Abstract: The disclosed computer-implemented method for enforcing data loss prevention policies on endpoint devices may include (i) detecting that an endpoint device has terminated a connection with a protected network that is protected by a network-level data loss prevention system and has connected to an external network that is not protected, (ii) switching, in response to detecting that the endpoint device has connected to the external network, from an in-network data loss prevention policy to an out-of-network data loss prevention policy, (iii) detecting an inbound data transfer to the endpoint device, (iv) determining that the inbound data transfer comprises a transfer from a protected source that is protected by the out-of-network data loss prevention policy, and (v) performing a security action in response to determining that the inbound data transfer to the endpoint device comprises the transfer from the protected source. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enforcing data loss prevention policies on endpoint devices may include (i) detecting that an endpoint device has terminated a connection with a protected network that is protected by a network-level data loss prevention system and has connected to an external network that is not protected, (ii) switching, in response to detecting that the endpoint device has connected to the external network, from an in-network data loss prevention policy to an out-of-network data loss prevention policy, (iii) detecting an inbound data transfer to the endpoint device, (iv) determining that the inbound data transfer comprises a transfer from a protected source that is protected by the out-of-network data loss prevention policy, and (v) performing a security action in response to determining that the inbound data transfer to the endpoint device comprises the transfer from the protected source. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information are stored into the clipboard. A paste operation is evaluated based on the data, and the information is evaluated against a policy to determine whether the paste operation should be blocked.

Abstract: Techniques are disclosed for performing data loss prevention (DLP) by monitoring file system activity of an application having a network connection. A DLP agent tracks file system activity (e.g., file open and read operations) being initiated by the application. The DLP agent intercepts the file system activity and evaluates a file specified by the file system operation to determine whether the file includes sensitive data. If so determined, the DLP agent prevents the sensitive data from being transmitted (e.g., by blocking the file system activity, redacting the sensitive data from the file, etc.).

Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information are stored into the clipboard. A paste operation is evaluated based on the data, and the information is evaluated against a policy to determine whether the paste operation should be blocked.

Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information is stored into the clipboard. A paste operation is evaluated based on the data and the information is evaluated against a policy to determine whether the paste operation should be blocked.

Abstract: The present disclosure relates to using reputation information (e.g., of applications, libraries, network destinations, etc.) in a data loss prevention system. According to one embodiment, a computer system (e.g., an endpoint or server system) identifies a first application requesting to access a file accessible through the computer system. The DLP system present on the computer system determines a reputation associated with the first application. The DLP system may determine reputation from information stored locally on the computer system or from a reputation service in the cloud. If the reputation information indicates that the first application is trusted, the computer system allows the first application to access the file, subject to a data loss prevention (DLP) policy. If, however, the reputation information indicates that the first application is untrusted, the computer system blocks access to the file.

Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information is stored into the clipboard. A paste operation is evaluated based on the data and the information is evaluated against a policy to determine whether the paste operation should be blocked.