SMTP protocol data leak prevention method and system based on deep content analysis

Abstract

The invention discloses an SMTP protocol data leak prevention method and system based on deep content analysis, and relates to the field of data protection. The method comprises the steps that a data leak prevention system for blocking secret-associated data is connected into a network boundary in series; the data leak prevention system is utilized for capturing an outgoing message and determining a protocol type of the outgoing message; when the protocol type of the outgoing message is determined to be an SMTP protocol, whether the outgoing message contains secret-associated data or not is judged; if it is determined that the outgoing message contains the secret-associated data, secret-associated data leak is blocked. According to the method and system, effective blockage of network boundary SMTP protocol sensitive data is achieved, deep analysis and real-time matching functions are provided for the outgoing message, the leak resistance phenomenon is avoided, enterprise data assets safety is effectively protected, transparency to users is achieved, user experience is not affected, and the method and system are easy for users to accept.

Description

technical field [0001] The invention relates to the field of data protection, in particular to a method and system for preventing leakage of SMTP protocol data based on deep content analysis. Background technique [0002] Today, with the rapid development of information technology, enterprises rely more and more on information systems, and the stability and security of information systems are directly related to the core competitiveness of enterprises. [0003] Active or passive information leakage caused by enterprise users using email clients to send emails will bring huge economic losses to the enterprise. [0004] The mail client uses the Simple Mail Transfer Protocol (SMTP) to send the mail text and attachments. At present, the problem of preventing leakage of mail sensitive data of the SMTP protocol at the network border is mainly based on four factors: firewall, gateway, proxy and bypass blocking. Big mainstream technology. Among them, firewalls and gateways work be...

AI Technical Summary

Problems solved by technology

Among them, firewalls and gateways work below the network layer, and only a few advanced firewalls can simply filter data such as ID numbers and bank account numbers in application layer data. layer, transport layer, and network layer protocol characteristics, and for specific applications and file types, simple matching and filtering of data such as ID card numbers and bank account numbers in application layer data, but advanced firewalls do not have the ability to apply layer protocols In-depth parsing and matching functions, unable to block emails with illegal content, and only support limited applications, poor scalability, difficult for users to configure, and opaque to the network

The proxy mode sacrifices speed in exchange for higher security performance, but it will become the bottleneck of the network when the network throughput is large, and corresponding proxy needs to be set up, which affects user experience and is difficult to implement and promote

The bypass mode is connected to the network through the port mirroring of the switch, and the TCP protocol can be blocked from sending TCP_RESET messages, but due to the lag of the TCP_RESET message, it is easy to lose control of the network, resulting in the leakage of protected data

Images