Method and apparatus for autonomic discovery of sensitive content
First Claim
1. A method, operative at or in association with an endpoint in a data loss prevention (DLP) system, comprising:
- obtaining information identifying an identity of a resource being accessed;
updating a statistical model of resource access and usage based on the obtained information; and
prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity.
5 Assignments
0 Petitions
Accused Products
Abstract
A data loss prevention (DLP) system provides a policy-based mechanism for managing how data is discovered and classified on an endpoint workstation, file server or other device within an enterprise. The technique described herein works in an automated manner by analyzing file system activity as one or more endpoint applications interact with a file system to build a statistical model of which areas of the file system are (or will be deemed to be) active or highly active. Using this information, scanning to those areas by the DLP software is then prioritized appropriately to focus compute resources on scanning and classifying preferably only those files and folders that are necessary to be scanned, i.e., the file system portions in which the user is applying the majority of his or her activity. As a result, the technique limits scanning to only those areas that have meaningful activity (thereby conserving compute resources with respect to files or folders that have not changed), improving scanning efficiency.
38 Citations
21 Claims
-
1. A method, operative at or in association with an endpoint in a data loss prevention (DLP) system, comprising:
-
obtaining information identifying an identity of a resource being accessed; updating a statistical model of resource access and usage based on the obtained information; and prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, operative at or in association with an endpoint in a data loss prevention (DLP) system, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; obtaining information identifying an identity of a resource being accessed; updating a statistical model of resource access and usage based on the obtained information; and prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a computer readable medium for use in a data processing system operative at or in association with an endpoint in a data loss prevention (DLP) system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
obtaining information identifying an identity of a resource being accessed; updating a statistical model of resource access and usage based on the obtained information; and prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification