I can't sleep at night because nobody can tell me clearly where my sensitive data are, and how I can stay on top of it! (CDO)
Type: Product
A tool used for the scanning, discovery, identification and reporting of sensitive data, anywhere in an organization's data infrastructure... Both structured & unstructured data, and up into connected client PC's and their clipboard!
For the special case of security threats in unstructured data, it can also apply masking/blurring on the fly, and prevent leaks.
For the special case of security threats in unstructured data, it can also apply masking/blurring on the fly, and prevent leaks.
Service Mgmt. & Support
Hotline (English)
- Typically: business hours are the rule, since the system is usually not business-critical (GMT +03:00, negotiable).
- 24/7 is in principle possible. Service Desk:
- Remote support provided via ticketing system.
- Email groups are available to post questions (counts as a ticket).
- SLA defined for critical/major/minor issues.
- No additional difference for bronze/silver/gold service levels.
Competitor Product
- IBM Guardium
- Informatica TDM
- Micro Focus SDM
- Micro Focus TDM (minor overlap)
Use Cases & Pain Points Addressed
This tool solves the following pain points, or greatly reduces their impact:
Large organizations may be challenged in understanding where they store sensitive data that is subject to special regulation and/or internal security:
As such, this tool is instrumental to the baselining and implementation of an organization's data security framework (See also GDPR, DSGVO, SOX, GLBA, PCI DSS, HIPAA, FIPA, KVKK & BDKK compliance requirements).
It helps organizations to first define which data is ""sensitive“, then understand whether they have any, and where it is being stored... in order to take both controlling and securing actions thereafter, in both transactional and BI environments.
It does so not only by looking at meta data (i.e. based on interpretation of column names), but also by looking at the data itself, and in multiple locations – up to inside client computers.
A number of actions can be triggered upon finding matching data, turning it not only into a tool for reporting, but also operations.
Masking can be applied in real-time on unstructured data, i.e. upon having been identified as sensitive – thus taking immediate preventive actions against leaks.
With the help of this tool, organizations can continuously re-assess their risks and exposure, as their IT ecosystem evolves, and enforce control over what sensitive information is being replicated on client computers – eventually also allowing intrusive action to secure it in real-time.
A number of actions can be triggered upon finding matching data, turning it not only into a tool for reporting, but also operations.
Large organizations may be challenged in understanding where they store sensitive data that is subject to special regulation and/or internal security:
- In structured data, scanning any connected database (RDBMS).
- In unstructured data (i.e. any data not stored on RDBMS), whether on file systems, HDFS, or even [personal] client computers, as well as for any file type – e.g. text files (xml, txt, jason, etc.), office documents, images (.jpeg, .png, etc.), pdf.
As such, this tool is instrumental to the baselining and implementation of an organization's data security framework (See also GDPR, DSGVO, SOX, GLBA, PCI DSS, HIPAA, FIPA, KVKK & BDKK compliance requirements).
It helps organizations to first define which data is ""sensitive“, then understand whether they have any, and where it is being stored... in order to take both controlling and securing actions thereafter, in both transactional and BI environments.
It does so not only by looking at meta data (i.e. based on interpretation of column names), but also by looking at the data itself, and in multiple locations – up to inside client computers.
A number of actions can be triggered upon finding matching data, turning it not only into a tool for reporting, but also operations.
Masking can be applied in real-time on unstructured data, i.e. upon having been identified as sensitive – thus taking immediate preventive actions against leaks.
With the help of this tool, organizations can continuously re-assess their risks and exposure, as their IT ecosystem evolves, and enforce control over what sensitive information is being replicated on client computers – eventually also allowing intrusive action to secure it in real-time.
A number of actions can be triggered upon finding matching data, turning it not only into a tool for reporting, but also operations.
Key Features & Differentiators
The following features and advantages should be noted:
Architecture-level:
Can trigger real time alarms, i.e. when a particular event-triggered scan includes sensitive data (e.g. when a new file is created, or clipboard operations) – by means of sending an email, or integration with SNMP (e.g. to other monitoring tools).
Supports:
The tool can feed other meta data catalogues, or else generate reports on top of its own metadata repository.
Costs/Expenses: comes at a fraction of the cost of international vendor tools (List Price comparison).
Performance benchmark from a large corporation:
Architecture-level:
- It can run in multi-thread mode, with appreciable performance.
- Supports highly customizable scanning and accurate reporting, down to the exact column / path and file.
- Supports data discovery on both structured and unstructured data, supports groovy scripting, and scanning of [personal] client computer, including their clipboards.
- Supports real-time sensitive masking (on the fly), for unstructured data.
- Has a catalogue of actions & document classification options, while scanning and matching sensitive data.
Can trigger real time alarms, i.e. when a particular event-triggered scan includes sensitive data (e.g. when a new file is created, or clipboard operations) – by means of sending an email, or integration with SNMP (e.g. to other monitoring tools).
Supports:
- On premise: Oracle, SQLServer, PostgreSQL, My SQL, DB2 (Luv & Z/OS).
- On premise: any JDBC connection-supported database system, as well as Hadoop HDFS.
- In the Cloud (all): Oracle, SQL Server.
- NoSQL databases: Cassandra & MongoDB.
- .ssh, telnet, ftp, sftp, webhdfs, etc. ANY protocol to access any location for unstructured data.
- Sharepoint.
- Exchange email server.
The tool can feed other meta data catalogues, or else generate reports on top of its own metadata repository.
Costs/Expenses: comes at a fraction of the cost of international vendor tools (List Price comparison).
Performance benchmark from a large corporation:
- Scanning one major database in 20 minutes, taking 10.000 sample random records for each table.
