System and method for user-context-based data loss prevention

US 9,349,016 B1
Filed: 06/06/2014
Issued: 05/24/2016
Est. Priority Date: 06/06/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising, by at least one computer system comprising computer hardware:

determining a user context of at least one user device currently accessing an enterprise communication platform;

selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context;

wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest;

wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device;

monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest;

responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications;

assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and

responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes determining a user context of at least one user device currently accessing an enterprise communication platform. The method further includes selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context. The dynamic DLP policy specifies one or more communication events of interest. In addition, the method includes monitoring communication events initiated by the at least one user device for the one or more communication events of interest. Moreover, the method includes, responsive to each communication event of interest: assessing the communication event of interest based, at least in part, on a content-based classification of a communication associated with the communication event of interest; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.

368 Citations

16 Claims

1. A method comprising, by at least one computer system comprising computer hardware:
- determining a user context of at least one user device currently accessing an enterprise communication platform;
  
  selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context;
  
  wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest;
  
  wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device;
  
  monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest;
  
  responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications;
  
  assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and
  
  responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprising publishing each risk assessment to a real-time risk-evaluation dashboard on the at least one user device.
  - 3. The method of claim 2, comprising:
    - receiving an attestation input from the at least one user device;
      
      adjusting at least one of the user context and the dynamic DLP policy responsive to the attestation input; and
      
      logging the attestation input.
  - 4. The method of claim 3, wherein:
    - the attestation input comprises a user certification related to a riskiness of at least one communication event of interest; and
      
      the adjusting comprises modifying a trigger threshold of the dynamic DLP policy for the at least one communication event of interest.
  - 5. The method of claim 1, wherein the taking comprises publishing a warning to the at least one user device.
  - 6. The method of claim 1, wherein the user context comprises user-location information and user-device identification information.
  - 7. The method of claim 1, wherein the taking comprises preventing further access to the new unsent draft communication.
  - 8. The method of claim 1, wherein the taking comprises preventing further access to the enterprise communication platform.
  - 9. The method of claim 1, wherein the taking comprises preventing transmission of the new unsent draft communication.

10. An information handling system comprising:
- a processor comprising computer hardware, wherein the processor is configured to implement a method, the method comprising;
  
  determining a user context of at least one user device currently accessing an enterprise communication platform;
  
  selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context;
  
  wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest;
  
  wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device;
  
  monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest;
  
  responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications;
  
  assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and
  
  responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The information handling system of claim 10, the method comprising publishing each risk assessment to a real-time risk-evaluation dashboard on the at least one user device.
  - 12. The information handling system of claim 11, the method comprising:
    - receiving an attestation input from the at least one user device;
      
      adjusting at least one of the user context and the dynamic DLP policy responsive to the attestation input; and
      
      logging the attestation input.
  - 13. The information handling system of claim 12, wherein:
    - the attestation input comprises a user certification related to a safety of at least one communication event of interest; and
      
      the adjusting comprises modifying a trigger threshold of the dynamic DLP policy for the at least one communication event of interest.
  - 14. The information handling system of claim 10, wherein the taking comprises publishing a warning to the at least one user device.
  - 15. The information handling system of claim 10, wherein the user context comprises user-location information and user-device identification information.

16. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
- determining a user context of at least one user device currently accessing an enterprise communication platform;
  
  selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context;
  
  wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest;
  
  wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device;
  
  monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest;
  
  responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications;
  
  assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and
  
  responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Brisebois, Michel Albert, Johnstone, Curtis T.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/298,095
Time in Patent Office

718 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/60 Protecting data

H04L 63/20 for managing network securi...

System and method for user-context-based data loss prevention

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

368 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user-context-based data loss prevention

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

368 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links