Scanning for confidential data
Do you guys use any specific tools to scan for confidential data on your file servers? I have found some tools that do the job, but wanted to see what everyone else uses.
Knowledge is Power.
Comments
-
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
I don't see how a tool can look for confidental data without human filtering? What tools are you using at present, out of interest?Do you guys use any specific tools to scan for confidential data on your file servers? I have found some tools that do the job, but wanted to see what everyone else uses. -
erpadmin
Member Posts: 4,165 ■■■■■■■■■■
We used a tool from Cornell called Spider. It did find some files with social security numbers.
IT: Spider -
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Tools do exist, as I know a company we use to support was looking into it (specifically for information being sent out through emails and the like). We never did a full scope to see what software was available and how exactly it works. Really interested to see what's out there though...WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
vsecgod
Member Posts: 48 ■■□□□□□□□□
DLP products is what your looking for like this:
Gentle Security Leakwall - Data Loss Prevention - Data Loss Protection
Data Loss Prevention -
JDMurray
Admin Posts: 13,078 Admin
eDiscovery solutions are also used to scan files and databases for specific information, but they are expensive. If all you are doing is looking for specific data patterns (e.g., words, number formats) then you can use any number of free file searching utilities that support regular expressions. -
Qord
Member Posts: 632 ■■■■□□□□□□
We used a tool from Cornell called Spider. It did find some files with social security numbers.
IT: Spider
This is what we use as well. We scan for credit card info and SSN's. -
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
Thanks for the suggestions.
+1
I will try and earn some brownie points with these tools! -
tpatt100
Member Posts: 2,991 ■■■■■■■■■□
Glad somebody asked for this I have to do an ediscovery / data retention policy now. -
paul78
Member Posts: 3,016 ■■■■■■■■■■
If you just need something comprehensive, take a look at Vontu(now part of Symantec), RSA, and McAfee. We use Vontu. You may need to supplement with other tools if you need to build a full DLP program. Ironport is a decent email proxy to check ou too.
