DgDiscover for Compuware helps enterprises locate their sensitive data across different databases. The two unique capabilities and features of DgDiscover are the ability to “Find IT” and “Search IT”.
The Find IT feature searches the network to locate databases deployed in the environment. These may include Oracle, Microsoft SQL Server, IBM DB2, Sybase, Teradata, MySQL, and Microsoft Access databases. The Search IT feature then searches the databases to identify and locate sensitive data. Knowing which databases are deployed in the network, and where sensitive information is being managed, helps enterprises better manage their information security risks.
Find Sensitive Data in Structured Repositories
Search IT looks for sensitive and potentially sensitive data within structured and unstructured repositories. DgDiscover employs sophisticated algorithms to automatically identify data, such as credit card numbers, expiration dates, social security numbers, and phone numbers. It then creates detailed reports showing where this information resides in different data sources.
Find Sensitive Data in Unstructured Repositories
DgDiscover also has the unique ability to identify sensitive data in unstructured sources, such as text files, Microsoft Word, Excel, and PowerPoint documents, and other file formats.
Use Predefined Templates to Ensure Data Compliance
DgDiscover has predefined templates for conducting searches for data relevant to compliance initiatives such as PCI and HIPAA. It also provides a completely customizable search rule base, which can be tailored to support specific use cases
Generate graphical search results and reports
DgDiscover has an easy-to-learn user interface and generates graphical summaries of search results, which are easy to interpret Finally, DgDiscover’s built-in reporting lets you prepare graphical and tabular reports and save them in a variety of formats for later reference.
Security administrators and compliance managers can use DgDiscover to locate repositories of sensitive information for risk management and compliance reporting. Application administrators and architects can use it to automatically analyze application data to help define masking policies and flag data that should be masked using DgMasker. DgMasker reads files generated by DgDiscover to enable analysts to quickly define appropriate masking policies for data leveraged for non-production uses such as test, development, and offline business analysis.
Overview of Find DBs Functionality
After creating a project in DgDiscover, the next step is to find the databases on your network. The Find DBs tab is the default tab when you open a new or existing project. It lets you select which databases to scan, enter specific IP addresses and port ranges (if you prefer not to use default values), select a chart type to view the scan results, and view and create groups for the database details.
The scan operation scans all the ports on the network. Since the databases are configured on different ports, you need to make sure you have permission to scan all ports. You can check with your organization’s information security policy. This will help ensure that you can scan all of the databases you have selected (since only the selected databases are scanned for instances). Note: The Find DBs tab is only available if you have licensed databases with your copy of DgDiscover for Compuware.
Selecting Databases to Scan
When you create a new or open an existing project in DgDiscover, the window opens to the Find DBs tab. This is where you:
Select which databases to scan
Specify the IP addresses and port ranges, or use default values, for each database type you wish to scan. The databases available to configure are Oracle, Microsoft SQL Server, IBM DB2, Sybase, Teradata, MySQL, and Microsoft Access databases.
After you have located databases in which to search for sensitive data (through the Find DBs tab), you are ready to specify the search criteria you want to use.
The first step in the discovery of the sensitive data is to select the pre-defined data types on which to perform the search. You can use pre-defined search criteria as well as define your own custom data types through the expression builder.
The Search Criteria tab consists of three areas that let you define detailed search parameters:
The Pre-defined Search Criteria
The options at the top of the Search Criteria page display numerous data types, which can be grouped together by selecting a standards guideline such as HIPAA, General, PII, or PCI. These buttons select sensitive data types based on compliance requirements.
The All button selects all pre-defined search criteria, the None button deselects whatever is currently selected, and the General button — the default selection — includes a broad range of criteria.
Search Mode and Sample Data
The Search Mode has two options: Quick or Deep Search. The Sample Data options are Random, From Top, or Complete (for Deep Search only). If you select Quick Search, the Sample Data options become disabled.
Note: The Specify Formats button that appears on the far right of this area pertains to formatting options available for Pre-defined search fields. See the procedure that follows or Specifying Formats for more information.
This area shows expressions you have created (or imported) using the Expression Manager. These can include regular or custom expressions, and be used for Deep or Quick Searches, based on the expression parameters. See Including Expressions in a Search for more information.
To select Pre-defined Search Criteria to locate sensitive data:
When you define which search criteria you want to use to find sensitive data in your databases, you can further define formatting options for some of those criteria. These format options are available in the Application Settings dialog box, which you can open from the Search Criteria tab, the Options menu, or the toolbar.
Including Expressions in a Search
In addition to using the pre-defined search criteria, you can include regular and custom expressions to search for sensitive data in your databases. There are two different types of expressions:
Data expressions to search for data
If you are conducting a database search, you can use both data and column expressions. You can use a data expression only if you are conducting a file search. Note: The following procedure assumes there are expressions available in the Search Criteria tab. If not, see Creating a New Expression and Importing an Expression to learn how to create or import expressions.
Editing an Expression
You can modify any expression that you create or import from another source. Once you create an expression, however, you cannot edit the expression name: only the details associated with that expression.
Importing and Exporting Expressions
You can share regular and custom expressions used as search criteria to find sensitive data by importing and exporting them with other DgDiscover users.
Overview of the Connection Manager
The next step in searching for sensitive data is to connect to the database or databases on which you want to run the discovery process. The Connection Manager enables you to establish and manage connections with all the databases that DgDiscover for Compuware supports.
You use the Connection Manager to:
Select the database connections that are already configured on your system.
Select a predefined Environment or create a new one.
Import, Add, or Remove connections.
Test Connections to ensure they are working.
Create a Safe List, which can include databases, schema, table names, and column names that you think could return search results that are false positives.
See the Related Topics below (or sections under “Using the Connection Manager” in the User’s Guide) to continue after opening the Connection Manager.
Detects and Protects Files that Reside on File Systems
DgFiles detects and protects files that reside on a computer file system. Recognizing the unstructured nature of the contents stored in these files, DgFiles enforces a variety of remediation policies, ranging from sensitive data masking to file quarantine.