Abstract: Disclosed is a method of inspecting sensitive information stored in a file system. The method includes storing file inspection result information including a file path field, a field of whether file writing is changed, a file size field, a final file modification date field, and a field of a number of detection per pattern, with respect to files in the file system, monitoring a file change event generated in the file system, detecting a type of the file change event sensed according to the monitoring the file change event, modifying the file inspection result information with respect to the file system according to the type of the file change event, detecting whether sensitive information is included, with respect to modified files in the file inspection result information, and modifying the file inspection result information by reflecting sensitive detection information according to the detection of the sensitive information.

Abstract: An apparatus for constructing Aho-Corasick automata according to the present invention includes a concatenative normal form transforming unit configured to receive a regular expression that is expressed using an operator including a concatenation and an alternation and transform the regular expression into concatenative normal forms (wherein each concatenative normal form is defined as a form in which character alternations are connected by concatenation); a trie generating unit configured to generate a trie from the concatenative normal forms by updating states and transitions of the trie (wherein each transition corresponds to a set of characters) while processing each concatenative normal form in order; and a failure link creating unit configured to create a failure link for each state of the trie by using a set of characters corresponding to each transition of the trie.

Abstract: Disclosed is a system for forwarding traffic of an endpoint. The system includes the endpoint configured to transmit traffic generated by an application to a server and a security gateway configured to receive the traffic from the endpoint and analyzes data related to information security of secure sockets layer (SSL) traffic among the traffic. Here, the endpoint includes a local redirection module configured to store redirection information including server connection information for transmitting the traffic to the server and to perform redirection related to transmission of the traffic and a local proxy module configured to decode the data with respect to the SSL traffic among the traffic received from the local redirection module and then to forward the decoded SSL traffic to the security gateway according to the redirection of the local redirection module.

Abstract: Disclosed is a system for tracking an information leakage of an endpoint. The system includes a management server which transmits the detection pattern information to an endpoint terminal connected through a network and an endpoint terminal which monitors generation and change of a file by using the detection pattern information, performs a first detection activity through matching information stored in a heap memory of a currently-executed process with the detection pattern information, and a second detection activity according to monitoring of a particular application program interface (API) according to process execution, executes an information leakage response process corresponding to first detection activity information and second detection activity information, and transmits the first detection activity information and the second detection activity information to the management server.

Abstract: Provided is a data loss prevention system comprising an address converting module for converting a private IP address of a received traffic into an IPv6 address; a first communication module for decoding the received traffic; the data loss analyzing module for analyzing the traffic transmitted from the first communication module according to a predetermined policy and examining whether personal information or confidential information is included; and a second communication module for transmitting the traffic transmitted from the data loss analyzing module to the address converting module after the traffic is encoded or not encoded according to the information representing whether the traffic is encoded included in the IPv6 address, wherein the address converting module restores the IPv6 address of the traffic transmitted from the second communication module to the private IP address.

Abstract: Disclosed is a system for tracking an information leakage of an endpoint. The system includes a management server which transmits the detection pattern information to an endpoint terminal connected through a network and an endpoint terminal which monitors generation and change of a file by using the detection pattern information, performs a first detection activity through matching information stored in a heap memory of a currently-executed process with the detection pattern information, and a second detection activity according to monitoring of a particular application program interface (API) according to process execution, executes an information leakage response process corresponding to first detection activity information and second detection activity information, and transmits the first detection activity information and the second detection activity information to the management server.

Abstract: A method of detecting a change in a signature of Internet application traffic of an Internet application traffic protocol generated between a server and a client in a test automation system includes the steps of executing a test script to operate an application of the client, receiving an actual analysis result of analyzing the signature of the Internet application traffic generated according to the operation of the application from a protocol analysis device, comparing the actual analysis result with a predictive analysis result, and detecting whether there is a change in the signature from a comparison result of comparing the actual analysis result with the predictive analysis result.

Abstract: Provided are a network-based high performance SAP monitoring system and method, including a hardware engine selecting packets to be updated from input packets by performing session-based filtering and pattern matching on the input packets, identifying to which application protocol belongs among dynamic information and action gateway (DIAG) protocol, remote function call (RFC) protocol, and hypertext transfer protocol (HTTP) protocol, and adding identification information of the identified application protocol to the packet to be uploaded and a software engine including a DIAG processor processing the DIAG protocol, RFC processor processing the RFC protocol, and HTTP processor processing the HTTP protocol, when receiving the packet added with the identification information from the hardware engine, referring SAP application protocol identification information, extracting data transmitted and received between servers of an SAP client and one of the DIAG processor, RFC processor, and HTTP processor, thereby sort

Abstract: Provided are a network-based high performance SAP monitoring system and method, including a hardware engine selecting packets to be updated from input packets by performing session-based filtering and pattern matching on the input packets, identifying to which application protocol belongs among dynamic information and action gateway (DIAG) protocol, remote function call (RFC) protocol, and hypertext transfer protocol (HTTP) protocol, and adding identification information of the identified application protocol to the packet to be uploaded and a software engine including a DIAG processor processing the DIAG protocol, RFC processor processing the RFC protocol, and HTTP processor processing the HTTP protocol, when receiving the packet added with the identification information from the hardware engine, referring SAP application protocol identification information, extracting data transmitted and received between servers of an SAP client and one of the DIAG processor, RFC processor, and HTTP processor, thereby sort

Abstract: Disclosed are a DLP security system and an operating method thereof. An operating method of a data loss prevention (DLP) apparatus, comprising: converting, into packets, Ethernet signals received from a fail over device that are transmitted and received between an external network and internal network; analyzing the packets to classify the packets into first packets required to be precisely judged and second packets not required to be precisely judged; distributing and allocating a judgment job about the first packet to at least one in-line instance according to a predetermined reference; and allocating the judgment job distributed to the in-line instance in which a fail occurs to the in-line instance which is normally operated when it is verified whether there is an in-line instance which is normally operated in the case where the fail occurs in the at least one in-line instance.

Abstract: Provided are an information protection apparatus and system. The information protection apparatus based on Windows, Unix, or Linux includes a first check unit, a second check unit, and a security measure unit. The first check unit checks whether there is a file including monitoring information among a plurality of check target files in a local storage area, according to a predetermined check policy. The second check unit checks whether there is a file including the monitoring information among the check target files in a sharing storage area of a file system that is shared in a network drive type in an NFS scheme. The security measure unit performs a security measure conforming to a predetermined security policy for the file including the monitoring information.

Abstract: Provided are an apparatus and method for monitoring web application telecommunication data by user.

Abstract: Provided are a traffic analysis apparatus and method. The traffic analysis apparatus includes an analysis unit and a policy application unit. The analysis unit determines whether a network packet between at least one client and a server is a packet of a pre-registered SAP session, and, when the network packet is not the packet of the pre-registered SAP session, the analysis unit determines whether the network packet is a packet of a new SAP session. The policy application unit determines whether the network packet includes predetermined monitoring information when the network packet is the packet of the pre-registered SAP session or new SAP session and, when the network packet includes the monitoring information, the policy application unit performs a response action conforming to a predetermined security policy.

Abstract: Disclosed are a system and a method for printed matter security. A method for printed matter security according to an exemplary embodiment of the present invention includes: receiving policy information, information of a monitoring application program, and pattern information of personal information from a security server; inserting a printing interruption module in the monitoring application program when the monitoring application program corresponding to the information of the application program is executed; storing a content of a printing request by interrupting the printing request of the monitoring application program by the printing interruption module; verifying whether the personal information is included in the content of the printing request, using the pattern information; and performing an information protection function corresponding to the policy information when the personal information is included in the content of the printing request.

Abstract: Provided are a traffic analysis apparatus and method. The traffic analysis apparatus includes an analysis unit and a policy application unit. The analysis unit determines whether a network packet between at least one client and a server is a packet of a pre-registered SAP session, and, when the network packet is not the packet of the pre-registered SAP session, the analysis unit determines whether the network packet is a packet of a new SAP session. The policy application unit determines whether the network packet includes predetermined monitoring information when the network packet is the packet of the pre-registered SAP session or new SAP session and, when the network packet includes the monitoring information, the policy application unit performs a response action conforming to a predetermined security policy.

Abstract: Provided are an information protection apparatus and system. The information protection apparatus based on Windows, Unix, or Linux includes a first check unit, a second check unit, and a security measure unit. The first check unit checks whether there is a file including monitoring information among a plurality of check target files in a local storage area, according to a predetermined check policy. The second check unit checks whether there is a file including the monitoring information among the check target files in a sharing storage area of a file system that is shared in a network drive type in an NFS scheme. The security measure unit performs a security measure conforming to a predetermined security policy for the file including the monitoring information.

Abstract: Disclosed are a mobile DLP system and method. The mobile DLP system includes a general storage that allows an access in a normal mode and a security mode, an encrypted virtual storage that disallows an access in the normal mode and allows an access in the security mode, a management program that designates the general storage as a write/read area in the normal mode and designates the general storage and the virtual storage as the write/read area in the security mode, a fuse that intercepts a file input/output of an application program including the management program to again set a file input/output path as the virtual storage according to a command of the management program in the security mode, and a VFS engine that performs a bridge function between the application program of an application layer and the fuse of a kernel layer.

Abstract: Provided is a network-based data loss prevention (DLP) system. The network-based DLP system includes a FPGA engine including a pattern matcher and a MCP engine including a session list filter. The a pattern matcher hash-processes a payload of an input packet in units of a certain size, compares a pre-stored pattern and the hash-processed packet, checks a matching rule ID and an upload channel ID corresponding to the pre-stored pattern when there is a match therebetween, adds tagging information to a header of the input packet, and outputs the packet. The session list filter receives the packet with the tagging information added thereto, and performs pre-registered processing on the pre-registered session, or passes the received packet. The processor uploads, forwards, or drops the received packet in correspondence with the matching rule ID.

Abstract: Provided are an apparatus and method for monitoring web application telecommunication data by user.

Abstract: Disclosed are a system and a method for printed matter security. A method for printed matter security according to an exemplary embodiment of the present invention includes: receiving policy information, information of a monitoring application program, and pattern information of personal information from a security server; inserting a printing interruption module in the monitoring application program when the monitoring application program corresponding to the information of the application program is executed; storing a content of a printing request by interrupting the printing request of the monitoring application program by the printing interruption module; verifying whether the personal information is included in the content of the printing request, using the pattern information; and performing an information protection function corresponding to the policy information when the personal information is included in the content of the printing request.