Content Sentinel sniffs out sensitive information
Simple and scalable, Sentinel scours desktops, servers, and more
Tablus plans in a few months to release Content Alarm 3.0, the next generation of its full security suite. In defining the specifications for this upgrade, company representatives said customers asked for a simple, scalable, quickly deployed solution to find sensitive documents on their networks. Content Sentinel 1.0 is the result.
This stand-alone server application and accompanying zero-footprint agent identifies documents containing PII (personally identifiable information) plus files that don’t adhere to the PCI (Payment Card Industry) data security standard.
After a quick install, Content Sentinel’s orderly interface allowed me to quickly pick various computers and groups from an Activity Directory to scan. It’s equally easy to specify specific file shares on these machines and investigate PCs within a range of IP addresses.
Importantly, Content Sentinel is very frugal with network and PC resources. In small deployments the controller scans remote systems directly. For scalability, the system launches lightweight, temporal agents that run on local machines. Agents use idle cycles to perform analysis (similar to the Search for Extraterrestrial Intelligence's distributed architecture), send the results to the controller, and then disappear after their work is done.
This design worked well in testing. Content Sentinel scanned 52 machines with more than 4 million documents -- approximately 1TB of data -- in just less than six hours. According to system statistics, without agents the same scan would have required 1.5 days.
Content Sentinel ships with policies for HIPAA, California SB 1386, and related regulations. I also registered content that was specific to my organization. Although not comprehensive, this should cover the major compliance initiatives.
The software uses Tablus’ established analytics -- entity extraction, phrase frequency qualification, stemming, and similar techniques -- to accurately find data that matches the policies.
After analyzing collected data, the system generates a risk profile and various other reports. For example, compliance executives can compare risk factor by different scan groups or category. You also see the machines with the highest number of security problems.
Although reports illustrate the depth of compliance problems, Content Sentinel also allows you to take action. Opening the Remediation tab displayed a list of files that contained sensitive data, which can be grouped by category. I also searched for duplicates of these files, a time-saving feature. Finally, I acted on various files (by right-clicking), quarantining and deleting them.
Tablus Content Sentinel 1.0 enables enterprises to locate and control confidential information at rest quickly. The included policy modules use advanced linguistics to accurately identify information related to PII and PCI. Although missing notification and search functions of the high-end products reviewed, this solution is nonetheless valuable for quickly determining the extent of data security gaps and then performing some basic fixes.