Data Loss Prevention (DLP)
Monitoring Printer Activity using eBPF
Product Category
Objective
Implement eBPF programs to monitor and control printer activity, allowing organizations to enforce DLP policies on data being printed from Linux systems.
Details
System Calls Monitored: Intercept CUPS (Common Unix Printing System) filters and print-related system calls.
Data Captured:
- Timestamp of print job
- User initiating the print job
- Document details (name, size, type)
- Printer details
Use Case
This implementation helped prevent the unauthorized printing of sensitive documents by monitoring print jobs and enforcing DLP policies. Alerts and actions (such as blocking the print job) can be triggered if the printed document contains sensitive or confidential information