Quickly discover sensitive content

Tablus Content Sentinel 3.0 employs grid processing to scan files dispersed across large networks

Monitoring systems on the central LAN for personal and proprietary data – something industry analysts estimate 86 percent of companies must do to comply with one or more regulations, such as GLBA, HIPAA, and Sarbanes-Oxley – is already an enormous challenge. Then consider the extra complexities introduced as this content sprawls to remote offices and partner locations.

Content Sentinel 3.0, the data-at-rest component of Tablus' data protection suite, accurately identifies sensitive information on file servers, laptops, desktops, portals, content management systems, Microsoft Access databases, and e-mail archives. Version 3.0 debuts several enhancements, with performance and scalability topping the list.

To scan thousands of computers simultaneously, Tablus now takes a distributed approach. One of your servers runs the Enterprise Coordinator software, which controls Site Coordinators – a small service remotely loaded on a designated system in each distant location; in turn, Site Coordinators manage temporary and permanent agents installed on end-point systems. 

Click for larger view.

Agents are used by many vendors for evaluating data at rest. That's because they spread the processing load and return only the results of scans or problematic files to the main server (older methods require you to copy all files to a central server for analysis). Content Sentinel is especially network friendly, typically transmitting less than 0.1 percent of scanned data over the network to the master controller. Most significant, Content Sentinel lets you define a grid of machines that work in parallel to analyze large information repositories. Additionally, version 3.0 includes 25 new Expert Content Blades (data-protection policies). In practical terms, this means most kinds of confidential information are covered out of the box, without your having to configure policies.

Nevertheless, configuring your own policies is easy to do, as you can see in this screencast.

Scanning the grid
Deploying my test environment was relatively painless. Only one problem surfaced at the start – one that Tablus support quickly determined was caused by Symantec AntiVirus. With a workaround supplied by Tablus in place, I quickly launched the Content Sentinel Management Console, created Site Coordinators, and then added machines to scan (Scan Groups). Because you can specify systems by name, IP address range, or LDAP groups, large deployments should go smoothly.

Similarly, Content Sentinel's options are straightforward. For example, forms let me check off which of the built-in content categories (such as credit card information or personally identifiable information) to scan for. I could also decide whether agents would be installed permanently on target machines, or only temporarily.

Once the scan completes, Content Sentinel displays a list of files containing sensitive data that you must then evaluate. The evaluation process is aided by several tools, such as grouping results by computer or security category. Simply click on a file, and Content Sentinel explains exactly what triggered the alert, perhaps a credit card number. After reviewing the flagged files, you have the information you need to take the appropriate action, such as quarantining the file (so no one can touch it) or moving the file to a secure area (such as a restricted file share).

Moreover, the Tablus system rapidly found all copies of a particular document throughout my network. This central control and remediation, I believe, is very important when you need to quickly correct high-risk files.

As I've found in a previous Tablus Content Sentinel evaluation, the company's content detection is precise. The pre-built Expert Content Blades produced minimal false positives. After registering my custom client lists and source code, Content Sentinel 3.0 found all instances of sensitive data. Version 3.0 scans Microsoft SharePoint portals. Some content management systems and other repositories use the CIFS or SMB (Server Message Block) protocol for file sharing – which Tablus also supports. That said, Content Sentinel still lacks native connectors to most databases and legacy systems, lagging behind competitors such as Websense's PortAuthority. To scan these repositories with Content Sentinel, you must export a local copy of your data as a flat file.

Gridding the scan
Grid processing is an interesting option, where you select machines to offload heavy scanning tasks, perhaps evaluating many file shares. It's like Folding@home or SETI@home, where the system grabs spare machine cycles and distributes processor-intensive work. Tablus thoughtfully shows the grid scan status (such as CPU utilization of each PC) and lets you dynamically add or remove machines as necessary.

I didn't have enough computers for heavy testing. However, a real-world Content Sentinel implementation at Microsoft (which has 30,000 file shares and 120,000 SharePoint sites) convinced me of Content Sentinel's performance and scalability. With a 10-machine grid, an initial scan of 12TB of data on Microsoft's file shares took nine days; complete incremental scans are completed in one-half day.

Click for larger view.

My own testing verified that the latter "smart processing" properly rescanned only new, modified, moved, or renamed files. There's also stateful restart, where Content Sentinel continues where any interrupted scan leaves off, if perhaps the machine was turned off. Additionally, Tablus' disconnected scan mode processed files while my laptop was offline, then uploaded results when I reconnected to the network.

Content Sentinel's reporting and management dashboard provides more insight and usability compared to my first look at this product. It presents overall risk and scan summaries, while also charting content risk and security trends. Nine risk analysis and scan reports let you examine the underlying details. For instance, you might see abnormally high risk at an outsourced call center, and then drill down to identify the cause as client records saved in freely accessible spreadsheets.

Further, scan results can be saved. This audit trail could be invaluable in determining what content was stored on a lost or stolen laptop – and perhaps eliminate the need for a costly notification process.

Tablus Content Sentinel 3.0 helps you gauge gaps in your data security by identifying content at risk on laptops, desktops, and servers. You can then take measures to protect this information before it moves or is misused. This alone can help demonstrate to auditors that you're taking proactive security measures. Similarly, protecting confidential data reduces the risk of it getting into the hands of competitors. As such, this solution plays an important role within an overall strategy to enforce compliance with corporate and regulatory policies.

InfoWorld Scorecard
Management (20.0%)
Value (10.0%)
Accuracy (20.0%)
Features (20.0%)
Ease of use (20.0%)
Scalability (10.0%)
Overall Score (100%)
Tablus Content Sentinel 3.0.2 8.0 9.0 9.0 8.0 9.0 9.0 8.6