Systems and methods for reputation-based application of data-loss prevention policies

US 8,495,705 B1
Filed: 04/20/2010
Issued: 07/23/2013
Est. Priority Date: 04/20/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for data-loss prevention, the method comprising:

identifying data associated with a user;

determining that the data associated with the user is subject to a data-loss-prevention scan;

identifying a data-loss-prevention reputation associated with the user;

determining that the data-loss-prevention reputation associated with the user meets a predetermined risk threshold;

in response to determining that the data-loss-prevention reputation associated with the user meets the predetermined risk threshold, modifying at least one aspect of the data-loss-prevention scan in accordance with the data-loss-prevention reputation associated with the user;

applying the modified data-loss-prevention scan to the data associated with the user;

wherein each step of the computer-implemented method is performed by a computing device comprising at least one processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for data-loss prevention may include: 1) identifying data associated with a user, 2) determining that the data is subject to a data-loss-prevention scan, 3) identifying a data-loss-prevention reputation associated with the user, and then 4) performing a data-loss-prevention operation based at least in part on the data-loss-prevention reputation associated with the user. Various other methods, systems, and computer-readable media are also disclosed.

Citations

19 Claims

1. A computer-implemented method for data-loss prevention, the method comprising:
- identifying data associated with a user;
  
  determining that the data associated with the user is subject to a data-loss-prevention scan;
  
  identifying a data-loss-prevention reputation associated with the user;
  
  determining that the data-loss-prevention reputation associated with the user meets a predetermined risk threshold;
  
  in response to determining that the data-loss-prevention reputation associated with the user meets the predetermined risk threshold, modifying at least one aspect of the data-loss-prevention scan in accordance with the data-loss-prevention reputation associated with the user;
  
  applying the modified data-loss-prevention scan to the data associated with the user;
  
  wherein each step of the computer-implemented method is performed by a computing device comprising at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18, 19)
- - 2. The computer-implemented method of claim 1, wherein identifying the data associated with the user comprises at least one of:
    - identifying data copied by the user;
      
      identifying data transmitted by the user;
      
      identifying data accessed by the user;
      
      identifying data owned by the user.
  - 3. The computer-implemented method of claim 1, wherein identifying the data-loss-prevention reputation associated with the user comprises:
    - identifying at least one data-loss-prevention incident associated with the user;
      
      evaluating the data-loss-prevention reputation of the user based at least in part on the data-loss-prevention incident.
  - 4. The computer-implemented method of claim 1, wherein identifying the data-loss-prevention reputation associated with the user comprises:
    - identifying at least one characteristic of the user relevant to assessing the risk of a data-loss-prevention policy violation by the user;
      
      evaluating the data-loss-prevention reputation of the user based at least in part on the characteristic.
  - 5. The computer-implemented method of claim 4, wherein the characteristic comprises at least one of:
    - a group to which the user belongs;
      
      a responsibility of the user within an organization;
      
      a seniority of the user within the organization;
      
      input from a supervisor of the user.
  - 6. The computer-implemented method of claim 1, wherein:
    - identifying the data associated with the user comprises identifying data associated with a group to which the user belongs;
      
      identifying the data-loss-prevention reputation associated with the user comprises identifying a reputation associated with the group to which the user belongs.
  - 7. The computer-implemented method of claim 1, wherein modifying at least one aspect of the data-loss-prevention scan in accordance with the data-loss-prevention reputation associated with the user and applying the modified data-loss-prevention scan to the data associated with the user collectively comprise at least one of:
    - skipping at least one aspect of the data-loss-prevention scan;
      
      performing a partial scan on the data associated with the user;
      
      performing a described-content-matching scan on the data associated with the user.
  - 8. The computer-implemented method of claim 1, wherein modifying at least one aspect of the data-loss-prevention scan comprises selecting a rule set for the data-loss-prevention scan based at least in part on the data-loss-prevention reputation associated with the user.
  - 9. The computer-implemented method of claim 1, wherein modifying at least one aspect of the data-loss-prevention scan comprises determining whether to apply a data-loss-prevention remediation to the data associated with the user.
  - 10. The computer-implemented method of claim 9, wherein the data-loss-prevention remediation comprises at least one of:
    - flagging an interaction between the user and the data associated with the user;
      
      blocking an attempted interaction between the user and the data associated with the user.
  - 18. The computer-implemented method of claim 1, further comprising:
    - identifying data associated with an additional user;
      
      determining that the data associated with the additional user is subject to an additional data-loss-prevention scan;
      
      identifying a data-loss-prevention reputation associated with the additional user;
      
      determining that the data-loss-prevention reputation associated with the additional user fails to meet the predetermined risk threshold;
      
      in response to determining that the data-loss-prevention reputation associated with the additional user fails to meet the predetermined risk threshold, performing at least one of;
      
      applying the additional data-loss-prevention scan to the data associated with the additional user;
      
      applying a data-loss-prevention remediation to the data associated with the additional user.
  - 19. The computer-implemented method of claim 18, wherein applying the additional data-loss-prevention scan to the data associated with the additional user comprises at least one of:
    - applying a full scan to the data associated with the additional user;
      
      applying an exact-data-matching scan to the data associated with the additional user;
      
      applying an indexed-data-matching scan to the data associated with the additional user.

11. A system for data-loss prevention, the system comprising:
- an identification module programmed to identify data associated with a user;
  
  a determination module programmed to determine that the data associated with the user is subject to a data-loss-prevention scan;
  
  a reputation module programmed to identify a data-loss-prevention reputation associated with the user;
  
  a data-loss-prevention module programmed to;
  
  determine that the data-loss-prevention reputation associated with the user meets a predetermined risk threshold;
  
  in response to determining that the data-loss-prevention reputation associated with the user meets the predetermined risk threshold, modify at least one aspect of the data-loss-prevention scan in accordance with the data-loss-prevention reputation associated with the user;
  
  apply the modified data-loss-prevention scan to the data associated with the user;
  
  at least one processor configured to execute the identification module, the determination module, the reputation module, and the data-loss-prevention module.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11, wherein the identification module is programmed to identify the data associated with the user by identifying at least one of:
    - data copied by the user;
      
      data transmitted by the user;
      
      data accessed by the user;
      
      data owned by the user.
  - 13. The system of claim 11, wherein the reputation module is programmed to identify the data-loss-prevention reputation associated with the user by:
    - identifying at least one data-loss-prevention incident associated with the user;
      
      evaluating the data-loss-prevention reputation of the user based at least in part on the data-loss-prevention incident.
  - 14. The system of claim 11, wherein the reputation module is programmed to identify the data-loss-prevention reputation associated with the user by:
    - identifying at least one characteristic of the user relevant to assessing the risk of a data-loss-prevention policy violation by the user;
      
      evaluating the data-loss-prevention reputation of the user based at least in part on the characteristic.
  - 15. The system of claim 11, wherein the data-loss-prevention module collectively modifies at least one aspect of the data-loss-prevention scan in accordance with the data-loss-prevention reputation associated with the user and applies the modified data-loss-prevention scan to the data associated with the user by at least one of:
    - skipping at least one aspect of the data-loss-prevention scan;
      
      performing a partial scan on the data associated with the user;
      
      performing a described-content-matching scan on the data associated with the user.
  - 16. The system of claim 11, wherein the data-loss-prevention module modifies at least one aspect of the data-loss-prevention scan by selecting a rule set for the data-loss-prevention scan based at least in part on the data-loss-prevention reputation associated with the user.

17. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify data associated with a user;
  
  determine that the data associated with the user is subject to a data-loss-prevention scan;
  
  identify a data-loss-prevention reputation associated with the user;
  
  determine that the data-loss-prevention reputation associated with the user meets a predetermined risk threshold;
  
  in response to determining that the data-loss-prevention reputation associated with the user meets the predetermined risk threshold, modify at least one aspect of the data-loss-prevention scan in accordance with the data-loss-prevention reputation associated with the user;
  
  apply the modified data-loss-prevention scan to the data associated with the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Verma, Amit, Banerjee, Anindya, Jaiswal, Sumesh, Choudhury, Rajorshi Ghosh
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US12/763,593
Time in Patent Office

1,190 Days
Field of Search

726/26
US Class Current

726/2
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

G06Q 10/10 Office automation; Time man...

Systems and methods for reputation-based application of data-loss prevention policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for reputation-based application of data-loss prevention policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links