Adaptive data loss prevention policies

US 8,613,040 B2
Filed: 12/22/2008
Issued: 12/17/2013
Est. Priority Date: 12/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method of safeguarding sensitive information comprising:

detecting, by a monitoring application of a computing device, a policy violation on the computing device, wherein the policy violation comprises a user attempt to perform an operation to move data comprising the sensitive information off of the computing device;

determining whether one or more previous policy violations have occurred on the computing device, wherein the one or more previous policy violations comprise other attempts of the user to perform an operation to move the data comprising the sensitive information off of the computing device; and

performing an action to minimize a risk of data loss based on the one or more previous policy violations and a sequential order that the one or more previous policy violations occurred, wherein the performing the action further comprises;

performing a first action to minimize the risk of the data loss in response to determining that no previous policy violations occurred on the computing device; and

performing a second action to minimize the risk of the data loss in response determining that the one or more previous policy violations occurred on the computing device, wherein the second action depends on a number, a severity, and the sequential order of the one or more previous policy violations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A monitor detects a policy violation on a computing device, wherein the policy violation includes a user attempt to perform an operation to move data that includes sensitive information off the computing device. The monitor determines whether one or more previous policy violations have occurred on the computing device. The monitor performs an action to minimize a risk of data loss based on the one or more previous policy violations.

101 Citations

View as Search Results

21 Claims

1. A method of safeguarding sensitive information comprising:
- detecting, by a monitoring application of a computing device, a policy violation on the computing device, wherein the policy violation comprises a user attempt to perform an operation to move data comprising the sensitive information off of the computing device;
  
  determining whether one or more previous policy violations have occurred on the computing device, wherein the one or more previous policy violations comprise other attempts of the user to perform an operation to move the data comprising the sensitive information off of the computing device; and
  
  performing an action to minimize a risk of data loss based on the one or more previous policy violations and a sequential order that the one or more previous policy violations occurred, wherein the performing the action further comprises;
  
  performing a first action to minimize the risk of the data loss in response to determining that no previous policy violations occurred on the computing device; and
  
  performing a second action to minimize the risk of the data loss in response determining that the one or more previous policy violations occurred on the computing device, wherein the second action depends on a number, a severity, and the sequential order of the one or more previous policy violations.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - storing the policy violation in a policy violation record, wherein the one or more previous policy violations are stored in the policy violation record.
  - 3. The method of claim 2, further comprising:
    - removing any of the policy violation or the one or more previous policy violations that exceed an age threshold from the policy violation record.
  - 4. The method of claim 1, wherein performing the action comprises comparing the policy violation and the one or more previous policy violations to a plurality of policy violation responses and performing the action in one of the plurality of policy violation responses that corresponds to the policy violation and the one or more previous policy violations.
  - 5. The method of claim 1, wherein detecting the policy violation comprises:
    - detecting the user attempt to perform the operation;
      
      scanning the data to determine that the data comprises the sensitive information; and
      
      determining that the user is not authorized to perform the operation.
  - 6. The method of claim 1, wherein the action depends on a data loss vector through which the user attempted to move the data off the computing device.
  - 7. The method of claim 1, further comprising:
    - enabling an additional policy based on at least one of the policy violation or the one or more previous policy violations.

8. A computing apparatus comprising:
- a memory;
  
  a processing device communicably coupled to the memory;
  
  a policy violation detector executed from the memory by the processing device, the policy violation detector configured to detect a policy violation on the computing apparatus, wherein the policy violation comprises a user attempt to perform an operation to move data comprising sensitive information off of the computing apparatus; and
  
  a policy violation responder executed from the memory by the processing device, the policy violation responder configured to;
  
  determine whether one or more previous policy violations have occurred on the computing device, wherein the one or more previous policy violations comprise other attempts of the user to perform an operation to move the data comprising the sensitive information off of the computing device; and
  
  perform an action to minimize a risk of data loss based on the one or more previous policy violations and a sequential order that the one or more previous policy violations occurred, wherein performing the action further comprises the policy violation responder to;
  
  perform a first action to minimize the risk of the data loss in response to determining that no previous policy violations occurred on the computing device; and
  
  perform a second action to minimize the risk of the data loss in response determining that the one or more previous policy violations occurred on the computing device, wherein the second action depends on a number, a severity, and the sequential order of the one or more previous policy violations.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing apparatus of claim 8, further comprising:
    - a policy violation record that stores the one or more previous policy violations;
      
      and a policy violation recorder to store the policy violation in the policy violation record.
  - 10. The computing apparatus of claim 9, further comprising:
    - the policy violation recorder to remove any of the policy violation or the one or more previous policy violations that exceed an age threshold from the policy violation record.
  - 11. The computing apparatus of claim 8, wherein the policy violation responder to perform the action based on comparing the policy violation and the one or more previous policy violations to a plurality of policy violation responses and performing the action in one of the plurality of policy violation responses that corresponds to the policy violation and the one or more previous policy violations.
  - 12. The computing apparatus of claim 8, wherein the policy violation detector to detect the policy violation based on detecting the user attempt to perform the operation, scanning the data to determine that the data comprises sensitive information, and determining that the user is not authorized to perform the operation.
  - 13. The computing apparatus of claim 8, wherein the action depends on a data loss vector through which the user attempted to move the sensitive data off the computing device.
  - 14. The computing apparatus of claim 8, further comprising:
    - the policy violation responder to enable an additional policy based on at least one of the policy violation or the one or more previous policy violations.

15. A non-transitory computer readable medium including instructions that, when executed by a processing system, cause the processing system to perform a method of safeguarding sensitive information, comprising:
- detecting, by a monitoring application of a computing device comprising the processing system, a policy violation on the computing device, wherein the policy violation comprises a user attempt to perform an operation to move data comprising the sensitive information off of the computing device;
  
  determining whether one or more previous policy violations have occurred on the computing device, wherein the one or more previous policy violations comprise other attempts of the user to perform an operation to move the data comprising the sensitive information off of the computing device; and
  
  performing an action to minimize a risk of data loss based on the one or more previous policy violations and a sequential order that the one or more previous policy violations occurred, wherein the performing the action further comprises;
  
  performing a first action to minimize the risk of the data loss in response to determining that no previous policy violations occurred on the computing device; and
  
  performing a second action to minimize the risk of the data loss in response determining that the one or more previous policy violations occurred on the computing device, wherein the second action depends on a number, a severity, and the sequential order of the one or more previous policy violations.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15, the method further comprising:
    - storing the policy violation in a policy violation record, wherein the one or more previous policy violations are stored in the policy violation record.
  - 17. The non-transitory computer readable medium of claim 16, the method further comprising:
    - removing any of the policy violation or the one or more previous policy violations that exceed an age threshold from the policy violation record.
  - 18. The non-transitory computer readable medium of claim 15, wherein performing the action comprises comparing the policy violation and the one or more previous policy violations to a plurality of policy violation responses and performing the action in one of the plurality of policy violation responses that corresponds to the policy violation and the one or more previous policy violations.
  - 19. The non-transitory computer readable medium of claim 15, wherein detecting the policy violation comprises:
    - detecting the user attempt to perform the operation;
      
      scanning the data to determine that the data comprises sensitive information; and
      
      determining that the user is not authorized to perform the operation.
  - 20. The non-transitory computer readable medium of claim 15, wherein the action depends on a data loss vector through which the user attempted to move the sensitive data off the computing device.
  - 21. The non-transitory computer readable medium of claim 15, the method further comprising:
    - enabling an additional policy based on at least one of the policy violation or the one or more previous policy violations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Barile, Ian
Primary Examiner(s)
Blair, April Y

Application Number

US12/342,038
Publication Number

US 20100162347A1
Time in Patent Office

1,821 Days
Field of Search

726/1, 709/230
US Class Current

726/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

Adaptive data loss prevention policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive data loss prevention policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links