Data Loss Prevention (DLP)
Monitoring Data Transfers to Removable Devices using eBPF
Product Category
Objective
Use eBPF to monitor and control data transfers to removable devices, such as USB drives and external hard disks, on Linux systems.
Details
System Calls Monitored:Monitor system calls related to file operations on removable devices (e.g., write, read, open).
Data Captured:
- Timestamp of data transfer
- User initiating the data transfer
- File details (name, size, type)
- Device details (name, type, serial number)
Use Case
This implementation aids in preventing data exfiltration via removable devices by monitoring and controlling data transfers. Organizations can enforce DLP policies to block or log data transfers that violate security policies, ensuring sensitive data is not copied to unauthorized devices.