System and method for data loss prevention in a virtualized environment
First Claim
Patent Images
1. A method comprising:
- identifying, by a data loss prevention (DLP) manager, a startup event of a guest virtual machine, wherein the DLP manager is in a security virtual machine;
installing, by the DLP manager, a DLP component in the guest virtual machine, the DLP component to communicate with the DLP manager;
receiving, by the DLP manager, a file system event that is intercepted by the DLP component and that is initiated within the guest virtual machine, wherein the file system event comprises a file in at least one of a write event, a copy event, a paste event, a move event, or a deletion event, and wherein the file is not stored in the security virtual machine;
retrieving, by the DLP manager, a DLP profile associated with the guest virtual machine from a profile repository, the DLP profile comprising a DLP policy and a response rule;
identifying, by the DLP manager, a device associated with the file system event;
determining, by the DLP manager, that the DLP profile requires monitoring of the identified device;
monitoring, by the DLP manager, data associated with the file system event that is to be stored on the identified device; and
enforcing, by the DLP manager, the response rule associated with the file system event initiated within the guest virtual machine when the file system event violates the DLP policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a startup event of a guest virtual machine, and installs a DLP component in the guest virtual machine. The DLP component communicates with the DLP manager operating within the security virtual machine. The DLP manager also receives file system events from the DLP component, and enforces a response rule associated with the guest virtual machine if the file system event violates a DLP policy.
-
Citations
17 Claims
-
1. A method comprising:
-
identifying, by a data loss prevention (DLP) manager, a startup event of a guest virtual machine, wherein the DLP manager is in a security virtual machine; installing, by the DLP manager, a DLP component in the guest virtual machine, the DLP component to communicate with the DLP manager; receiving, by the DLP manager, a file system event that is intercepted by the DLP component and that is initiated within the guest virtual machine, wherein the file system event comprises a file in at least one of a write event, a copy event, a paste event, a move event, or a deletion event, and wherein the file is not stored in the security virtual machine; retrieving, by the DLP manager, a DLP profile associated with the guest virtual machine from a profile repository, the DLP profile comprising a DLP policy and a response rule; identifying, by the DLP manager, a device associated with the file system event; determining, by the DLP manager, that the DLP profile requires monitoring of the identified device; monitoring, by the DLP manager, data associated with the file system event that is to be stored on the identified device; and enforcing, by the DLP manager, the response rule associated with the file system event initiated within the guest virtual machine when the file system event violates the DLP policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform a operations comprising:
-
identifying, by a data loss prevention (DLP) manager, a startup event of a guest virtual machine, wherein the DLP manager is in a security virtual machine; installing, by the DLP manager, a DLP component in the guest virtual machine, the DLP component to communicate with the DLP manager; receiving, by the DLP manger, a file system event that is intercepted by the DLP component and that is initiated within the guest virtual machine, wherein the file system event comprises a file in at least one of a write event, a copy event, a paste event, a move event, or a deletion event, and wherein the file is not stored in the security virtual machine; retrieving, by the DLP manager, a DLP profile associated with the guest virtual machine from a profile repository, the DLP profile comprising a DLP policy and a response rule; identifying, by the DLP manager, a device associated with the file system event; determining, by the DLP manager, that the DLP profile requires monitoring of the identified device; monitoring, by the DLP manager, data associated with the file system event that is to be stored on the identified device; and enforcing, by the DLP manager, the response rule associated with the file system event initiated within the guest virtual machine when the file system event violates the DLP policy. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
a memory to store instructions for a data loss prevention (DLP) manager, wherein the DLP manager is in a security virtual machine; and a computing device, coupled to the memory, wherein the computing device is to execute the DLP manager; identify a startup event of a guest virtual machine; install a DLP component in the guest virtual machine, the DLP component to communicate with the DLP manager; receive, by the DLP manager, a file system event that is intercepted by the DLP component and that is initiated within the guest virtual machine, wherein the file system event comprises a file in at least one of a write event, a copy event, a paste event, a move event, or a deletion event, and wherein the file is not stored in the security virtual machine; retrieve a DLP profile associated with the guest virtual machine from a profile repository, the DLP profile comprising a DLP policy and a response rule; identify a device associated with the file system event; determining that the DLP profile requires monitoring of the identified device; monitoring data associated with the file system event that is to be stored on the identified device; and enforce the response rule associated with the file system event initiated within the guest virtual machine when the file system event violates the DLP policy. - View Dependent Claims (14, 15, 16, 17)
-
Specification