With development of informatization, information security is gradually becoming core content of security management and risk control of an enterprise. To prevent an employee from disclosing information when externally sending data, many enterprises deploy a data loss prevention (DLP) server in their internal networks to protect security of data of the enterprises.
In an existing DLP implementation solution, a web proxy server or a mail transfer agent (MTA) server may be used to transmit outgoing data (web data or a mail) from a user terminal to a DLP server. The DLP server inspects security of data in an outgoing data flow using a keyword matching algorithm, a metadata matching algorithm, a regular expression matching algorithm, a multi-pattern matching algorithm, a fingerprint matching algorithm, or the like, sends data that passes the security inspection to a destination address, and intercepts data that fails the security inspection or selectively sends the data to the destination address.
In the prior art, during security inspection, a DLP server executes a same inspection process for outgoing data of all users within a monitoring scope of a system, which causes a long security inspection delay of outgoing data, thereby affecting efficiency of external sending of data and user experience.