Method to improve data loss prevention via cross leveraging fingerprints

US 8,250,085 B1
Filed: 12/18/2008
Issued: 08/21/2012
Est. Priority Date: 12/18/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

obtaining, by a data loss protection (DLP) service provider, fingerprints of confidential source data of a plurality of organizations;

distributing, by the DLP service provider, DLP policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations;

sharing, by the DLP service provider, the fingerprints of the confidential source data of the plurality of organizations across DLP systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization;

causing, by the DLP service provider, a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints;

causing one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization;

receiving, by the DLP service provider, information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization;

identifying, by the DLP service provider, the second organization based on the identifier included in the received information; and

notifying, by the DLP service provider, one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for improving data loss prevention via cross leveraging fingerprints of protected data is described. In one embodiment, fingerprints of sensitive data of multiple organizations are shared across data loss prevention (DLP) systems of these organizations. A DLP system of each organization monitors information content associated with this organization to detect sensitive data of other organizations, and notifies one or more users within the organization upon detecting sensitive data of other organizations. In addition, a report of external data loss detection is provided to users within an organization whose sensitive data is detected in information content of the other organizations.

Citations

18 Claims

1. A computer-implemented method, comprising:
- obtaining, by a data loss protection (DLP) service provider, fingerprints of confidential source data of a plurality of organizations;
  
  distributing, by the DLP service provider, DLP policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations;
  
  sharing, by the DLP service provider, the fingerprints of the confidential source data of the plurality of organizations across DLP systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization;
  
  causing, by the DLP service provider, a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints;
  
  causing one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization;
  
  receiving, by the DLP service provider, information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization;
  
  identifying, by the DLP service provider, the second organization based on the identifier included in the received information; and
  
  notifying, by the DLP service provider, one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the confidential source data of the plurality of organizations comprises at least one of personal information pertaining to employees of a corresponding organization, personal information pertaining to customers of the corresponding organization, information pertaining to business processes of the corresponding organization, and information pertaining to confidential intellectual property of the corresponding organization.
  - 3. The method of claim 1, wherein sharing fingerprints of confidential source data of the plurality of organizations comprises:
    - receiving requests from the plurality of organizations to share fingerprints of the corresponding organization with the plurality of organizations; and
      
      sending the fingerprints of the corresponding organization with the associated identifier to a DLP system of the plurality of organizations.
  - 4. The method of claim 3, wherein notifying one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content comprises:
    - creating a report for each identifier, the report including detected incidents associated with the identifier;
      
      determining one or more recipients of the report based on the identifier; and
      
      sending the report to the recipients.
  - 5. The method of claim 4 wherein the report identifies, for each detected incident, data that caused a policy violation.
  - 6. The method of claim 1, further comprising:
    - enabling sharing of the fingerprints across the plurality of organizations when a number of the plurality of organizations exceeds a threshold.
  - 7. The method of claim 1, wherein a DLP system of the first organization creates one or more policies for detecting confidential source data of the second organization in information content of the first organization, the one or more policies being created based on input provided by a user of the first organization.
  - 8. The method of claim 1, wherein a DLP system of the first organization is operable to monitor information content, detect in the information policy confidential source data violating one or more DLP policies, determine that the detected confidential source data is external, notify a user within the first organization about a detection of the external confidential source data, and send a report identifying external data violating of the DLP policies.

9. A system comprising:
- a processor;
  
  a memory coupled to the processor;
  
  a fingerprint distributor executed from the memory by the processor to obtain fingerprints of confidential source data of a plurality of organizations to distribute data loss prevention (DLP) policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations, to share the fingerprints of the confidential source data of the plurality of organizations across DLP systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization, to cause a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints, and to cause one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization; and
  
  a report generator, coupled to the fingerprint distributor, executed from the memory by the processor to receive information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization, to identify the second organization based on the identifier included in the received information, and to notify one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the confidential source data of the plurality of organizations comprises at least one of personal information pertaining to employees of a corresponding organization, personal information pertaining to customers of the corresponding organization, information pertaining to business processes of the corresponding organization, and information pertaining to confidential intellectual property of the corresponding organization.
  - 11. The system of claim 9, wherein the fingerprint distributor is to share fingerprints of confidential source data of the plurality of organizations by:
    - receiving requests from the plurality of organizations to share fingerprints of the corresponding organization the plurality of other organizations; and
      
      sending the fingerprints of the corresponding organization with the associated customer identifier to a DLP system of the the plurality of organizations.
  - 12. The system of claim 11, wherein the report generator is to notify one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content by:
    - creating a report for each identifier, the report including detected incidents associated with the identifier;
      
      determining one or more recipients of the report based on the identifier; and
      
      sending the report to the recipients.
  - 13. The system of claim 12 wherein the report identifies, for each detected incident, data that caused a policy violation.
  - 14. The system of claim 9, further comprising a DLP system of the first organization to monitor information content, to detect in the information policy confidential source data violating one or more DLP policies, to determine that the detected confidential source data is external, to notify a user within the first organization about a detection of the external confidential source data, and to send a report identifying external data violating of the DLP policies.

15. A non-transitory computer readable storage medium that provides instructions, which when executed on a processing system, cause the processing system to perform a method comprising:
- obtaining, by the processing system, fingerprints of confidential source data of a plurality of organizations;
  
  distributing, by the processing system, DLP policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations;
  
  sharing fingerprints of the confidential source data of the plurality of organizations across data loss prevention (DLP) systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization;
  
  causing a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints;
  
  causing one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization;
  
  receiving information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization;
  
  identifying the second organization based on the identifier included in the received information; and
  
  notifying one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the confidential source data of the plurality of organizations comprises at least one of personal information pertaining to employees of a corresponding organization, personal information pertaining to customers of the corresponding organization, information pertaining to business processes of the corresponding organization, and information pertaining to confidential intellectual property of the corresponding organization.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein sharing fingerprints of confidential source data of the plurality of organizations comprises:
    - receiving requests from the plurality of organizations to share fingerprints of the corresponding organization with the plurality of organizations; and
      
      sending the fingerprints of the corresponding organization with the associated identifier to a DLP system of the the plurality of organizations.
  - 18. The non-transitory computer readable storage medium of claim 17, wherein notifying one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content comprises:
    - creating a report for each customer identifier, the report including detected incidents associated with the identifier;
      
      determining one or more recipients of the report based on the identifier; and
      
      sending the report to the recipients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh
Primary Examiner(s)
Hu, Jensen

Application Number

US12/338,943
Time in Patent Office

1,342 Days
Field of Search

707/999.2, 707/758
US Class Current

707/758
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/645   using a third party

G06Q 10/10   Office automation; Time man...

Method to improve data loss prevention via cross leveraging fingerprints

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method to improve data loss prevention via cross leveraging fingerprints

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links