Abstract: The disclosed computer-implemented method for threat and information protection through file classification may include (1) assigning a classification tag to each of an number of files on a computing device based on a set of rules, (2) storing the classification tag in the files and a corresponding file descriptor describing a sensitivity level of the files externally to the files, (3) detecting creation of a process associated with accessing the files, (4) determining whether the process is potentially suspicious, (5) identifying an operation initiated by the potentially suspicious process to access the files, and (6) performing a security action that protects the computing device from malicious activity by the operation initiated by the potentially suspicious process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus submitting information to be protected before permitting an outbound data transfer with the information is described. A DLP agent, incorporating a DLP submission tool, receives information of an outbound data transfer by the client computing system. The DLP agent can temporarily block the outbound data transfer and send a request to update a DLP policy to protect the information before permitting the outbound data transfer. The DLP agent subsequently receives receiving an indication that the DLP policy is updated to protect the information. After receiving the indication, the DLP agent permits the outbound data transfer.

Abstract: A computer-implemented method for configuring computing systems may include (1) detecting an event associated with a client device that potentially impacts a group to which the client device is assigned and, in response to detecting the event, (2) discovering at least one attribute of the client device that has the potential to impact the client device's group assignment, (3) identifying at least one rule that defines conditions for assigning client devices to groups, (4) determining, by applying the rule to the discovered attribute of the client device, that the client device's group assignment should be modified, and (5) modifying, in response to determining that the client device's group assignment should be modified, the client device's group assignment based on the discovered attribute of the client device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for monitoring network-based printing for data loss prevention (DLP). A DLP system may monitor outbound data transfers performed by a computing system, and detect a network print request in a current one of the outbound data transfers being sent to a network-based printer over a network, the network print request identifying data to be printed by the network-based printer. The DLP system determines whether the identified data of the current outbound data transfer violates a DLP policy and prevents the current outbound data transfer when the current outbound data transfer violates the DLP policy.

Abstract: A computer-implemented method for data loss prevention may include 1) identifying a file hierarchy within a file system (where, e.g., the file hierarchy includes a plurality of files and folders), 2) identifying a defined file hierarchy structure that is associated with a data loss prevention policy (where, e.g., the defined file hierarchy structure identifies the relative locations of files and folders), 3) determining that the file hierarchy is implicated in the data loss prevention policy by determining that the defined file hierarchy structure corresponds to the file hierarchy, and 4) applying the data loss prevention policy to at least a portion of the file hierarchy based on determining that the file hierarchy is implicated in the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for detection of DLP violations with language detection are described. A DLP product may monitor data content associated with the computing system, and identify a language of the data content. Based on the identified language, the DLP product identifies from among multiple DLP policies a first set of one or more DLP policies that are applicable for the identified language (referred to herein as language-specific DLP policies). The DLP product scans the data content using the first set to detect a violation of one of the DLP policies in the data content, and performs a DLP action in response to the detected violation.

Abstract: A computer-implemented method for end-user initiated data-loss-prevention content analysis may include identifying an end-user application that handles content subject to data-loss-prevention policies. The computer-implemented method may also include receiving a request through a user interface associated with the end-user application to analyze selected content for data-loss-prevention policy compliance. The computer-implemented method may further include performing an analysis of the selected content for data-loss-prevention policy compliance. The computer-implemented method may additionally include providing a result of the analysis through the user interface associated with the end-user application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus submitting information to be protected before permitting an outbound data transfer with the information is described. A DLP agent, incorporating a DLP submission tool, receives information of an outbound data transfer by the client computing system. The DLP agent can temporarily block the outbound data transfer and send a request to update a DLP policy to protect the information before permitting the outbound data transfer. The DLP agent subsequently receives receiving an indication that the DLP policy is updated to protect the information. After receiving the indication, the DLP agent permits the outbound data transfer.

Abstract: A web page running on a client computing device accesses a web application hosted by a remote server. The local application receives data from the web application. The client computing device uses a data loss prevention (DLP) policy to determine whether the web application is a sensitive web application. In response to determining that the web application is a sensitive web application, the client computing device restricts a capability of at least one of the local application or the client computing device to perform one or more operations associated with the data received from the web application.

Abstract: A computer-implemented method for data loss prevention may include intercepting a packet sent by an application of an endpoint. The computer-implemented method may also include extracting file-identification information from the packet. The computer-implemented method may further include identifying a list of opened files and matching the file-identification information to a file in the list of opened files. The computer-implemented method may additionally include identifying a data-loss-prevention policy that applies to the file. The computer-implemented method may moreover include filtering the packet based on the data-loss-prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for data loss prevention may include intercepting a packet sent by an application of an endpoint. The computer-implemented method may also include extracting file-identification information from the packet. The computer-implemented method may further include identifying a list of opened files and matching the file-identification information to a file in the list of opened files. The computer-implemented method may additionally include identifying a data-loss-prevention policy that applies to the file. The computer-implemented method may moreover include filtering the packet based on the data-loss-prevention policy. Various other methods, systems, and computer-readable media are also disclosed.