Systems and methods for preventing data loss from files sent from endpoints

US 8,321,560 B1
Filed: 08/13/2009
Issued: 11/27/2012
Est. Priority Date: 08/13/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for data loss prevention, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

intercepting a packet sent by an application of an endpoint;

extracting file-identification information from the packet;

identifying a list of opened files;

matching the file-identification information to a file in the list of opened files;

identifying a data-loss-prevention policy that applies to the file;

filtering the packet based on the data-loss-prevention policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for data loss prevention may include intercepting a packet sent by an application of an endpoint. The computer-implemented method may also include extracting file-identification information from the packet. The computer-implemented method may further include identifying a list of opened files and matching the file-identification information to a file in the list of opened files. The computer-implemented method may additionally include identifying a data-loss-prevention policy that applies to the file. The computer-implemented method may moreover include filtering the packet based on the data-loss-prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

33 Citations

View as Search Results

20 Claims

1. A computer-implemented method for data loss prevention, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- intercepting a packet sent by an application of an endpoint;
  
  extracting file-identification information from the packet;
  
  identifying a list of opened files;
  
  matching the file-identification information to a file in the list of opened files;
  
  identifying a data-loss-prevention policy that applies to the file;
  
  filtering the packet based on the data-loss-prevention policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein identifying the data-loss-prevention policy that applies to the file comprises analyzing content of the file to determine that the data-loss-prevention policy applies to the file.
  - 3. The computer-implemented method of claim 1, wherein filtering the packet comprises at least one of:
    - blocking the packet;
      
      sending an alert about a violation of the data-loss-prevention policy.
  - 4. The computer-implemented method of claim 1, wherein identifying the list of opened files comprises identifying a list of files opened by the application since the application began execution.
  - 5. The computer-implemented method of claim 1, wherein identifying the list of opened files comprises identifying a list of files currently open for the application.
  - 6. The computer-implemented method of claim 1, wherein identifying the list of opened files comprises identifying a list of files opened within a predetermined timeframe.
  - 7. The computer-implemented method of claim 1, further comprising:
    - identifying a call by the application to open the file;
      
      adding the file, along with information identifying the application, to the list of opened files.
  - 8. The computer-implemented method of claim 7, further comprising:
    - identifying a termination of the application;
      
      removing files associated with the application from the list of opened files.
  - 9. The computer-implemented method of claim 1, wherein extracting the file-identification information from the packet comprises:
    - identifying a protocol used to transfer the packet;
      
      parsing the packet for the file-identification information based on the protocol.
  - 10. The computer-implemented method of claim 1, wherein matching the file-identification information to the file in the list of opened files comprises:
    - identifying a partial filename within the file-identification information;
      
      resolving the partial filename to a file path of the file.
  - 11. The computer-implemented method of claim 10, wherein resolving the partial filename to a file path of the file comprises:
    - retrieving a mapping of partial filenames to files for the application;
      
      determining that the partial filename maps to the file in the mapping.

12. A system for data loss prevention, the system comprising:
- an interception module programmed to;
  
  intercept a packet sent by an application of an endpoint;
  
  extract a partial filename from the packet;
  
  a matching module programmed to;
  
  identify a list of opened files;
  
  match the partial filename to a file in the list of opened files;
  
  a filtering module programmed to;
  
  identify a data-loss-prevention policy that applies to the file;
  
  filter the packet based on the data-loss-prevention policy;
  
  one or more processors configured to execute the interception module, the matching module, and the filtering module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the filtering module is programmed to identify the data-loss-prevention policy that applies to the file by analyzing content of the file to determine that the data-loss-prevention policy applies to the file.
  - 14. The system of claim 12, wherein the filtering module is programmed to filter the packet by at least one of:
    - blocking the packet;
      
      sending an alert about a violation of the data-loss-prevention policy.
  - 15. The system of claim 12, wherein the matching module is programmed to identify the list of opened files by identifying a list of files opened by the process since the application began execution.
  - 16. The system of claim 12, wherein the matching module is programmed to identify the list of opened files by identifying a list of files currently open for the application.
  - 17. The system of claim 12, wherein the matching module is programmed to identify the list of opened files by identifying a list of files opened within a predetermined timeframe.
  - 18. The system of claim 12, wherein the matching module is further programmed to:
    - identify a call by the application to open the file;
      
      add the file, along with information identifying the application, to the list of opened files.
  - 19. The system of claim 18, wherein the matching module is further programmed to:
    - identify a termination of the application;
      
      remove files associated with the application from the list of opened files.

20. A computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- intercept a packet sent by an application of an endpoint;
  
  extract a partial filename from the packet;
  
  identify a list of opened files;
  
  match the partial filename to a file in the list of opened files;
  
  identify a data-loss-prevention policy that applies to the file;
  
  filter the packet based on the data-loss-prevention policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Pai, Manish, Torney, Milind
Primary Examiner(s)
VU, VIET DUY

Application Number

US12/540,567
Time in Patent Office

1,202 Days
Field of Search

709/223, 709/224, 709/225, 709/250, 726/22
US Class Current

709/224
CPC Class Codes

G06F 11/0709 in a distributed system con...

G06F 11/0793 Remedial or corrective acti...

Systems and methods for preventing data loss from files sent from endpoints

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for preventing data loss from files sent from endpoints

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links