Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Data Explorer

  1. Last updated
  2. Save as PDF
Limited Availability: To access DSPM Data Explorer, contact Skyhigh Support.

The Data Explorer is a centralized dashboard that provides comprehensive visibility into an organization's complete data security posture across Skyhigh SSE. Its core purpose is to provide security teams with a single, efficient interface for continuous monitoring, proactive risk analysis, and compliance evaluation of all data, enabling in-depth security analysis and faster response times.

To access the Data Explorer page, go to the Analytics > DSPM Data Explorer. For more details on the Data Explorer User Interface (UI), see Overview of Data Explorer.

Key Features of Data Explorer

A preview of some of the key features of DSPM Data Explorer is provided in the table below:

Feature

Description

Enterprise Overview of all sensitive data across SSE

Data Explorer allows you to configure and prioritize classifying the most relevant sensitive content. This capability helps in identifying additional sensitive data within your environment that may not have been initially included in your protection scope.

Email Visibility

Data Explorer enhances investigation by highlighting sensitive content within email attachments, enabling focused exploratory investigation.

Shadow IT Data Visibility

The Data Explorer enhances investigation by providing a complete view of your data estate, including data within Shadow IT. Use the dashboard to uncover valuable data insights and effectively mitigate data risks.

Automated Data Discovery and Ingestion

Skyhigh utilizes Near Real-Time (NRT) and On-Demand Scanning (ODS) technologies to automatically send relevant traffic and scanned data to the DSPM Data Explorer for recording and risk analysis.

File Search by Object Name or Digest/Hash

Data Explorer enhances investigation and prevents data exfiltration by enabling searches for top-level documents using either the Object Name or the Digest/Hash. Specifically, this capability allows you to search for:

  1. Object Name. Search by the file name for intuitive tracking of known sensitive files.
  2. Digest/Hash. Search by the document's unique cryptographic hash for forensic identification, and detect documents even if the file name is changed.

Searching in Embedded Documents 

The current version ofSkyhigh DSPM Data Explorer search focuses only on the top-level documents. Searches by Object Name or Hash will only return the top-level documents. Consequently, sub-components like files within zip archives or email attachments are not included in the search results at this time.

Common Questions on Data Explorer

 

► What are Objects in DSPM Data Explorer?  
 
In Data Explorer, an Object refers to any instance of data assets and resources that the system identifies and monitors within your infrastructure. For example, objects are individual files such as documents, spreadsheets, presentations, archives, etc, stored in CSPs or cloud storage. Or the Objects can also be email conversations or a web post, which involves a file. These objects are identified through scans, such as classification scans that detect Personally Identifiable Information (PII), Payment Card Information (PCI), Protected Health Information (PHI), secrets, and other types of sensitive data. Once identified, Data Explorer allows you to view, filter, and analyze these objects to understand where sensitive data resides and how it is exposed across your environment.
 
► How does Data Explorer detect and capture your Data?  
 
Data Explorer monitors data activity and captures objects that are scanned against your organization's DLP policies and classifications. This ensures that a detailed record is maintained in Data Explorer, even if an incident is not specifically triggered. Data Explorer collects information on objects from various sources, including:
  • ODS Scans. On-demand or scheduled scans of an organization's data sources.
  • NRT (Near Real-Time) Scans of Sanctioned Services. Continuous monitoring of sanctioned cloud services for policy violations.
  • Emails. Scans email attachments for sensitive information or policy violations.
  • Web Uploads. Scans and captures sensitive objects from files uploaded via web browsers.
► What does Data Explorer Record?
 
Data Explorer records information across the following types of data:
  • Files exceeding 256 bytes in size.
  • Objects that are embedded within other objects. 
    • A file compressed in a zip, a document included in a presentation, etc
  • Files uploaded to the CSP.
  • Files within Web Posts.
  • Emails that contain file attachments. An email without attachments will not be recorded in Data Explorer. 
  • A chat message without an attached file will not be captured. For example,
    • A chat message posted directly in a web browser, without an attached file, will not be captured in Data Explorer.

NOTE: The number of Data Explorer events is limited per transaction, and the current transaction limit for Data Explorer events is 1000. For example, if you have a zip file containing 1001 files, Data Explorer only records 1000 files.

Key Benefits of Data Explorer

The key benefits of Data Explorer are:

  • Proactive Threat Identification. Enables rapid detection of potential data breaches, compliance violations, and other security risks.
  • Insightful Data Analysis. Facilitates quick and comprehensive analysis of complex data relationships and trends.
  • Informed Decision-Making. Provides security analysts with the necessary insights to make well-informed decisions.
  • Timely Remedial Actions. Supports prompt and effective responses to identified security concerns.

Use Case on Data Explorer 

This use case demonstrates how the Data Explorer dashboard can be utilized to mitigate data risks and uncover valuable data insights. Through drill-down analysis, you can gain a comprehensive understanding of your entire data estate, including data residing in unsanctioned environments.

Analyze Enterprise Data Landscape for High Risk PCI Data on Unsanctioned Services

A Security Operations Center (SOC) administrator is tasked with investigating the diverse data landscape of an organization, with a particular focus on Payment Card Industry (PCI) data. The SOC aims to identify whether unsanctioned services used in the organization are interacting with PCI data or not, the individuals involved in this access, the distribution of the data across the organization, and the specific file types associated with it. This information is crucial for ensuring compliance and safeguarding sensitive financial information.

To assist SOC with the investigation:

  1. Access Data Explorer. Log in to the Analytics > DSPM Data Explorer dashboard to view the overall enterprise data landscape.
  2. Apply filters for PCI Data. To specifically examine PCI data and its usage, apply the Classification: PCI data filter. To assess risk, use a Risk filter for High risks. To identify whether the unsanctioned service accesses PCI data or not, apply the Service filter: Box, Google Drive, Slack, and Facebook. This ensures you focus on the most concerning elements of your PCI data landscape.
  3. View Filtered Results. You can switch between Chart View and Table View to analyze the filtered results. Note that the filters remain effective regardless of the view you choose.
    • Table View provides a quick summary of PCI data distribution and its associated risks. 
    • Chart View provides a detailed visual representation of PCI data distribution and risks. For the current investigation, Chart View is chosen to provide clearer insights into PCI data trends.
  4. Addressing other PCI Data Queries. To systematically answer the queries of the SOC administrator, gather information on the following aspects: 
    1. Users interacting with PCI data. Check the Users column in the Users table to understand which users are interacting with PCI data. This helps to track potentially risky user activities.
    2. PCI data distribution. Analyze data distribution metrics based on Object Size and Detection Mechanism. This analysis helps identify where the majority of PCI data resides and how it is being stored. 
    3. Object Types Constituting PCI Data. Check the data distribution metrics by Object Type to understand the distribution of various file types containing PCI Data, including Document, PowerPoint, Spreadsheet, and other categories. Understanding file types distribution assists in prioritizing security efforts around specific formats that may be vulnerable.
    4. Services Accessing PCI Data. Review the Classifications table > Services column to understand the services accessing PCI data and their associated risk levels.

      clipboard_e891ff9625cf871c136630bbdd2ab938f.png

By following this workflow, the SOC admin can gain a comprehensive understanding of their PCI data landscape, enabling them to effectively identify risks, monitor access and distribution, and prioritize security measures to protect sensitive information. To find more use cases on Data Explorer, see Critical Use Cases of DSPM.

NOTE: For detailed information on the specific limitations of Data Explorer, see Limitations of Data Explorer.