Field of Invention
The present invention generally relates to network data leakage prevention. More specifically, the present invention relates to unified source user checking of TCP data packets for network data leakage prevention.
Description of the Related Art
Companies and organizations have become increasingly reliant on digital information to meet business objectives. Protection of such digital information is critical for the daily operation of the companies and organizations. Leaking of the digital information can lead to significant damage to the company's reputation and value regardless of whether the data leak was caused by malicious attacks or by an inadvertent internal mistake.
To protect the digital information, especially sensitive digital information, technology referred to as data leakage prevention (DLP) or data loss protection have been developed to identify, monitor and protect data whether the data is at rest, in use or in motion. Generally, network DLPs inspect data being sent across networks to detect and prevent illegal transmission of sensitive data out of the enterprise networks. These network DLPs are generally deployed around network perimeters such as gateways as a last line of defense against data leakage.
The effectiveness of the DLP depends not only on how accurate the technology can detect sensitive data from data traffic but also how well the technology can recognize legitimate access of sensitive data. In other words, the DLP technology needs to be able to distinguish legitimate access from illegal leakage. The blocking of legitimate transmission of sensitive data, although not as bad as allowing illegal access to the sensitive information, can still disrupt normal business operations and reduce the willingness of companies to use network DLP.
Therefore, there is a need for a network DLP that is capable of differentiating actions among different users in order to let legitimate access go without being blocked or requesting for additional approval from the illegal leakages. Presently, there exist problems where network DLP associates the identity of the user with a particular IP address. The network DLP is not capable of distinguishing legitimate situations where multiple users share the same IP (e.g., share a same computer or common IP address using network address translation devices).