data security
demand analysis
suretyIncidents are frequent and leaks are getting more and more intense. For example, Yahoo Data Breachgate, Jingdong Data Breachgate, Hillary Emailgate and so on. According to Gemalto's Data Leak Level Index: 1.9 billion records were leaked or stolen in the first half of 2017, more than the total for the whole of last year (1.4 billion) and more than 1,60% more than the second half of 2016.
In September 2013, the telecom industry implemented the Provisions on the Protection of Personal Information of Telecommunications and Internet Users, Article 14 of which states that telecom regulatory agencies and their staff shall keep confidential the personal information of users known in the course of performing their duties, and shall not disclose, tamper with, or destroy such information, and shall not sell it or illegally provide it to others; in July 2015, the financial industry issued the Guiding Opinions on the Guiding Opinions on Promoting the Healthy Development of Internet Finance" in July 2015, Article 17 requires that practitioners should effectively improve the level of technical security, properly store customer data and transaction information, and shall not illegally trade or disclose customer personal information.
Information leakage escalates, national legislation safeguards. The People's Republic of Chinanetwork securityOne of the backgrounds of the Law stems from the seriousness of personal information leakage. The cybersecurity law imposes new requirements on network operators. Article 21 requires network operators to adopt data classification, important data backup and encryption measures to prevent network data from being stolen or tampered with.
Products
Tianqing Hanma USG Data Leakage Prevention (DLP), theQixinghen (Chinese company name)A self-developed sensitive data leakage prevention product, which analyzes data from three perspectives: the content of sensitive information, the owner of sensitive information, and the operational behavior of sensitive information, and through a clear and intuitive view, it allows managers to understand the use of sensitive information within the enterprise in a timely manner. It helps managers to identify potential leakage risks within the organization, supervise the compliant and reasonable use of important data within the organization, and safeguard the organization's intellectual property rights and core competitiveness.
DLP consists of two major components: the control center and the detection engine. The control center is mainly responsible for policy management, device management and event management, while the engine is mainly responsible for content detection, response blocking and event reporting.
Functional Features
- Identify anti-evasion detection behaviors such as multi-layer nested documents, multi-layer compressed documents, encrypted documents, modified suffixes, and multiple small leaks.
- Monitor U disk copy, Bluetooth transmission, local printing, QQ client, WeChat client, copying files and other operational behaviors to eliminate local leakage.
- Monitor the behavior of WebMail, forums, blogs, online disks, emails, and other outbound distribution, and respond to and dispose of operations that violate the policy.
- Pre-configured policies for finance, resume, contract, ID number, cell phone number, bank card number and many other sensitive information.
- Detection methods include keywords, regular expressions, file attributes, file fingerprints, classification fingerprints, and email recipients and senders.
- Supports parsing and content recognition of document types such as file processing classes, spreadsheets, compression, encryption, images, and so on.
- Full or incremental scanning of endpoints and storage servers for sensitive data to get a distribution view of sensitive data.
- Automatically clusters enterprise sample data and extracts classification fingerprints, classifies and grades documents to be protected based on classification fingerprint features.
- The overall security policy of the enterprise is defined within the unified platform, and the number of simultaneous online terminals that can be carried by the management platform is more than 10,000; the number of scanning servers that can be managed by the management platform at the same time is more than 500.
Technical Advantages
- Automatic classification and clustering based on Chinese language processing and word segmentation technology, using unsupervised automatic clustering algorithms for automatic clustering of samples and extraction of semantic features of the category, based on the semantic features of the generation of classification rules, and automatically classify and classify the documents that the user wants to protect; but also through the addition of positive and negative samples, to reduce the rate of false positives and omissions.
Accurate content recognition combines document type recognition, document content recognition, and document location recognition to fully parse documents.- Intelligent semantic analysis integrates the combination of key features such as mature Chinese participial thesaurus, intelligent fuzzy matching, and automatic recognition of Chinese traditional characters to make the localization know more about Chinese.
- Multi-dimensional intelligent detection of keywords, regular, file fingerprints, classification fingerprints, file attributes and other detection algorithms, cross-detection, noise reduction, accurate alarm .
- Comprehensive leakage protection monitors and protects all aspects of local terminal leakage, network transmission leakage, and storage sharing leakage.
- Centralized management and analysis of terminal DLP, network DLP (bypass DLP, MailDLP, WebDLP), and storage DLP saves purchasing expenses and reduces management costs; facilitates correlation and analysis of terminal and network leakage events to improve detection efficiency.
Accurate content recognition combines document type recognition, document content recognition, and document location recognition to fully parse documents.typical application
Typical scenarios of Tianqing Hanma USG Data Leakage Prevention System are illustrated below:
Terminal DLP scans terminal files, finds and tracks the use of sensitive files, and stops the flow of sensitive files through peripherals.
Storage DLP scans server files, finds and tracks the distribution of sensitive files, and informs administrators in a timely manner.
Bypass DLP monitors data in transit, detects sensitive data leakage behavior and alerts.
WebDLP is deployed at the Internet egress to monitor outgoing or uploaded data to the Internet and block sensitive data as it is found.
MailDLP is deployed in front of mail servers to monitor outgoing emails and respond in many different ways when sensitive data is found, such as bouncing, redirecting, modifying, or approving.