Scanning for confidential data

Do you guys use any specific tools to scan for confidential data on your file servers? I have found some tools that do the job, but wanted to see what everyone else uses.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Asif Dasl

t3ch_guru wrote: »

Do you guys use any specific tools to scan for confidential data on your file servers? I have found some tools that do the job, but wanted to see what everyone else uses.

I don't see how a tool can look for confidental data without human filtering? What tools are you using at present, out of interest?

erpadmin

We used a tool from Cornell called Spider. It did find some files with social security numbers.

IT: Spider

the_Grinch

Tools do exist, as I know a company we use to support was looking into it (specifically for information being sent out through emails and the like). We never did a full scope to see what software was available and how exactly it works. Really interested to see what's out there though...

vsecgod

DLP products is what your looking for like this:
Gentle Security Leakwall - Data Loss Prevention - Data Loss Protection

Data Loss Prevention

JDMurray

eDiscovery solutions are also used to scan files and databases for specific information, but they are expensive. If all you are doing is looking for specific data patterns (e.g., words, number formats) then you can use any number of free file searching utilities that support regular expressions.

Qord

erpadmin wrote: »

We used a tool from Cornell called Spider. It did find some files with social security numbers.

IT: Spider

This is what we use as well. We scan for credit card info and SSN's.

t3ch_guru

Thanks for the suggestions.

Asif Dasl

t3ch_guru wrote: »

Thanks for the suggestions.

+1

I will try and earn some brownie points with these tools!

tpatt100

Glad somebody asked for this I have to do an ediscovery / data retention policy now.

paul78

If you just need something comprehensive, take a look at Vontu(now part of Symantec), RSA, and McAfee. We use Vontu. You may need to supplement with other tools if you need to build a full DLP program. Ironport is a decent email proxy to check ou too.