includes sensitive data that is protected by a data loss prevention policy; a flagging module, stored in memory, that flags, based on the scanning and based on determining that a quantity of sensitive data accessed by the application is greater than a threshold amount that defines a threshold beyond which the application is flagged, the application as having accessed the sensitive data that is protected by the data loss prevention policy; a detection module, stored in memory, that detects, after flagging the application, that the application is requesting to output a data object in a format that obscures underlying content such that the data loss prevention scanner is prevented from scanning the data object to determine whether the underlying content includes the sensitive data; and a performance module, stored in memory, that performs, as part of a data loss prevention program, a remedial action to prevent loss of the sensitive data based on both flagging the application and detecting that the application is requesting to output the data object in the format that obscures underlying content, the remedial action comprising tagging the data object with a tag that designates that the data object was created after the sensitive data was input to the application; at least one physical processor configured to execute the monitoring module, the scanning module, the flagging module, the detection module, and the performance module, wherein: the format that obscures underlying content comprises an image format; and the image format enables an image to leak sensitive data by displaying text without the text being computer-readable as a string. 12. The system of claim 11 , wherein the filter comprises a network filter that filters network packets received by the application during execution. 13. The system of claim 11 , wherein the filter comprises a file system filter that filters file access requests from the application to a file system. 14. The system of claim 11 , wherein the filter comprises at least one of:an operating system clipboard filter that filters data pasted into the application during execution; and an application inter-process communication share filter that filters data received into the application from other applications. 15. The system of claim 11 , wherein the scanning module scans the data by:identifying textual content within the data input to the application during execution; and scanning the textual content for at least one of strings and patterns defined as protected by the data loss prevention policy. 16. The system of claim 11 , the tag further specifies at least some of the sensitive data that the application accessed. 17. The system of claim 11 , wherein the detection module detects that the application is requesting to output the data object in the format that obscures underlying content by detecting that the data object has a file signature that specifies the format. 18. The system of claim 11 , wherein the flagging module maintains the application as flagged as having accessed the sensitive data until a process corresponding to the application is terminated. 19. The system of claim 11 , wherein the performance module provides an option to a user to remove the sensitive data. 20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:monitor, through at least one filter, data input to an application during execution; scan, through a data loss prevention scanner, the data input to the application to detect whether the data includes sensitive data that is protected by a data loss prevention policy; flag, based on the scanning and based on determining that a quantity of sensitive data accessed by the application is greater than a threshold amount that defines a threshold beyond which the application is flagged, the application as having accessed the sensitive data that is protected by the data loss prevention policy; detect, after flagging the application, that the application is requesting to output a data object in a format that obscures underlying content such that the data loss prevention scanner is prevented from scanning the data object to determine whether the underlying content includes the sensitive data; perform, by a data loss prevention program, a remedial action to prevent loss of the sensitive data based on both flagging the application and detecting that the application is requesting to output the data object in the format that obscures underlying content, the remedial action comprising tagging the data object with a tag that designates that the data object was created after the sensitive data was input to the application, wherein: the format that obscures underlying content comprises an image format; and the image format enables an image to leak sensitive data by displaying text without the text being computer-readable as a string.
意見反饋
使用該功能遇到問題