CN106446707A - Dynamic data leakage prevention system and method - Google Patents
Dynamic data leakage prevention system and method Download PDFInfo
- Publication number
- CN106446707A CN106446707A CN201610799977.3A CN201610799977A CN106446707A CN 106446707 A CN106446707 A CN 106446707A CN 201610799977 A CN201610799977 A CN 201610799977A CN 106446707 A CN106446707 A CN 106446707A
- Authority
- CN
- China
- Prior art keywords
- data
- filtering rule
- outgoing
- file
- data filtering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a dynamic data leakage prevention system and method. The method comprises a data filtering rule file storage module, a data management control policy storage module and a file scanning engine, wherein the data filtering rule file storage module is used for storing a data filtering file, and the data filtering rule file comprises a plurality of different types of data filtering rules; the data management control policy storage module is used for storing a data management control policy, and the data management control policy comprises corresponding relationships between the different types of data filtering rules and different levels of data management control schemes; and the file scanning engine loads the data filtering rule file and the data management control policy, scans data sent to outside according to the data filtering rule file when the data needs to be sent to the outside, and performs corresponding outside sending control on the data sent to the outside. According to the system and the method, data leakage prevention can be dynamically performed, a leakage prevention management control object is defined in data, and a terminal or a user is no longer taken as a subject, so that the flexibility and security of data security control are improved.
Description
Technical field
The present invention relates to a kind of data security arts, the dynamic leak prevention system of more particularly, to a kind of data and method.
Background technology
In the information age instantly, data safety, information security problem further important, the static passive data that carries out is prevented
Leakage cannot tackle the leakage means that emerge in an endless stream.In this regard, Wanda Science and Technology Co., Ltd. of Beijing Ming Dynasty proposes and realizes
Carry out the improvement project of the dynamic anti-leak of data based on keyword, regular expression and machine learning techniques.
The traditional static mode of industry commonly used management and control outgoing terminal or user carries out anti-data-leakage process at present.
And emerging it is encrypted the mode of protection using the technology scanning file such as regular expression, keyword and machine learning, still
Belong to static protection category.
Present terminal anti-data-leakage technology is installation anti-leak software on corresponding terminal, by external on control terminal
Equipment read-write and network upload the behaviors such as download for primary protection thinking, or all data outgoing results are all encrypted, or
All block, or whole plaintext is it is impossible to carry out different disposal according to data difference.
As shown in accompanying drawing 1-2, which show in prior art, carried out in the scene that data is copied out by USB flash disk, in insertion
During mobile device, mastering component passes through the USB flash disk control strategy (mode) pre-setting, and notifies bottom layer driving to carry out corresponding data
Read-write Catrol, such as normal read-write (do not do and control), encrypting read/write (copies into and is encrypted as ciphertext, copying out deciphering is in plain text), read-only (
Can read it is impossible to write) and disabling (prohibitting the use of USB flash disk).All data all can only carry out outgoing by one way in which.
Existing anti-leak scheme still is limited to terminaloriented, user oriented, and the static passive of indifference processing data is managed
Control means.Management and control mode once issues, all data whether concerning security matters in terminal, and sensitivity all will be uniformly processed, no
Can treat with a certain discrimination, have impact on operating efficiency, the raising of restriction productivity to a certain extent.
Prior art belongs to the passive security control mode of the static state to data.Therefore, in the urgent need to providing a kind of change quilt
Move as actively, becoming static state into dynamic scheme, anti-data-leakage management and control object is changed to data, according to the difference of data, enters
The different control of row.By study and the analyze data of keyword, regular expression and machine learning techniques active, in conjunction with data
Dictionary is classified to data, formulates different control devices to the data of different stage, no longer indifference is treated, and is not affecting
Accomplish dynamic data management and control in the case of client's use habit..
Content of the invention
For solving above-mentioned technical problem, the invention provides a kind of dynamic leakage prevention method of data is it is characterised in that the party
Method comprises the following steps:
Formulate data filtering rule file, this data filtering rule file includes multiple different types of data filtering rule
Then;
Generate data management and control strategy, described data management and control strategy includes different types of data filtering rule and different stage
Data pipe prosecutor case corresponding relation;
Load described data filtering rule file and data management and control strategy;
When there being data to need outgoing, according to described data filtering rule file, outgoing data is scanned, judges institute
State outgoing data whether with described data filtering rule file in described data filtering rule match, if it does, then according to
The corresponding data pipe prosecutor case of the rule of data filtering described in described data management and control strategy is carried out to described outgoing data accordingly
Outgoing controls.
Method in accordance with the invention it is preferred that described data filtering rule is formulated at least through one of in the following manner:Pass through
Study analysis typical case masterplate data in advance, obtains institute's data filtering rule;Or according to keyword and regular expression, according to need
Sensitive field to be monitored, digital canonical formula formulate described data filtering rule.
Method in accordance with the invention it is preferred that the plurality of different types of data filtering rule is included to data below
Filtered:Nonsensitive data, low sensitive data, middle sensitive data, high sensitive data, top-secret data.
Method in accordance with the invention it is preferred that described data pipe prosecutor case includes:Send in plain text, audit sends, encryption is sent out
Send, outgoing is examined, forbid transmission.
Method in accordance with the invention it is preferred that outgoing examination & approval include:Send in plain text, encryption sends, forbid transmission.
If method in accordance with the invention it is preferred that the institute in described outgoing data and described data filtering rule file
State data filtering rule to mismatch, then outgoing control is not carried out to described outgoing data.
For solving above-mentioned technical problem, the invention provides a kind of dynamic leak prevention system of data is it is characterised in that this is
System includes:
Data filtering rule file memory module, filters file for data storage, and this data filtering rule file includes
Multiple different types of data filtering rules;
Data management and control policy store module, for data storage management and control strategy, described data management and control strategy includes inhomogeneity
The data filtering rule of type and the corresponding relation of the data pipe prosecutor case of different stage;
File scan engine, loads described data filtering rule file and data management and control strategy, needs outgoing when there being data
When, according to described data filtering rule file, outgoing data is scanned, judge described outgoing data whether with described data
Described data filtering rule match in filtering rule file, if it does, then number according to described data management and control strategy
According to filtering rule corresponding data pipe prosecutor case, described outgoing data is carried out with corresponding outgoing control.
The system according to the present invention is it is preferable that described data filtering rule is formulated at least through one of in the following manner:Described
File scan engine passes through study analysis typical case masterplate data in advance, obtains institute's data filtering rule;Or according to keyword and
Regular expression, the sensitive field monitoring as needed, digital canonical formula formulate described data filtering rule.
The system according to the present invention it is preferable that also including logger module, for described outer to described outgoing data
Send out control and carry out log recording.
For solving above-mentioned technical problem, the invention provides a kind of business data safety control system is it is characterised in that be somebody's turn to do
System includes:
Multiple data servers, for being managed to inside data of enterprise;
Multiple mail servers, for being managed to corporate mail data;
Switch, for controlling the outgoing of described inside data of enterprise and corporate mail data;
And the dynamic leak prevention system of above-mentioned data, it is connected with described switch, for the number to described switch outgoing
According to carrying out security control.
Using technical scheme, can dynamically carry out anti-data-leakage, anti-leak management and control object definition is existed
Data itself, no longer based on terminal or user, according to the difference of data, carries out different management and control, for non-concerning security matters
Data does not control, for confidential data according to sensitivity grading control, it is to avoid indiscriminate management and control, causes the wasting of resources, shadow
Ring operating efficiency.
Brief description
Fig. 1 is data outgoing control logic figure of the prior art.
Fig. 2 is USB flash disk data outgoing control logic figure in prior art.
Fig. 3 is USB flash disk data outgoing control flow chart in prior art.
Fig. 4 is the data outgoing control logic figure of the present invention.
Fig. 5 is the data outgoing control flow chart of the present invention.
Fig. 6 is the first embodiment of application technical solution of the present invention.
Fig. 7 is the second embodiment of application technical solution of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is further illustrated, but protection scope of the present invention is simultaneously
Not limited to this.
<Control method>
Fig. 4 data of the present invention outgoing control logic figure.
Fig. 5 is for data outgoing control method flowchart of the present invention.As shown in figure 5, the present invention includes following methods
Step:
Rulemaking:Rule is divided into two kinds, and one kind is by study analysis client masterplate data in advance, obtains client typical case
The rule that data draws.Client provides typical masterplate data to import file scan engine, and scanning engine passes through machine learning techniques
Data is analyzed, generates the rule file meeting typical data description.Another kind is according to keyword and regular expression,
The rule of the formulations such as the sensitive field that monitored as needed by client, digital canonical formula.
Classification:After Rulemaking finishes, by data classification hierarchy model, different to different types of rule match
The management and control means of rank, generate control strategy;
Load strategy:Scanning engine parsing strategy, loading rule file and corresponding control mode, wait and touch during pending data outgoing
Send out and call;
Outgoing controls:During data outgoing, outgoing data is sent to file scan engine by management and control module, scanning engine according to
Rule file is scanned to file content, Study document content whether with rule match, if coupling, corresponding according to rule
Management and control means carry out management and control, such as encrypt, block outgoing, audit or submit to outgoing to examine.For miss file then according to
Original normal flow carries out outgoing.
The plurality of different types of data filtering rule includes data below is filtered:Nonsensitive data, muting sensitive
Sense data, middle sensitive data, high sensitive data, top-secret data.
Described data pipe prosecutor case includes:Plaintext sends, auditing sends, encrypt transmission, outgoing examination & approval, forbid transmission.
Outgoing examination & approval include:Send in plain text, encryption sends, forbid transmission.
<Control system>
Present invention also offers a kind of dynamic leak prevention system of data, this system includes:
Data filtering rule file memory module, filters file for data storage, and this data filtering rule file includes
Multiple different types of data filtering rules;
Data management and control policy store module, for data storage management and control strategy, described data management and control strategy includes inhomogeneity
The data filtering rule of type and the corresponding relation of the data pipe prosecutor case of different stage;
File scan engine, loads described data filtering rule file and data management and control strategy, needs outgoing when there being data
When, according to described data filtering rule file, outgoing data is scanned, judge described outgoing data whether with described data
Described data filtering rule match in filtering rule file, if it does, then number according to described data management and control strategy
According to filtering rule corresponding data pipe prosecutor case, described outgoing data is carried out with corresponding outgoing control.
Data filtering rule file memory module data management and control policy store module can be using of the prior art each
Plant memory to realize, such as hard disk, disk, flash memory, database, cloud storage, the mode such as distributed storage.
File scan engine can adopt the data processing modules such as central processor CPU to realize.
Described data filtering rule is formulated at least through one of in the following manner:Described file scan engine passes through to learn in advance
The typical masterplate data of analysis, obtains institute's data filtering rule;Or according to keyword and regular expression, monitor as needed
Sensitive field, digital canonical formula formulate described data filtering rule.
The system of the present invention includes logger module, carries out daily record for controlling to the described outgoing of described outgoing data
Record.
<First embodiment>
As shown in fig. 6, certain large bank will hang over by DLP system on egress switch, to the external transmission of enterprises
Network data is monitored.Enable the built-in set of strategies such as finance, confidential data, pattern match is carried out to account information, according to
Concrete condition has worked out following Keyword List:
Keyword/top secret/secret/secrecy/secret
Security solution/safety approach/network topology
Meeting summary/meeting/standards of grading/account
Financial data/annual report/quarterly report/row length
Tender standard/build and always send out/build total letter/Olympic security guarantee/technical specification
The board of directors
The data volume of monitoring in one week:
2,273,881 message of coprocessing
Filter the data traffic of 11.76GB
Coupling record 6502 altogether
Find violation event 1,440
It is that DLP is deployed in background server end in this example, the network data of outgoing is analyzed according to rule
Join, legal carry out record of the audit, incongruent filtration is not processed.Only audit in this example data outgoing not to be entered
Line pipe control.
Provide a kind of business data safety control system, be applied in one or more intranets, this system
Including:
Multiple data servers, for being managed to inside data of enterprise;
Multiple mail servers, for being managed to corporate mail data;
Switch, for controlling the outgoing of described inside data of enterprise and corporate mail data;
And the dynamic leak prevention system (DLP) of above-mentioned data, it is connected with described switch, for described switch outgoing
Data carry out security control.
<Second embodiment>
As shown in Figure 7, certain large bank client carries out upgrading to existing terminal plaintext outgoing function, before transformation
Plaintext outgoing can send out outward after only needing registration, there is risk of leakage.When after transformation, user uses plaintext outgoing scan function,
This module can be scanned to file content, and contain the significance level of sensitive content according to file, and automatic decision needs to execute
Follow-up outgoing action, as follows:
The direct outgoing of plaintext document
Plaintext outgoing after file registration
Plaintext outgoing after document approvals
Refusal plaintext document outgoing
The scheme that the present invention provides is intended to dynamically carry out anti-data-leakage, by anti-leak management and control object definition in data originally
With, no longer based on terminal or user, according to the difference of data, carry out different management and control, for non-confidential data not
Control, for confidential data according to sensitivity grading control, it is to avoid indiscriminate management and control, cause the wasting of resources, affect work
Efficiency.
Above example is only used as the example of protection scheme of the present invention, the specific embodiment of the present invention is not limited
Fixed.
Claims (10)
1. a kind of dynamic leakage prevention method of data is it is characterised in that the method comprises the following steps:
Formulate data filtering rule file, this data filtering rule file includes multiple different types of data filtering rules;
Generate data management and control strategy, described data management and control strategy includes the number of different types of data filtering rule and different stage
Corresponding relation according to management and control scheme;
Load described data filtering rule file and data management and control strategy;
When there being data to need outgoing, according to described data filtering rule file, outgoing data is scanned, judges described outer
Send out data whether with described data filtering rule file in described data filtering rule match, if it does, then according to described
The corresponding data pipe prosecutor case of the rule of data filtering described in data management and control strategy carries out corresponding outgoing to described outgoing data
Control.
2. method according to claim 1 is it is characterised in that described data filtering rule is at least through one of in the following manner
Formulate:By the typical case's masterplate data of study analysis in advance, obtain institute's data filtering rule;Or according to keyword and regular expressions
Formula, the sensitive field monitoring as needed, digital canonical formula formulate described data filtering rule.
3. method according to claim 1 it is characterised in that the plurality of different types of data filtering rule include right
Data below is filtered:Nonsensitive data, low sensitive data, middle sensitive data, high sensitive data, top-secret data.
4. method according to claim 1 is it is characterised in that described data pipe prosecutor case includes:Plaintext sends, audit sends,
Encryption sends, outgoing is examined, forbid transmission.
5. method according to claim 4 is it is characterised in that outgoing examination & approval include:Send in plain text, encryption sends, forbids
Send.
6. method according to claim 1, if described in described outgoing data and described data filtering rule file
Data filtering rule mismatches, then do not carry out outgoing control to described outgoing data.
7. a kind of dynamic leak prevention system of data is it is characterised in that this system includes:
Data filtering rule file memory module, filters file for data storage, this data filtering rule file includes multiple
Different types of data filtering rule;
Data management and control policy store module, for data storage management and control strategy, described data management and control strategy includes different types of
The corresponding relation of the data pipe prosecutor case of data filtering rule and different stage;
File scan engine, loads described data filtering rule file and data management and control strategy, when there being data to need outgoing, root
According to described data filtering rule file, outgoing data is scanned, judges whether described outgoing data is advised with described data filtering
The then described data filtering rule match in file, if it does, then data filtering according to described data management and control strategy
The corresponding data pipe prosecutor case of rule carries out corresponding outgoing control to described outgoing data.
8. system according to claim 7 is it is characterised in that described data filtering rule is at least through one of in the following manner
Formulate:Described file scan engine passes through study analysis typical case masterplate data in advance, obtains institute's data filtering rule;Or foundation
Keyword and regular expression, the sensitive field monitoring as needed, digital canonical formula formulate described data filtering rule.
9. method according to claim 7 is it is characterised in that also include logger module, for described outgoing number
According to described outgoing control and carry out log recording.
10. a kind of business data safety control system is it is characterised in that this system includes:
Multiple data servers, for being managed to inside data of enterprise;
Multiple mail servers, for being managed to corporate mail data;
Switch, for controlling the outgoing of described inside data of enterprise and corporate mail data;
And the dynamic leak prevention system of the data as described in claim 7-9, it is connected with described switch, for described exchange
The data of machine outgoing carries out security control.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610799977.3A CN106446707A (en) | 2016-08-31 | 2016-08-31 | Dynamic data leakage prevention system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610799977.3A CN106446707A (en) | 2016-08-31 | 2016-08-31 | Dynamic data leakage prevention system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106446707A true CN106446707A (en) | 2017-02-22 |
Family
ID=58163823
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610799977.3A Pending CN106446707A (en) | 2016-08-31 | 2016-08-31 | Dynamic data leakage prevention system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106446707A (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106982355A (en) * | 2017-04-06 | 2017-07-25 | 浙江宇视科技有限公司 | The video monitoring system and anti-leak server of a kind of anti-image leakage |
CN107172081A (en) * | 2017-06-28 | 2017-09-15 | 北京明朝万达科技股份有限公司 | A kind of method and apparatus of data check |
CN107277141A (en) * | 2017-06-21 | 2017-10-20 | 京东方科技集团股份有限公司 | Data judgment method and distributed memory system applied to distributed memory system |
CN107483422A (en) * | 2017-08-03 | 2017-12-15 | 深信服科技股份有限公司 | Leakage of data retroactive method, equipment and computer-readable recording medium |
CN107577939A (en) * | 2017-09-12 | 2018-01-12 | 中国石油集团川庆钻探工程有限公司 | A kind of data leakage prevention method based on key technology |
CN107633380A (en) * | 2017-08-30 | 2018-01-26 | 北京明朝万达科技股份有限公司 | The task measures and procedures for the examination and approval and system of a kind of anti-data-leakage system |
CN107895121A (en) * | 2017-11-06 | 2018-04-10 | 北京明朝万达科技股份有限公司 | A kind of bank client data safety control method and system |
CN108038373A (en) * | 2017-12-20 | 2018-05-15 | 北京明朝万达科技股份有限公司 | A kind of data scanning method and system for cloud terminal |
CN108052833A (en) * | 2017-12-11 | 2018-05-18 | 北京明朝万达科技股份有限公司 | A kind of executable file anti-data-leakage scan method, system and gateway |
CN108052826A (en) * | 2017-12-20 | 2018-05-18 | 北京明朝万达科技股份有限公司 | Distributed sensitive data scan method and system based on anti-data-leakage terminal |
CN108133143A (en) * | 2017-12-12 | 2018-06-08 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system of facing cloud desktop application environment |
CN108376223A (en) * | 2018-01-30 | 2018-08-07 | 云易天成(北京)安全科技开发有限公司 | The anti-data-leakage control method and file watching system that object oriented file replicates |
CN108449324A (en) * | 2018-02-14 | 2018-08-24 | 北京明朝万达科技股份有限公司 | The secure exchange method and system of data between a kind of net |
CN108734026A (en) * | 2018-05-25 | 2018-11-02 | 云易天成(北京)安全科技开发有限公司 | Data leakage prevention method, system, terminal and medium |
CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
CN108763948A (en) * | 2018-03-16 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of automatic measures and procedures for the examination and approval of file and system of data-oriented anti-disclosure system |
CN109033313A (en) * | 2018-07-17 | 2018-12-18 | 北京明朝万达科技股份有限公司 | A kind of method and terminal device for realizing scan full hard disk function using USN |
CN109101574A (en) * | 2018-07-18 | 2018-12-28 | 北京明朝万达科技股份有限公司 | A kind of the task measures and procedures for the examination and approval and system of anti-data-leakage system |
CN109635587A (en) * | 2018-12-17 | 2019-04-16 | 杭州安恒信息技术股份有限公司 | The method and apparatus for realizing data automatic classification cascade protection |
CN110135128A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of document handling method and device |
CN110502906A (en) * | 2019-07-04 | 2019-11-26 | 北京泰立鑫科技有限公司 | A kind of method and system of data safety outgoing |
CN110807210A (en) * | 2019-11-04 | 2020-02-18 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
CN110855611A (en) * | 2019-10-10 | 2020-02-28 | 平安科技(深圳)有限公司 | Data outgoing method, device and related equipment |
CN111191098A (en) * | 2019-12-25 | 2020-05-22 | 山石网科通信技术股份有限公司 | Data filtering method and device |
WO2020100061A1 (en) * | 2018-11-13 | 2020-05-22 | Wenspire | Method and device for monitoring data output by a server |
CN111756732A (en) * | 2020-06-23 | 2020-10-09 | 北京明朝万达科技股份有限公司 | Data scanning and control method and device, electronic equipment and readable storage medium |
CN112565196A (en) * | 2020-11-10 | 2021-03-26 | 杭州神甲科技有限公司 | Data leakage prevention method and device with network monitoring capability and storage medium |
CN113992621A (en) * | 2021-09-08 | 2022-01-28 | 厦门天锐科技股份有限公司 | System and method for mail outgoing examination and approval |
CN115150189A (en) * | 2022-07-28 | 2022-10-04 | 深圳市瑞云科技有限公司 | Method for automatically intercepting outgoing files based on enterprise private cloud disk |
CN115550063A (en) * | 2022-11-23 | 2022-12-30 | 天津安华易科技发展有限公司 | Network information security supervision method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103209174A (en) * | 2013-03-12 | 2013-07-17 | 华为技术有限公司 | Data protection method, device and system |
CN103336927A (en) * | 2013-06-07 | 2013-10-02 | 杭州世平信息科技有限公司 | Data classification based data leakage prevention method and system |
US20130279338A1 (en) * | 2010-03-05 | 2013-10-24 | Microsoft Corporation | Congestion control for delay sensitive applications |
CN104866780A (en) * | 2015-04-24 | 2015-08-26 | 广东电网有限责任公司信息中心 | Unstructured data asset reveal prevention method based on hierarchical classification |
-
2016
- 2016-08-31 CN CN201610799977.3A patent/CN106446707A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130279338A1 (en) * | 2010-03-05 | 2013-10-24 | Microsoft Corporation | Congestion control for delay sensitive applications |
CN103209174A (en) * | 2013-03-12 | 2013-07-17 | 华为技术有限公司 | Data protection method, device and system |
CN103336927A (en) * | 2013-06-07 | 2013-10-02 | 杭州世平信息科技有限公司 | Data classification based data leakage prevention method and system |
CN104866780A (en) * | 2015-04-24 | 2015-08-26 | 广东电网有限责任公司信息中心 | Unstructured data asset reveal prevention method based on hierarchical classification |
Cited By (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106982355A (en) * | 2017-04-06 | 2017-07-25 | 浙江宇视科技有限公司 | The video monitoring system and anti-leak server of a kind of anti-image leakage |
CN107277141A (en) * | 2017-06-21 | 2017-10-20 | 京东方科技集团股份有限公司 | Data judgment method and distributed memory system applied to distributed memory system |
WO2018233321A1 (en) * | 2017-06-21 | 2018-12-27 | 京东方科技集团股份有限公司 | Data determination method applied to distributed storage system and distributed storage system |
CN107277141B (en) * | 2017-06-21 | 2020-03-31 | 京东方科技集团股份有限公司 | Data judgment method applied to distributed storage system and distributed storage system |
US11249691B2 (en) | 2017-06-21 | 2022-02-15 | Boe Technology Group Co., Ltd. | Data judging method applied in distributed storage system and distributed storage system |
CN107172081A (en) * | 2017-06-28 | 2017-09-15 | 北京明朝万达科技股份有限公司 | A kind of method and apparatus of data check |
CN107483422A (en) * | 2017-08-03 | 2017-12-15 | 深信服科技股份有限公司 | Leakage of data retroactive method, equipment and computer-readable recording medium |
CN107483422B (en) * | 2017-08-03 | 2020-10-27 | 深信服科技股份有限公司 | Data leakage tracing method and device and computer readable storage medium |
CN107633380A (en) * | 2017-08-30 | 2018-01-26 | 北京明朝万达科技股份有限公司 | The task measures and procedures for the examination and approval and system of a kind of anti-data-leakage system |
CN107577939A (en) * | 2017-09-12 | 2018-01-12 | 中国石油集团川庆钻探工程有限公司 | A kind of data leakage prevention method based on key technology |
CN107577939B (en) * | 2017-09-12 | 2020-11-06 | 中国石油集团川庆钻探工程有限公司 | Data leakage prevention method based on keyword technology |
CN107895121A (en) * | 2017-11-06 | 2018-04-10 | 北京明朝万达科技股份有限公司 | A kind of bank client data safety control method and system |
CN108052833A (en) * | 2017-12-11 | 2018-05-18 | 北京明朝万达科技股份有限公司 | A kind of executable file anti-data-leakage scan method, system and gateway |
CN108133143A (en) * | 2017-12-12 | 2018-06-08 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system of facing cloud desktop application environment |
CN108052826A (en) * | 2017-12-20 | 2018-05-18 | 北京明朝万达科技股份有限公司 | Distributed sensitive data scan method and system based on anti-data-leakage terminal |
CN108038373A (en) * | 2017-12-20 | 2018-05-15 | 北京明朝万达科技股份有限公司 | A kind of data scanning method and system for cloud terminal |
CN108052826B (en) * | 2017-12-20 | 2019-10-25 | 北京明朝万达科技股份有限公司 | Distributed sensitive data scan method and system based on anti-data-leakage terminal |
CN108376223A (en) * | 2018-01-30 | 2018-08-07 | 云易天成(北京)安全科技开发有限公司 | The anti-data-leakage control method and file watching system that object oriented file replicates |
CN108449324B (en) * | 2018-02-14 | 2021-05-14 | 北京明朝万达科技股份有限公司 | Method and system for safely exchanging data between networks |
CN108449324A (en) * | 2018-02-14 | 2018-08-24 | 北京明朝万达科技股份有限公司 | The secure exchange method and system of data between a kind of net |
CN108763948A (en) * | 2018-03-16 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of automatic measures and procedures for the examination and approval of file and system of data-oriented anti-disclosure system |
CN108763948B (en) * | 2018-03-16 | 2020-07-24 | 北京明朝万达科技股份有限公司 | Automatic document approval method and system for data leakage prevention system |
CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
CN108734026A (en) * | 2018-05-25 | 2018-11-02 | 云易天成(北京)安全科技开发有限公司 | Data leakage prevention method, system, terminal and medium |
CN108734026B (en) * | 2018-05-25 | 2020-04-03 | 云易天成(北京)安全科技开发有限公司 | Data leakage prevention method, system, terminal and medium |
CN109033313A (en) * | 2018-07-17 | 2018-12-18 | 北京明朝万达科技股份有限公司 | A kind of method and terminal device for realizing scan full hard disk function using USN |
CN109033313B (en) * | 2018-07-17 | 2020-09-25 | 北京明朝万达科技股份有限公司 | Method and terminal equipment for realizing full-disk scanning function by using USN |
CN109101574A (en) * | 2018-07-18 | 2018-12-28 | 北京明朝万达科技股份有限公司 | A kind of the task measures and procedures for the examination and approval and system of anti-data-leakage system |
CN109101574B (en) * | 2018-07-18 | 2020-09-25 | 北京明朝万达科技股份有限公司 | Task approval method and system of data leakage prevention system |
WO2020100061A1 (en) * | 2018-11-13 | 2020-05-22 | Wenspire | Method and device for monitoring data output by a server |
CN109635587B (en) * | 2018-12-17 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | Method and device for realizing automatic classification and grading protection of data |
CN109635587A (en) * | 2018-12-17 | 2019-04-16 | 杭州安恒信息技术股份有限公司 | The method and apparatus for realizing data automatic classification cascade protection |
CN110135128A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of document handling method and device |
CN110502906A (en) * | 2019-07-04 | 2019-11-26 | 北京泰立鑫科技有限公司 | A kind of method and system of data safety outgoing |
CN110855611B (en) * | 2019-10-10 | 2021-11-09 | 平安科技(深圳)有限公司 | Data outgoing method, device and related equipment |
CN110855611A (en) * | 2019-10-10 | 2020-02-28 | 平安科技(深圳)有限公司 | Data outgoing method, device and related equipment |
CN110807210A (en) * | 2019-11-04 | 2020-02-18 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
CN111191098A (en) * | 2019-12-25 | 2020-05-22 | 山石网科通信技术股份有限公司 | Data filtering method and device |
CN111191098B (en) * | 2019-12-25 | 2022-10-18 | 山石网科通信技术股份有限公司 | Data filtering method and device |
CN111756732A (en) * | 2020-06-23 | 2020-10-09 | 北京明朝万达科技股份有限公司 | Data scanning and control method and device, electronic equipment and readable storage medium |
CN112565196A (en) * | 2020-11-10 | 2021-03-26 | 杭州神甲科技有限公司 | Data leakage prevention method and device with network monitoring capability and storage medium |
CN113992621A (en) * | 2021-09-08 | 2022-01-28 | 厦门天锐科技股份有限公司 | System and method for mail outgoing examination and approval |
CN115150189B (en) * | 2022-07-28 | 2023-11-07 | 深圳市瑞云科技有限公司 | Method for automatically intercepting file outgoing based on enterprise private cloud disk |
CN115150189A (en) * | 2022-07-28 | 2022-10-04 | 深圳市瑞云科技有限公司 | Method for automatically intercepting outgoing files based on enterprise private cloud disk |
CN115550063A (en) * | 2022-11-23 | 2022-12-30 | 天津安华易科技发展有限公司 | Network information security supervision method and system |
CN115550063B (en) * | 2022-11-23 | 2023-03-14 | 天津安华易科技发展有限公司 | Network information security supervision method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106446707A (en) | Dynamic data leakage prevention system and method | |
US11637840B2 (en) | Method and system for forensic data tracking | |
CN107577939B (en) | Data leakage prevention method based on keyword technology | |
US9736182B1 (en) | Context-aware compromise assessment | |
US20090292930A1 (en) | System, method and apparatus for assuring authenticity and permissible use of electronic documents | |
CN105721461A (en) | System and method using dedicated computer security services | |
CN102959558A (en) | System and method for document policy enforcement | |
US9064097B2 (en) | System and method of automatically detecting outliers in usage patterns | |
DE202013012765U1 (en) | System for protecting cloud services from unauthorized access and malicious software attack | |
CN102043920A (en) | Access quarantine method of public file in data divulgence protection system | |
CN101594360A (en) | LAN system and the method for safeguarding LAN information safety | |
US8793802B2 (en) | System, method, and computer program product for preventing data leakage utilizing a map of data | |
US20230315846A1 (en) | System and method for detecting leaked documents on a computer network | |
CN112698797A (en) | File printing control method and system, electronic equipment and storage medium | |
CN108390857A (en) | A kind of method and apparatus of high sensitive network to low sensitive network export | |
CN114254378A (en) | File uploading and downloading control system and method based on Windows | |
Menascé | The insider threat security architecture: a framework for an integrated, inseparable, and uninterrupted self-protection mechanism | |
CN112732539A (en) | Data responsibility adjustment early warning method and system based on personnel organization and post information transaction | |
US9825763B2 (en) | Systems for automated forensic data capture | |
Ahmad et al. | Data leakage detection and data prevention using algorithm | |
KR101810853B1 (en) | Method for preventing corporate data leakage using neural network algorithm, recording medium and device for performing the method | |
Weidman et al. | The acceptable state: An analysis of the current state of acceptable use policies in academic institutions | |
CN117150453B (en) | Network application detection method, device, equipment, storage medium and program product | |
KR101278317B1 (en) | Method and Apparatus for file maintain using content inspection based | |
US20240111877A1 (en) | Delivering augmented threat assessment values to a security threat management facility |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |