Preventing secure data from leaving the network perimeter
First Claim
1. A method for preventing secure data from leaving a perimeter of an enterprise network, wherein an edge device couples the enterprise network to an external network, and the edge device has access to all traffic that flows inbound and outbound between the enterprise network and the external network, the method comprising the steps of:
- computing a plurality of hashes for a data file to uniquely identify the data file as a secure data being subject to restrictions on leaving the enterprise network perimeter;
sending the plurality of hashes to the edge device;
storing the plurality of hashes at the edge device;
in response to a user of a host downloading the secure data from the enterprise network, a client agent running on a host machine, tracking any modification made to the secure data by the user;
when the secure data is modified by the user on the host machine, computing a hash for the modified secure data;
sending the hash for the modified secure data to the edge device;
monitoring, by the edge device, outbound data that is being sent out across the enterprise network;
computing, by the edge device, a hash of the outbound data;
comparing, by the edge device, the hash of the outbound data to each of the plurality of stored hashes, the stored hashes being associated with respective data files that are each designated by an administrator or authorized user of the enterprise network;
blocking, by the edge device, the outbound data from leaving the perimeter if the hash of the outbound data matches one of the stored hashes;
providing data from the edge device to the administrator or authorized user of the enterprise network, including an identity of secure data, an identity of who accessed the secure data, and when the secure data was accessed; and
providing an indication, from the edge device to the administrator or authorized user of the enterprise network, of actions taken by the edge device in response to results of the comparing step.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure data is prevented from leaving the perimeter of a network such as an enterprise network or corporate network (“corpnet”) by an arrangement in which a hash of the secure data is periodically computed, and the hashes are pushed out to an edge device on the network such as a firewall where they are stored for later access. The edge device is configured so that it has access to all traffic that flows between the enterprise network and an external network, such as the Internet, that is located outside the enterprise network perimeter. Whenever a user attempts to send data to the external network, a process running on the edge device computes a hash for the outbound data and compares it against the stored hashes associated with the secure data. If a match is made between the hash for the outbound data and a stored hash for secure data, then the edge device blocks the outbound data from leaving the network perimeter.
-
Citations
18 Claims
-
1. A method for preventing secure data from leaving a perimeter of an enterprise network, wherein an edge device couples the enterprise network to an external network, and the edge device has access to all traffic that flows inbound and outbound between the enterprise network and the external network, the method comprising the steps of:
-
computing a plurality of hashes for a data file to uniquely identify the data file as a secure data being subject to restrictions on leaving the enterprise network perimeter; sending the plurality of hashes to the edge device; storing the plurality of hashes at the edge device; in response to a user of a host downloading the secure data from the enterprise network, a client agent running on a host machine, tracking any modification made to the secure data by the user; when the secure data is modified by the user on the host machine, computing a hash for the modified secure data; sending the hash for the modified secure data to the edge device; monitoring, by the edge device, outbound data that is being sent out across the enterprise network; computing, by the edge device, a hash of the outbound data; comparing, by the edge device, the hash of the outbound data to each of the plurality of stored hashes, the stored hashes being associated with respective data files that are each designated by an administrator or authorized user of the enterprise network; blocking, by the edge device, the outbound data from leaving the perimeter if the hash of the outbound data matches one of the stored hashes; providing data from the edge device to the administrator or authorized user of the enterprise network, including an identity of secure data, an identity of who accessed the secure data, and when the secure data was accessed; and providing an indication, from the edge device to the administrator or authorized user of the enterprise network, of actions taken by the edge device in response to results of the comparing step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for identifying data in an enterprise network as being secure, the method comprising the steps of:
-
receiving a designation from an administrator or authorized user of the enterprise network that a data file is secure data, wherein the administrator or authorized user of the enterprise network tracks the identity of the secure data, an identity of who accessed the secure data, and when the secure data was accessed; computing a hash for the data file to uniquely identify the data file as secure data, the secure data being subject to restrictions on leaving the enterprise network perimeter; in response to a user of a host downloading the secure data from the enterprise network, a client agent running on a host machine, tracking any modification made to the secure data by the user; when the secure data is modified by the user on the host machine, computing a hash for the modified secure data; sending the hash to an edge device that is positioned on the enterprise network perimeter, the edge device being arranged to block secure data that is outbound from the enterprise network; storing the hash at the edge device, computing a hash of the outbound data; comparing the hash of outbound data to stored hashes for the secure data; blocking the outbound data from leaving the perimeter when the hash of the outbound data matches one of the stored hashes; providing data from the edge device to the administrator or authorized user of the enterprise network, including an identity of secure data, an identity of who accessed the secure data, and when the secure data was accessed; and providing an indication, from the edge device to the administrator or authorized user of the enterprise network, of actions taken by the edge device in response to results of the comparing step. - View Dependent Claims (11, 12, 13)
-
-
14. A method for identifying data that has been modified at a host in an enterprise network as being secure, secure data being subject to restrictions on leaving the enterprise network perimeter, the method comprising the steps of:
-
monitoring, by a client agent, activity at the host to identity whether secure data that has been downloaded from a source in the enterprise network has been modified, wherein an edge device provides data to an administrator or authorized user of the enterprise network, including an identity of the secure data, an identity of who accessed the secure data, and when the secure data was accessed; when the secure data is modified on the host, computing a hash for the modified secure data as being secure data; sending, by a client agent, the hash to the edge device that is positioned on the enterprise network perimeter, the edge device being arranged to block secure data that is outbound from the enterprise network; storing the hash at the edge device, computing a hash of the outbound data; comparing the hash of outbound data to stored hashes for the secure data; blocking the outbound data from leaving the perimeter when the hash of the outbound data matches one of the stored hashes; providing data from the edge device to the administrator or authorized user of the enterprise network, including an identity of secure data, an identity of who accessed the secure data, and when the secure data was accessed; and wherein the edge device provides, to the administrator or authorized user of the enterprise network, actions taken by the edge device in response to results of the comparing step. - View Dependent Claims (15, 16, 17, 18)
-
Specification