Data prevention method based on content filtering

Abstract

The invention discloses a data prevention method based on content filtering, which is characterized by firstly monitoring the network dataflow by adopting the network filtering drive technology, monitoring the peripheral dataflow by adopting the equipment filtering drive technology, capturing the data of network equipment and peripheral interfaces of a terminal computer, then carrying out characteristic matching on the intercepted network dataflow and equipment dataflow by adopting the content filtering technology based on multi-pattern matching, preventing the dataflow judged to be sensitiveinformation from flowing outside and allowing the dataflow judged to be general information to flow outside, thereby protecting sensitive data from leaking. The method has the following advantages: the data prevention granularity is finer, the content filtering efficiency is high, the core data security is improved, normal operation of the user is not affected and the working efficiency is improved.

Description

technical field [0001] The invention belongs to the data protection technology related to the field of information security, in particular to a data protection method combining network filter drive, device filter drive technology and content filter technology based on multi-mode matching. Background technique [0002] In recent years, the number of leaks reported by the media has continued unabated, including the theft of core technologies of enterprises, leading to the development and growth of competing enterprises, causing serious economic losses; medical institutions leaking a large number of private information of patients, resulting in malicious harassment of patients and so on. Whether data loss is inadvertent or the result of a malicious act, the impact on the business can be severe. Leaking transaction secrets, affecting the friendly relationship with customers, and even incurring severe legal punishment. Stop this type of sabotage that can have a huge impact on co...

AI Technical Summary

Problems solved by technology

One is the single-function encryption method (such as RAR, PGP, etc.), through which the software user actively encrypts the document to protect the content of the document. This method belongs to the user's initiative to request document security, and is suitable for protecting a single user document. For enterprise data protection solutions

The second is to use transparent encryption and decryption software based on the stream encryption algorithm (such as Yisaitong, New Mode, etc.), through the file filter driver, transparent decryption is performed when the file is read from the disk, and transparent encryption is performed when the disk is written. This technology can Ensure that the document is ciphertext when it exists on the disk. Unauthorized users cannot browse the plaintext content. It can be used for enterprise data protection, but this method is not suitable for malicious stealing of core data by internal personnel in the enterprise. Such personnel have higher access rights. After obtaining the plaintext, the data can be leaked directly through the network, U disk, printing, etc.

The third is the internal network security protection method (such as Aode internal network security platform, medium soft firewall, etc.), through effective monitoring of external device interfaces, network communication interfaces, and storage device interfaces, the outflow of confidential data is controlled. The method is more comprehensive than the previous two methods, and can meet the data protection needs of enterprises. However, due to its too coarse control granularity, it basically adopts a one-size-fits-all approach (only two strategies that allow the use of U disks and prohibit the use of U disks), and the normal operation behavior of users Bring great inconvenience, affect work efficiency, and cause users to reject the use of such products

Images