Cloud based data loss prevention system
First Claim
1. A system for providing data loss prevention services to an enterprise operating an enterprise data network, the system comprising:
- a computing system deployed outside of the enterprise data network, the computing system comprising a first computing cluster having at least one hardware processor and a second computing cluster having at least one hardware processor,wherein the first computing cluster comprises an indexer system configured to receive a pre-index containing first hash values of known non-malicious structured data formed using a forward hash function and a key and to generate a search index based on the pre-index, the search index being stored at a remote storage site; and
wherein the second computing cluster comprises a detection system configured to receive the search index from the remote storage site, to receive network data content being sent from or being sent to the enterprise, to apply the forward hash function based on the key to the network data content to form second hash values, to determine that data that should not be outside the enterprise is outside the enterprise when one or more of the second hash values match one or more of the first hash values using the search index, and to generate an alert indicating data that should not be outside the enterprise is outside the enterprise in response to determining that a match exists.
11 Assignments
0 Petitions
Accused Products
Abstract
A cloud based data loss prevention (DLP) system implements a split computing architecture using separate indexer system and detection system to perform indexing and data loss prevention monitoring. The cloud DLP system includes a computing system deployed outside of the enterprise data network and including a first computing cluster and a second computing cluster. The first computing cluster includes an indexer system to generate a search index from a pre-index containing hash values of structured data to be protected. The second computing cluster comprises a detection system configured to receive the search index and network data content, to apply a forward hash function based on a key to the network data content, and to detect in the hash values of the network data content for matching data in the search index and to generate an alert in response to matched data content being found in the network data content.
-
Citations
13 Claims
-
1. A system for providing data loss prevention services to an enterprise operating an enterprise data network, the system comprising:
-
a computing system deployed outside of the enterprise data network, the computing system comprising a first computing cluster having at least one hardware processor and a second computing cluster having at least one hardware processor, wherein the first computing cluster comprises an indexer system configured to receive a pre-index containing first hash values of known non-malicious structured data formed using a forward hash function and a key and to generate a search index based on the pre-index, the search index being stored at a remote storage site; and wherein the second computing cluster comprises a detection system configured to receive the search index from the remote storage site, to receive network data content being sent from or being sent to the enterprise, to apply the forward hash function based on the key to the network data content to form second hash values, to determine that data that should not be outside the enterprise is outside the enterprise when one or more of the second hash values match one or more of the first hash values using the search index, and to generate an alert indicating data that should not be outside the enterprise is outside the enterprise in response to determining that a match exists. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification