Data leak protection in upper layer protocols
First Claim
1. A data leak prevention (DLP) method comprising:
- receiving from a network administrator, by a network security appliance within a private network, (i) information defining a DLP rule to be applied by the network security appliance to packets associated with an upper layer protocol and (ii) information defining an action to take when one or more conditions associated with the DLP rule are satisfied, wherein the packets are originated within the private network and addressed to a destination residing outside of the private network and wherein the DLP rule is defined in terms of one or more of a regular expression and a string that are configured to detect existence of one or more forms of sensitive information carried by the packets;
receiving, by the network security appliance, a packet originated by a host device within the private network and directed to a destination device outside of the private network;
determining, by the network security appliance, the received packet is associated with the upper layer protocol;
identifying, by the network security appliance, a command, request or method of the upper layer protocol that is specified by or represented by the received packet;
scanning, by the network security appliance, the received packet for sensitive information by applying the DLP rule to one or more fields of the command, request or method, wherein the command, request or method is not designed or intended to carry data or information in a form of a message or file to a target of the command, request or method;
when the scanning results in a conclusion that the sensitive information is contained within the received packet, then performing, by the network security appliance, the defined action;
wherein the one or more forms of sensitive information comprise a payment card number or a social security number;
wherein the regular expression detects a format and type of content corresponding to a credit card number associated with a particular payment processing provider or the social security number; and
wherein the regular expression comprises;
^4[0-9]{12}(?;
[0-9]{3})?$;
^5[1-5][0-9]{14}$;
or^([[;
digit;
]]{3}[-][[;
digit;
]]{2}[[;
digit;
]]{4}|[[;
digit;
]]{9})$.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, information is received from an administrator (i) defining a DLP rule to be applied to packets associated with an upper layer protocol and (ii) defining an action to take when a condition associated with the rule is satisfied. The rule includes a regular expression and/or a string that is configured to detect existence of sensitive information. A packet originated by a host device is received. The packet is determined to be associated with the upper layer protocol. A command, request or method of the protocol is identified that is specified by or represented by the packet. The packet is scanned for sensitive information based on the rule. When the scanning results in a conclusion that sensitive information is contained within the packet, then the defined action is performed.
50 Citations
14 Claims
-
1. A data leak prevention (DLP) method comprising:
-
receiving from a network administrator, by a network security appliance within a private network, (i) information defining a DLP rule to be applied by the network security appliance to packets associated with an upper layer protocol and (ii) information defining an action to take when one or more conditions associated with the DLP rule are satisfied, wherein the packets are originated within the private network and addressed to a destination residing outside of the private network and wherein the DLP rule is defined in terms of one or more of a regular expression and a string that are configured to detect existence of one or more forms of sensitive information carried by the packets; receiving, by the network security appliance, a packet originated by a host device within the private network and directed to a destination device outside of the private network; determining, by the network security appliance, the received packet is associated with the upper layer protocol; identifying, by the network security appliance, a command, request or method of the upper layer protocol that is specified by or represented by the received packet; scanning, by the network security appliance, the received packet for sensitive information by applying the DLP rule to one or more fields of the command, request or method, wherein the command, request or method is not designed or intended to carry data or information in a form of a message or file to a target of the command, request or method; when the scanning results in a conclusion that the sensitive information is contained within the received packet, then performing, by the network security appliance, the defined action; wherein the one or more forms of sensitive information comprise a payment card number or a social security number; wherein the regular expression detects a format and type of content corresponding to a credit card number associated with a particular payment processing provider or the social security number; and wherein the regular expression comprises; ^4[0-9]{12}(?;
[0-9]{3})?$;^5[1-5][0-9]{14}$;
or^([[;
digit;
]]{3}[-][[;
digit;
]]{2}[[;
digit;
]]{4}|[[;
digit;
]]{9})$. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory program storage device readable by a network security appliance, tangibly embodying a program of instructions executable by one or more computer processors of the network security appliance to perform a method of data leak prevention (DLP), the method comprising:
-
receiving from a network administrator (i) information defining a DLP rule to be applied by the network security appliance to packets associated with an upper layer protocol and (ii) information defining an action to take when one or more conditions associated with the DLP rule are satisfied, wherein the packets are originated within a private network protected by the network security appliance and addressed to a destination residing outside of the private network and wherein the DLP rule is defined in terms of one or more of a regular expression and a string that are configured to detect existence of one or more forms of sensitive information carried by the packets; receiving a packet originated by a host device within the private network and directed to a destination device outside of the private network; determining the received packet is associated with the upper layer protocol; identifying a command, request or method of the upper layer protocol that is specified by or represented by the received packet; scanning the received packet for sensitive information by applying the DLP rule to one or more fields of the command, request or method, wherein the command, request or method is not designed or intended to carry data or information in a form of a message or file to a target of the command, request or method; when the scanning results in a conclusion that the sensitive information is contained within the received packet, then performing the defined action; wherein the one or more forms of sensitive information comprise a payment card number or a social security number; wherein the regular expression detects a format and type of content corresponding to a credit card number associated with a particular payment processing provider or the social security number; and wherein the regular expression comprises; ^4[0-9]{12}(?;
[0-9]{3})?$;^5[1-5][0-9]{14}$;
or^([[;
digit;
]]{3}[-][[;
digit;
]]{2}[-][[;
digit;
]]{4}|[[;
digit;
]]{9})$. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification