Methods and systems to implement fingerprint lookups across remote agents
First Claim
1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure outside of an organization'"'"'s protected computer environment, said environment comprised of at least one computing device, using at least one instances of a protect agent installed and operating on the at least one computing devices, the computer implemented method comprising:
- monitoring, by the at least one protect agents operating on the at least one computing devices, the activity of each of an at least one computing device egress points;
determining, by the at least one protect agent operating on the at least one computing device, an attempt by the computing device to transmit a data file outside the monitored organization'"'"'s protected computer environment using one of the at least one egress points;
based on a determination, by the protect agent operating on the computing device, of an attempt by the computing device to transmit the data file outside the monitored organization'"'"'s protected computer environment, transmitting the data file to a fingerprint server prior to the data file being transmitted to the determined destination outside of the organization'"'"'s protected computer environment;
receiving, by the fingerprint server, the data file transmitted by the protect agent operating on the computing device;
converting, by the fingerprint server, a portion of the information contained in the transmitted data file to at least one fingerprints representative of the information contained in the data file;
determining, by the fingerprint server, whether the at least one fingerprint matches at least one of a plurality of preexisting fingerprints residing in a database of fingerprints accessible to the fingerprint server;
based on a determination, of a match, selecting a security action associated with the matched fingerprint; and
transmitting, by the fingerprint server, to the protect agent operating on the computing device, a data representing the security action selected by the fingerprint server.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides methods and systems to protect an organization'"'"'s secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user'"'"'s computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization'"'"'s secure data. In one embodiment, the protect agents transmit fingerprints associated with the user'"'"'s information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.
-
Citations
26 Claims
-
1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure outside of an organization'"'"'s protected computer environment, said environment comprised of at least one computing device, using at least one instances of a protect agent installed and operating on the at least one computing devices, the computer implemented method comprising:
-
monitoring, by the at least one protect agents operating on the at least one computing devices, the activity of each of an at least one computing device egress points; determining, by the at least one protect agent operating on the at least one computing device, an attempt by the computing device to transmit a data file outside the monitored organization'"'"'s protected computer environment using one of the at least one egress points; based on a determination, by the protect agent operating on the computing device, of an attempt by the computing device to transmit the data file outside the monitored organization'"'"'s protected computer environment, transmitting the data file to a fingerprint server prior to the data file being transmitted to the determined destination outside of the organization'"'"'s protected computer environment; receiving, by the fingerprint server, the data file transmitted by the protect agent operating on the computing device; converting, by the fingerprint server, a portion of the information contained in the transmitted data file to at least one fingerprints representative of the information contained in the data file; determining, by the fingerprint server, whether the at least one fingerprint matches at least one of a plurality of preexisting fingerprints residing in a database of fingerprints accessible to the fingerprint server; based on a determination, of a match, selecting a security action associated with the matched fingerprint; and transmitting, by the fingerprint server, to the protect agent operating on the computing device, a data representing the security action selected by the fingerprint server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 25)
-
-
20. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
-
an at least one processor within a corresponding an at least one computing device; an at least one corresponding non-transitory memory in the corresponding at least one processors storing code which, when executed by the at least one processor on the at least one computing device, causes the at least one processor on the computing device to perform the steps of; monitoring the activity of each of an at least one computing system device egress points; determining an attempt by the at least one computing device to transmit a data file outside at least one of the egress points; based on a determination of an attempt by the computing device to transmit the data file outside the at least one egress points, transmitting the data file to a fingerprint server prior to the data file being transmitted outside the at least one egress points; a processor on a fingerprint server; a non-transitory memory comprising the fingerprint server for storing code which, when executed by the processor on the fingerprint server, causes the processor on the fingerprint server to perform the steps of; receiving the data file transmitted by the protect agent operating on the computing device; converting a portion of the information contained in the transmitted data file to at least one fingerprints representative of the information contained in the data file; determining whether the at least one fingerprint matches at least one of a plurality of preexisting fingerprints residing in a database of fingerprints accessible to the fingerprint server; based on a determination of a match, selecting a security action; and transmitting to the protect agent operating on the computing device, a data representing the security action selected by the fingerprint server. - View Dependent Claims (21, 22, 23, 24, 26)
-
Specification