主权项 |
1. A computer-implemented method comprising:
monitoring, by a computing device, operations by a client application; determining, by the computing device, that data of one of the operations contain confidential information protected by a data loss prevention (DLP) policy; and in response to determining that the data contains the confidential information, determining whether the client application is using the confidential information for a legitimate purpose or an illegitimate purpose, comprising:
analyzing, by the computing device, behavior of the client application with respect to the confidential information;identifying a pattern of how the client application uses the confidential information based at least in part on the behavior of the client application, wherein the identified pattern is not associated with a user;performing a comparison of the identified pattern to at least one of a model of legitimate use of the confidential information or a model of illegitimate use of the confidential information to determine a security risk of the client application; andassigning a risk rating indicative of the security risk to the client application; performing an action to mitigate risk of data loss if the risk rating exceeds a threshold.
|