[go: up one dir, main page]

CN112532693A - Data leakage prevention method and device with network protection capability and storage medium - Google Patents

Data leakage prevention method and device with network protection capability and storage medium Download PDF

Info

Publication number
CN112532693A
CN112532693A CN202011246130.5A CN202011246130A CN112532693A CN 112532693 A CN112532693 A CN 112532693A CN 202011246130 A CN202011246130 A CN 202011246130A CN 112532693 A CN112532693 A CN 112532693A
Authority
CN
China
Prior art keywords
data
network protection
network
preventing
protection capability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011246130.5A
Other languages
Chinese (zh)
Inventor
蒋纳成
王渊
丁周华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Shenjia Technology Co ltd
Original Assignee
Hangzhou Shenjia Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Shenjia Technology Co ltd filed Critical Hangzhou Shenjia Technology Co ltd
Priority to CN202011246130.5A priority Critical patent/CN112532693A/en
Publication of CN112532693A publication Critical patent/CN112532693A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data leakage prevention method with network protection capability, a device and a storage medium, belonging to the technical field of network security. It has solved the network security scheduling problem among the prior art. The invention comprises a computer terminal and the following steps: s1, setting intelligent identification content, including: s11: keyword detection techniques; s12: regular expression techniques; s13: setting regular minimum hit times; s14: data dictionary detection techniques; s2: implementing network protection, comprising: s21: network protocol support; s22: network application support; s23: blacklist URL control; s24: a sensitive data processing mode; s25: exception setting; s26: a deployment mode; s3: management and presentation of protection results, including: s31: a built-in policy data source and a policy; s32: strategy definition and distribution; s33: managing an event and a DLP report; s34: log management; s35: authorization management and user management; s36: backup and restoration; s37: ease of use and extensibility. The invention has the advantages of multiple functions and the like.

Description

Data leakage prevention method and device with network protection capability and storage medium
Technical Field
The invention belongs to the field of network security, and particularly relates to a data leakage prevention method with network protection capability, a device and a storage medium.
Background
In recent years, data has become an important part of the development of human society, and has penetrated into various fields of economic development. The advantage of data-centric technologies is that they can provide an online platform for humans to do various tasks, such as: cloud services, cloud recruitment, cloud office, and the like.
Due to the development of 5G, the application of human beings to data is continuously developed and expanded, and technological means such as big data collection, cloud computing, artificial intelligence and the like are continuously perfected.
However, data application is continuously developed, and human awareness for protecting data security cannot be gradually improved, so that accidents and disputes caused by data leakage are continuously generated.
Although each country has issued a directive for protecting data, the key of data leakage is external malicious attack and incomplete internal protection measures, and if internal and external leakage can be prevented, the security is greatly improved.
Therefore, an intelligent data protection method capable of protecting data, identifying risks of external input, finding internal hidden dangers as soon as possible and protecting important data is needed.
Disclosure of Invention
The present invention is directed to the above-mentioned problems in the prior art, and an object of the present invention is to provide a method, an apparatus, and a storage medium for data leakage prevention with network protection capability.
The first object of the present invention can be achieved by the following technical solutions: a data leakage prevention method with network protection capability is characterized by comprising the following steps of a computer terminal, a database, a management platform, a detection system and the following steps:
s1, setting intelligent identification content, including:
s11: keyword detection techniques;
s12: regular expression techniques;
s13: setting regular minimum hit times;
s14: data dictionary detection techniques;
s2: implementing network protection, comprising:
s21: network protocol support;
s22: network application support;
s23: blacklist URL control;
s24: a sensitive data processing mode;
s25: exception setting;
s26: a deployment mode;
s3: management and presentation of protection results, including:
s31: a built-in policy data source and a policy;
s32: strategy definition and distribution;
s33: managing an event and a DLP report;
s34: log management;
s35: authorization management and user management;
s36: backup and restoration;
s37: ease of use and extensibility.
The working principle of the invention is as follows: firstly, defining basic intelligent content identification capability, including keyword identification, file identification and the like; then setting network protocol support, network application support and specific address field protection and filtration, confirming the type of the document which can be uploaded in the network, and the type of the document which can be prevented from being uploaded, and confirming the processing mode after detecting the violation; and finally, setting a management and display mode of the file monitoring result, setting user authority and system internal authority, and archiving the detection result on a management platform.
In the above method for preventing data leakage with network protection capability, after step S11, the following steps are also included:
s111: detecting a single keyword;
s112: detecting the multiple keywords according to the matching times and the number of matched words;
s113: matching adjacent characters of the keywords;
s114: chinese word segmentation.
In the above method for preventing data leakage with network protection capability, after step S15, the following steps are also included:
s15: an unstructured data fingerprint detection technique, comprising:
s151: data type escape detection;
s152: matching the fingerprint similarity;
s16: structured data detection techniques include:
s161: matching data record fields;
s162: matching accurate data;
s17: semantic analysis and data identification detection techniques;
s18: supporting automatic classification and clustering of documents;
s19: seal identification detection technology;
s190: support to identify the compound file and the compressed file as a whole; supporting independent identification of each Sheet page;
s1901: an OCR detection technique;
s1902: a content recognition feature extraction tool;
s1903: and identifying the file.
In the above method for preventing data leakage with network protection capability, the content identification feature extraction tool includes: the system comprises an unstructured data fingerprint online extraction tool, an offline unstructured tool, a fingerprint library generation support for online periodic updating, an IP2USER tool USER mapping support and an offline semantic analysis tool.
In the above method for preventing data leakage with network protection capability, the file identification includes: identifying common file type contents, finding encrypted files, checking compressed files, checking multi-layer compressed files, finding evasive processing data, identifying custom file types and detecting nested files.
In the above method for preventing data leakage with network protection capability, the network application support includes: protecting or preventing SMTP protocol foreign protocol sensitive mails, protecting or preventing IM tools from leaking sensitive files, protecting or preventing HTTPS/HTTP protocol WEB library class uploading sensitive files, protecting or preventing HTTPS/HTTP protocol WEB class mails from leaking secrets, displaying senders, receivers, readers and secret senders for Webmail events, protecting or preventing STTPS/HTTP protocol network disks and cloud disk files from leaking secrets, and protecting or preventing Web micro blogs and forum from leaking secrets.
In the above method for preventing data leakage with network protection capability, the exception setting includes: and the https is supported to be stopped decrypting according to the filtering of the server domain name, the https is supported to be stopped decrypting according to the server IP address, and the https is supported to be stopped decrypting according to the client IP address.
In the above method for preventing data leakage with network protection capability, the deployment method includes: the method supports a transparent mode, supports an explicit agent mode, supports linkage with a third-party agent server through an ICAP protocol, supports a load balancing mode and a main standby mode in the display agent mode, and supports a hardware bypass function in the transparent agent mode.
In the above method for preventing data leakage with network protection capability, the event and DLP report management comprises: the management platform provides a rich report function; the management platform provides a user-defined event report function and supports export; the management platform provides event summary and custom instrumentation.
The second object of the present invention can be achieved by the following technical solutions: a data leakage prevention method and apparatus with network protection capability, comprising:
a computer terminal;
detecting a server;
a management platform;
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing a method for data leakage prevention with network protection capability as described above.
The third object of the present invention can be achieved by the following technical solutions: a storage medium storing a computer program for use in conjunction with a computer-side, display, the computer program being executable by a processor to perform a method for data leakage prevention with network protection capability as described above.
Compared with the prior art, the invention has the characteristics of high efficiency and multiple functions.
Drawings
Fig. 1 is a schematic structural view of the present invention.
Fig. 2 is a schematic structural diagram of the present invention.
Detailed Description
The following are specific embodiments of the present invention and are further described with reference to the drawings, but the present invention is not limited to these embodiments.
As shown in fig. 1, the data leakage prevention method with network protection capability is characterized by comprising the following steps:
s1, setting intelligent identification content, including:
s11: keyword detection techniques;
s12: regular expression techniques;
s13: setting regular minimum hit times;
s14: data dictionary detection techniques;
s2: implementing network protection, comprising:
s21: network protocol support;
s22: network application support;
s23: blacklist URL control;
s24: a sensitive data processing mode;
s25: exception setting;
s26: a deployment mode;
s3: management and presentation of protection results, including:
s31: a built-in policy data source and a policy;
s32: strategy definition and distribution;
s33: DLP management of events and reports;
s34: log management;
s35: authorization management and user management;
s36: backup and restoration;
s37: ease of use and extensibility.
The whole system can be divided into three modules, namely, intelligent identification content, network protection, management of protection results and display, wherein the intelligent identification content module mainly takes content characteristics as a main identification target and sets sensitive characters as keywords, and when the sensitive characters appear in an leaked file, the system can detect the sensitive characters; the intelligent identification content module is also internally provided with a regular expression detection technology to make up the deficiency of the keyword detection technology, the deficiency is mainly reflected in the leakage behavior of relevant information such as mobile phone numbers, and the regular minimum hit times of the regular expression technology arranged by the intelligent identification content module, namely when the leakage file has the set minimum hit times, the management platform can record the violation event; the intelligent identification content module is also internally provided with a data dictionary, the data dictionary can support a data dictionary algorithm and can be identified according to the number or weight of keywords, the weight setting supports a plurality of numbers, and when information violating the data dictionary policy appears in outgoing mails, the information is detected by the management platform; the network protection module is based on the intelligent identification function, supports the monitoring of sensitive data on network protocols such as HTTPS, HTTP, SMTP and the like by using a network detection means, or prevents the network protection module from supporting the recovery and identification of the captured PCAP message flow on the network, and if the sensitive flow appears in the message flow, the message flow is recorded by the management platform; the network protection module also supports obtaining the MAC address of the divulged machine from the DHCP message flow, and the MAC address is used for the subsequent event to pass through MAC associated personnel, namely when the divulged file is audited by the network protection module, the management platform displays the MAC address of the divulged machine; the network protection module supports blacklist control, namely files uploaded by blacklist URLs are forbidden, and files uploaded by non-blacklist URLs are not forbidden; when the network protection module identifies the outgoing behavior of the sensitive file, the network protection module notifies the relevant personnel of the event through an electronic mail, and the outgoing sensitive file is uploaded to the management platform and can be normally downloaded so as to provide evidence by tracing the source at any time; in the display module function of monitoring result and management, there are policy data source and policy built-in, the data source includes: classifying and grading safety strategy rules of part of industry data; the method is characterized in that Chinese citizen identity card numbers, social credit codes, vehicle identification codes, international mobile equipment identification codes, nearly 700 kinds of bank card numbers and IPv4 address identification algorithms are built in; the method is characterized in that a commonly used dictionary violating national laws and regulations, a political sensitive data dictionary and the like are built in, and meanwhile, the strategy supports customization, and the formulated strategy can be distributed to a specified detection server according to strategy groups for detection of the detection server; the management and display functions comprise abundant log management, including system logs and the like, the running condition of the system can be known in real time, and the system logs can be inquired in a multi-dimensional combination manner, such as time, types, states, server names, severity levels, users and the like; the management and display function supports license control, management of the security module and the identification algorithm is realized, when a user needs to log in, the user can remotely manage user login control and also can designate a specific IP address to log in, and three administrators including a system, an audit and a strategy are set in the system according to a three-right separation principle; the strategy and the data in the database support backup and reduction operations; the system has easy use and supports the self-definition of strategies, data configuration files and discovery and scanning, and each data classification can carry out security strategy configuration according to different service requirements and then is issued to a corresponding component; the system also has the expansibility simultaneously, supports other data of follow-up dilatation and prevents leaking the subassembly, supports to manage and operate all subassemblies through unified management platform, and the subassembly includes: bypass network flow audit, network DLP gateway, sensitive mail outgoing approval, terminal data leakage prevention, sensitive data discovery, application system uploading/downloading flow audit/blocking and the like.
In more detail, the following steps are provided after step S11:
s111: detecting a single keyword;
s112: detecting the multiple keywords according to the matching times and the number of matched words;
s113: matching adjacent characters of the keywords;
s114: chinese word segmentation.
The keyword detection technology is provided with single keyword detection, the detection rule is supported to only contain one keyword, and the matching according to words is supported, such as: the cost is hard; the keyword detection technology is also provided with the steps of detecting multiple keywords according to the matching times and the number of matched words, supporting the logical relation of 'sum' and 'or' between the keywords, also supporting the detection of the keyword by dividing information through special symbols or blank spaces and having a leakage behavior with a fixed interval of one or n characters between the keywords, and also supporting more accurate identification of sensitive keywords, for example, after Chinese participles are started, when a computer key appears in an leaked file, a 'secret' two-character can not be detected as a sensitive character.
In more detail, the following steps are provided after step S14:
s15: an unstructured data fingerprint detection technique, comprising:
s151: data type escape detection;
s152: matching the fingerprint similarity;
s16: structured data detection techniques include:
s161: matching data record fields;
s162: matching accurate data;
s17: semantic analysis and data identification detection techniques;
s18: supporting automatic classification and clustering of documents;
s19: seal identification detection technology;
s190: support to identify the compound file and the compressed file as a whole; supporting independent identification of each Sheet page;
s1901: an OCR detection technique;
s1902: a content recognition feature extraction tool;
s1903: and identifying the file.
The data type evasion detection means that the document with the fingerprint extracted is a word document, the outgoing divulgence file converts the document with the fingerprint extracted into a PDF form to be sent, and the fingerprint detection technology can still detect the data type evasion detection; the fingerprint similarity matching is to set a threshold value for the fingerprint similarity, and when the fingerprint similarity of the outgoing file reaches the similarity threshold value, the outgoing behavior can be found by the fingerprint detection technology; data record field matching refers to that structured data accurate fingerprint detection supports flexible field content combination matching, namely when an outgoing file has a 'name': when information such as 'bank card number', 'password', 'salary' and the like is disturbed, the structured data fingerprint detection technology can carry out rule matching on the information; when the 'name' appears in the key words, the key words which are mixed with the blank spaces can be detected by the structured data accurate fingerprint detection technology; the semantic analysis detection technology is that a semantic analysis tool provided by a system is used for establishing an analysis model for the data content of a user-specified directory in a machine learning mode, and the model establishment can be used as a detection strategy to be applied to a detection server; the data identification detection technology means that a system is internally provided with multi-field data characteristic identification rules, and the characteristic identifications can be directly used for detection during data detection; the system provides an off-line semantic analysis tool and automatically classifies, grades and clusters the documents; the seal identification technology refers to intelligent identification and can realize keyword detection on common electronic seals, namely when outgoing files are pictures, the seals on the pictures can be detected, and the identification of the files conforming to the files and the compressed files as a whole or the individual identification of subfiles of the compressed files is supported, for example: creating an event, wherein a file with ten times of occurrence of sensitive words is defined as a sensitive file, a file with 4 times of occurrence of sensitive words is set as an A file, a file with 3 times of occurrence of sensitive words is set as a B file, a file with 6 times of occurrence of sensitive words is set as a C file, a file with 10 times of occurrence of sensitive words is set as a D file, A, B, C and the files are compressed into an E compression package, a A, D file is compressed into an F compression package, two compression packages are sent, and the F compression package can be identified as the sensitive file by an intelligent identification module; for the excel file, the method supports individual identification of each sheet page and also supports the summary identification of the whole excel; the OCR technology supports detection of keywords on common JPG, TIF, TIFF and BMP format pictures.
In further detail, the content recognition feature extraction tool includes: the system comprises an unstructured data fingerprint online extraction tool, an offline unstructured tool, an IP2USER tool USER mapping support, an offline semantic analysis tool, an unstructured data fingerprint extraction support, a local extraction support and a remote extraction support, when the fingerprint is extracted remotely, only the fingerprint of data transmitted in a network is ensured, original data are not transmitted, file fingerprints are generated from FTP, shared directories and git warehouses regularly and automatically distributed; the fingerprint file is also supported to be added offline through a management platform; an online file fingerprint generation tool is also supported; and file fingerprints are generated from FTP, shared directories and git warehouses regularly and automatically distributed.
In further detail, the file identification includes: identifying common file type content, finding encrypted files, checking compressed files, checking multilayer compressed files, finding evasive processing data, identifying custom file types, detecting nested files, aiming at identifying and detecting common file formats, listing all file formats which can be supported by a reference product and explaining the number of supported formats, wherein the common file formats comprise: doc, docx, xls, xlsxx, ppt, pptx, pdf, zip, rar, 7z, txt; the encrypted files can also be identified, such as office files with passwords, ppt, doc and the like, PDF files and rar compressed files, and the files are highlighted when a safety warning is given out; the method can also decompress compressed files in RAR, ZIP, 7Z and other formats and check whether the decompressed files contain sensitive data; the number of layers is not limited aiming at the decompression of the compressed file, namely, one file is repeatedly compressed into a plurality of layers, and the sensitive data content contained in the most original file can be found by the file identification function; sensitive files with converted formats can be detected, and the original format of the files is highlighted; document type identification can also be customized; the nested document can also be identified, namely a TXT text containing confidential information is embedded in the leaked word document and is detected when the document is sent out; the method can also support the identification of the compound file and the compressed file as a whole or the individual identification of the subfiles therein; for excel, individual identification of each sheet page is supported, and collective identification of the whole excel is also supported.
In further detail, the network application support includes: protecting or preventing SMTP protocol foreign protocol sensitive mails, protecting or preventing IM tools from leaking sensitive files, protecting or preventing HTTPS/HTTP protocol WEB library class uploading sensitive files, protecting or preventing HTTPS/HTTP protocol WEB class mails from leaking secrets, displaying senders, receivers, readers and secret senders for Webmail events, protecting or preventing STTPS/HTTP protocol network disks and cloud disk files from leaking secrets, and protecting or preventing Web micro blogs and forum from leaking secrets.
In further detail, the exception setting includes: the method supports to stop decrypting https according to server domain name filtering, supports to stop decrypting https according to server IP address, supports to stop decrypting https according to client IP, and the exception setting refers to setting filtered server domain name address, server IP address and client IP address.
In further detail, the deployment method includes: the method comprises the steps of supporting a transparent mode, supporting an explicit agent mode, supporting linkage with a third-party agent server through an ICAP (independent component analysis protocol), displaying a load balancing mode and a main standby mode under the agent mode, supporting a hardware bypass function under the transparent agent mode, wherein a deployment mode refers to an operation mode, behaviors of sensitive files sent out by HTTP (hyper text transport protocol), HTTPS (hypertext transfer protocol), SMTP (simple message transport protocol) protocols are detected under different modes, wherein the behaviors of the sensitive files sent out by the ICAP protocol and the third-party agent server can be prevented under the linkage mode, and the function of supporting the hardware bypass function is used for protecting the network under the condition that a network protection process is killed or the network protection is abnormally restarted under the transparent agent mode.
In further detail, the event and DLP report management comprises: the management platform provides rich report functions; the management platform provides a user-defined event report function and supports export; the management platform provides event summary and self-defined reports, supports the network, the terminal and the data to find different DLP reports, can display the reports, and meanwhile, the user can also carry out the self-defined reports according to the parameters defined in advance, and further formulates and displays a DLP instrument panel.
The second object of the present invention can be achieved by the following technical solutions: a data leakage prevention method and apparatus with network protection capability, comprising:
a computer terminal;
detecting a server;
a management platform;
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing a method for data leakage prevention with network protection capability as described above.
The third object of the present invention can be achieved by the following technical solutions: a storage medium storing a computer program for use in conjunction with a computer-side, display, the computer program being executable by a processor to perform a method for data leakage prevention with network protection capability as described above.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Although a large number of terms are used here more, the possibility of using other terms is not excluded. These terms are used merely to more conveniently describe and explain the nature of the present invention; they are to be construed as being without limitation to any additional limitations that may be imposed by the spirit of the present invention.

Claims (10)

1. A data leakage prevention method with network protection capability is characterized by comprising the following steps of a computer terminal, a database, a management platform, a detection system and the following steps:
s1, setting intelligent identification content, including:
s11: keyword detection techniques;
s12: regular expression techniques;
s13: setting regular minimum hit times;
s14: data dictionary detection techniques;
s2: implementing network protection, comprising:
s21: network protocol support;
s22: network application support;
s23: blacklist URL control;
s24: a sensitive data processing mode;
s25: exception setting;
s26: a deployment mode;
s3: management and presentation of protection results, including:
s31: a built-in policy data source and a policy;
s32: strategy definition and distribution;
s33: managing an event and a DLP report;
s34: log management;
s35: authorization management and user management;
s36: backup and restoration;
s37: ease of use and extensibility.
2. A method for preventing data leakage with network protection capability according to claim 1, characterized by:
step S11 is followed by the following steps:
s111: detecting a single keyword;
s112: detecting the multiple keywords according to the matching times and the number of matched words;
s113: matching adjacent characters of the keywords;
s114: chinese word segmentation.
3. A method for preventing data leakage with network protection capability according to claim 1, characterized by:
step S15 is followed by the following steps:
s15: an unstructured data fingerprint detection technique, comprising:
s151: data type escape detection;
s152: matching the fingerprint similarity;
s16: structured data detection techniques include:
s161: matching data record fields;
s162: matching accurate data;
s17: semantic analysis and data identification detection techniques;
s18: supporting automatic classification and clustering of documents;
s19: seal identification detection technology;
s190: support to identify the compound file and the compressed file as a whole; supporting independent identification of each Sheet page;
s1901: an OCR detection technique;
s1902: a content recognition feature extraction tool;
s1903: and identifying the file.
4. A method for preventing data leakage with network protection capability according to claim 1, characterized by: the content recognition feature extraction tool comprises: the system comprises an unstructured data fingerprint online extraction tool, an offline unstructured tool, a fingerprint library generation support for online periodic updating, an IP2USER tool USER mapping support and an offline semantic analysis tool.
5. A method for preventing data leakage with network protection capability according to claim 1, characterized by: the file identification comprises the following steps: identifying common file type contents, finding encrypted files, checking compressed files, checking multi-layer compressed files, finding evasive processing data, identifying custom file types and detecting nested files.
6. A method for preventing data leakage with network protection capability according to claim 1, characterized by: the web application support comprises: protecting or preventing SMTP protocol foreign protocol sensitive mails, protecting or preventing IM tools from leaking sensitive files, protecting or preventing HTTPS/HTTP protocol WEB library class uploading sensitive files, protecting or preventing HTTPS/HTTP protocol WEB class mails from leaking secrets, displaying senders, receivers, readers and secret senders for Webmail events, protecting or preventing STTPS/HTTP protocol network disks and cloud disk files from leaking secrets, and protecting or preventing Web micro blogs and forum from leaking secrets.
7. A method for preventing data leakage with network protection capability according to claim 1, characterized by: the exception setting comprises: and the https is supported to be stopped decrypting according to the filtering of the server domain name, the https is supported to be stopped decrypting according to the server IP address, and the https is supported to be stopped decrypting according to the client IP address.
8. A method for preventing data leakage with network protection capability according to claim 1, characterized by: the deployment mode comprises the following steps: the method supports a transparent mode, supports an explicit agent mode, supports linkage with a third-party agent server through an ICAP protocol, supports a load balancing mode and a main standby mode in the display agent mode, and supports a hardware bypass function in the transparent agent mode.
9. The second object of the present invention can be achieved by the following technical solutions: a data leakage prevention method and apparatus with network protection capability, comprising:
a computer terminal;
detecting a server;
a management platform;
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing a method for data leakage prevention with network protection capability as described above.
10. The third object of the present invention can be achieved by the following technical solutions: a storage medium storing a computer program for use in conjunction with a computer-side, display, the computer program being executable by a processor to perform a method for data leakage prevention with network protection capability as described above.
CN202011246130.5A 2020-11-10 2020-11-10 Data leakage prevention method and device with network protection capability and storage medium Pending CN112532693A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011246130.5A CN112532693A (en) 2020-11-10 2020-11-10 Data leakage prevention method and device with network protection capability and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011246130.5A CN112532693A (en) 2020-11-10 2020-11-10 Data leakage prevention method and device with network protection capability and storage medium

Publications (1)

Publication Number Publication Date
CN112532693A true CN112532693A (en) 2021-03-19

Family

ID=74980093

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011246130.5A Pending CN112532693A (en) 2020-11-10 2020-11-10 Data leakage prevention method and device with network protection capability and storage medium

Country Status (1)

Country Link
CN (1) CN112532693A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449199A (en) * 2021-09-01 2021-09-28 深圳市知酷信息技术有限公司 Document monitoring and management system based on comprehensive security audit
CN116032509A (en) * 2021-10-27 2023-04-28 中移系统集成有限公司 Mail encryption and decryption method and device
CN119743283A (en) * 2024-11-28 2025-04-01 道博医疗科技(北京)有限公司 A QR code secure transmission method based on Avro and BPE

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000305852A (en) * 1999-04-20 2000-11-02 Nec Shizuoka Ltd Data leakage prevention system for portable information terminal
CN101553795A (en) * 2005-11-30 2009-10-07 凯利斯塔技术股份有限公司 Multi-user display proxy server
CN102947719A (en) * 2010-06-18 2013-02-27 阿尔卡特朗讯 Method and apparatus for providing scan chain security
CN103336927A (en) * 2013-06-07 2013-10-02 杭州世平信息科技有限公司 Data classification based data leakage prevention method and system
CN107577939A (en) * 2017-09-12 2018-01-12 中国石油集团川庆钻探工程有限公司 Data leakage prevention method based on keyword technology
CN108734026A (en) * 2018-05-25 2018-11-02 云易天成(北京)安全科技开发有限公司 Data leakage prevention method, system, terminal and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000305852A (en) * 1999-04-20 2000-11-02 Nec Shizuoka Ltd Data leakage prevention system for portable information terminal
CN101553795A (en) * 2005-11-30 2009-10-07 凯利斯塔技术股份有限公司 Multi-user display proxy server
CN102947719A (en) * 2010-06-18 2013-02-27 阿尔卡特朗讯 Method and apparatus for providing scan chain security
CN103336927A (en) * 2013-06-07 2013-10-02 杭州世平信息科技有限公司 Data classification based data leakage prevention method and system
CN107577939A (en) * 2017-09-12 2018-01-12 中国石油集团川庆钻探工程有限公司 Data leakage prevention method based on keyword technology
CN108734026A (en) * 2018-05-25 2018-11-02 云易天成(北京)安全科技开发有限公司 Data leakage prevention method, system, terminal and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
绿盟科技: "绿盟数据泄漏防护系统产品白皮书", 《绿盟科技》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449199A (en) * 2021-09-01 2021-09-28 深圳市知酷信息技术有限公司 Document monitoring and management system based on comprehensive security audit
CN116032509A (en) * 2021-10-27 2023-04-28 中移系统集成有限公司 Mail encryption and decryption method and device
CN119743283A (en) * 2024-11-28 2025-04-01 道博医疗科技(北京)有限公司 A QR code secure transmission method based on Avro and BPE

Similar Documents

Publication Publication Date Title
CN107577939B (en) Data leakage prevention method based on keyword technology
US11188657B2 (en) Method and system for managing electronic documents based on sensitivity of information
CN113098892B (en) Data leakage prevention system and method based on industrial Internet
Le et al. Gathering cyber threat intelligence from Twitter using novelty classification
US9654510B1 (en) Match signature recognition for detecting false positive incidents and improving post-incident remediation
US11985142B2 (en) Method and system for determining and acting on a structured document cyber threat risk
US9760548B2 (en) System, process and method for the detection of common content in multiple documents in an electronic system
US20070198420A1 (en) Method and a system for outbound content security in computer networks
CN113486351A (en) Civil aviation air traffic control network safety detection early warning platform
US20090164427A1 (en) Automated forensic document signatures
CN112532693A (en) Data leakage prevention method and device with network protection capability and storage medium
US20090064326A1 (en) Method and a system for advanced content security in computer networks
US20090164517A1 (en) Automated forensic document signatures
CN112565196A (en) Data leakage prevention method and device with network monitoring capability and storage medium
CN116361784A (en) Data detection method and device, storage medium and computer equipment
CN111274276A (en) Operation auditing method and device, electronic equipment and computer-readable storage medium
CN111314292A (en) Data security inspection method based on sensitive data identification
CN117194146A (en) Data security audit and monitoring system
Chechulin et al. Cybercrime investigation model
Stallings Data loss prevention as a privacy-enhancing technology
Canelón et al. Unstructured data for cybersecurity and internal control
CN111581371A (en) Network security analysis method and device based on outbound data network flow
Chen et al. Analyzing system log based on machine learning model
CN115906158A (en) Privacy protection system based on data classification and classification
Adnaan et al. A detailed study on preventing the malicious URLs from cyber attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210319

RJ01 Rejection of invention patent application after publication