Method and apparatus for autonomic discovery of sensitive content

US 20120131012A1
Filed: 11/18/2010
Published: 05/24/2012
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method, operative at or in association with an endpoint in a data loss prevention (DLP) system, comprising:

obtaining information identifying an identity of a resource being accessed;

updating a statistical model of resource access and usage based on the obtained information; and

prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data loss prevention (DLP) system provides a policy-based mechanism for managing how data is discovered and classified on an endpoint workstation, file server or other device within an enterprise. The technique described herein works in an automated manner by analyzing file system activity as one or more endpoint applications interact with a file system to build a statistical model of which areas of the file system are (or will be deemed to be) active or highly active. Using this information, scanning to those areas by the DLP software is then prioritized appropriately to focus compute resources on scanning and classifying preferably only those files and folders that are necessary to be scanned, i.e., the file system portions in which the user is applying the majority of his or her activity. As a result, the technique limits scanning to only those areas that have meaningful activity (thereby conserving compute resources with respect to files or folders that have not changed), improving scanning efficiency.

38 Citations

View as Search Results

21 Claims

1. A method, operative at or in association with an endpoint in a data loss prevention (DLP) system, comprising:
- obtaining information identifying an identity of a resource being accessed;
  
  updating a statistical model of resource access and usage based on the obtained information; and
  
  prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein prioritizing is based on a scoring algorithm.
  - 3. The method as described in claim 2 wherein the scoring algorithm applies at least one weight to a resource access count.
  - 4. The method as described in claim 1 wherein the resource being accessed is a file or folder of a file system.
  - 5. The method as described in claim 1 further including scanning the resources, in order of access activity as indicated in the statistical model, until a completion milestone is reached.
  - 6. The method as described in claim 5 wherein the completion milestone is one of:
    - scanning of all resources represented in the statistical model, completion of an allocated time period, completion of a scan of a predetermined number of resources, and completion of a scan of resources having an access count that exceeds a threshold.
  - 7. The method as described in claim 1 wherein the information is obtained by intercepting a system API call.

8. Apparatus, operative at or in association with an endpoint in a data loss prevention (DLP) system, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a method comprising;
  
  obtaining information identifying an identity of a resource being accessed;
  
  updating a statistical model of resource access and usage based on the obtained information; and
  
  prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as described in claim 8 wherein prioritizing is based on a scoring algorithm.
  - 10. The apparatus as described in claim 9 wherein the scoring algorithm applies at least one weight to a resource access count.
  - 11. The apparatus as described in claim 8 wherein the resource being accessed is a file or folder of a file system.
  - 12. The apparatus as described in claim 8 wherein the method further includes scanning the resources, in order of access activity as indicated in the statistical model, until a completion milestone is reached.
  - 13. The apparatus as described in claim 12 wherein the completion milestone is one of:
    - scanning of all resources represented in the statistical model, completion of an allocated time period, completion of a scan of a predetermined number of resources, and completion of a scan of resources having an access count that exceeds a threshold.
  - 14. The apparatus as described in claim 8 wherein the information is obtained by intercepting a system API call.

15. A computer program product in a computer readable medium for use in a data processing system operative at or in association with an endpoint in a data loss prevention (DLP) system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
- obtaining information identifying an identity of a resource being accessed;
  
  updating a statistical model of resource access and usage based on the obtained information; and
  
  prioritizing resources for further scanning for sensitive content based on the statistical model such that a resource with a higher level of access activity is designated for scanning ahead of a resource with a lower level of access activity.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product as described in claim 15 wherein prioritizing is based on a scoring algorithm.
  - 17. The computer program product as described in claim 16 wherein the scoring algorithm applies at least one weight to a resource access count.
  - 18. The computer program product as described in claim 15 wherein the resource being accessed is a file or folder of a file system.
  - 19. The computer program product as described in claim 15 wherein the method further includes scanning the resources, in order of access activity as indicated in the statistical model, until a completion milestone is reached.
  - 20. The computer program product as described in claim 19 wherein the completion milestone is one of:
    - scanning of all resources represented in the statistical model, completion of an allocated time period, completion of a scan of a predetermined number of resources, and completion of a scan of resources having an access count that exceeds a threshold.
  - 21. The computer program product as described in claim 15 wherein the information is obtained by intercepting a system API call.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SailPoint Technologies Holdings, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Taylor, Daniel McKenzie, Cogill, Peter Terence

Granted Patent

US 9,569,449 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/748
CPC Class Codes

G06F 16/14   Details of searching files ...

G06F 16/21   Design, administration or m...

G06Q 10/00   Administration; Management

Method and apparatus for autonomic discovery of sensitive content

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for autonomic discovery of sensitive content

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links