In general, a content-aware data loss prevention (DLP) security system prevents an accident by interrupting or leaving a log when a user accesses customer's personal confidential information, an in-company confidential material, and the like through an e-mail, a messenger, a P2P, or the like.
Moreover, the DLP security system may perform content and protocol based information leakage prevent on and malignant activity interrupt on functions such as blocking accessing to unsound sites or leaving log information when the user accesses the Internet.
The DLP security system in the related art is determined and operated in a specific network matching method between an in-line method and a mirroring method during initial installation. Specifically, the DLP security system using the in-line method in the related art is installed directly on a network line to interrupt a bidirectional packet in real time or leave the log. The DLP security system using the mirroring method in the related art collects a packet receiving the bidirectional packet through a TAP without influencing an original traffic installing the TAP on the network line.
The DLP security system using the in-line method in the related art is linked with an additional fail over device (F.O.D) system against a network fail in which an Internet line is interrupted and the Internet is disconnected when a system fail occurs to continuously provide a service among existing networks through an F.O.D even though a system fail occurs, thereby making it possible to assure network availability. However, the DLP security system in the related art cannot but abandon logging and interrupting functions of personal information leakage packets during replacing or restoring the system.
The DLP security system using the mirroring method in the related art does not influence an original network at all even when the system is broken, but there is a problem in that a real-time interruption rate is deteriorated according to an Internet protocol or network components. Further, the DLP security system of the mirroring method in the related art cannot but abandon logging and interrupting functions of packets during replacing or restoring the system.