A modern organization typically maintains a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, etc.
To protect an organization's sensitive information, data loss protection (DLP) systems are typically installed by the organization, especially on important machines where confidential data is getting generated. These DLP systems are designed to detect and prevent unauthorized use and transmission of confidential information. DLP technologies apply configurable rules to identify objects, such as files, that contain sensitive data and should not be found outside of a particular enterprise or specific set of host computers or storage devices. However, these DLP systems may not be able to protect each computer in the enterprise, due to reasons like a large number of different platforms or operating systems (OS), machine outages, quick and dynamic provisioning of virtual machines, and no clear and individual accounting for test and lab machines. Even when the DLP technologies are deployed, it is possible for sensitive objects to ‘leak’. Often times, the leakage is accidental. However, in some cases, such leakage is deliberate and malicious.
Even with DLP systems in place, organizations still face a threat to their sensitive data that can be stolen using unknown applications or other unknown means. For example, users may try to circumvent DLP protections by using changing the file format to one that cannot be detected by the DLP systems. These unknown means may include, but are not limited to, file conversion tools that convert the sensitive file from text to sound and then copy data to Universal Serial Bus (USB) or sending over web mail, chat; file encryption tools that encrypt the sensitive file and then copy the encrypted sensitive file to USB or sending over web mail, chat; file compression tools that compress file and then copy compressed sensitive file to USB or sending over web mail, chat; screen capturing tools that capture sensitive data in the form of images or videos and then send it to USB or over web mail or chat; and web tools that convert sensitive files and steal the data; and other tools to break into sensitive files and then steal the data.
Current DLP systems have been effective at addressing the above-described problem in relation to print screen and screen scraping. However, current DLP systems have not produced any solutions to address the way in which the data leak is detected when it occurs through non-conventional mechanisms.