Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Improved Data Visibility in Data Explorer with Unified Expanded Scan

  1. Last updated
  2. Save as PDF

One of the primary goals of DSPM is to go beyond traditional DLP policies to understand content and classification type to show or identify where the sensitive data is located. The DSPM Data Explorer provides a complete, accurate, and continuously refreshed view of data placement and content for all observed data changes, even when those changes do not violate a specific DLP policy. This makes sure you have the latest, most precise understanding of your organization’s data footprint.

NOTE: The Unified Expanded Scan supports both CASB and Web DLP policies.

How It Works

The Unified Expanded Scan performs DSPM scan for additional data classifications, which are not part of the original DLP policy. This can also be referred to as beyond-policy-extended data categorization. For instance, a DLP policy (Sanctioned or Shadow-IT), which is defined to block any document containing Social Security Numbers (SSNs) uploaded to AI services, will now scan for additional classification types such as Source Code, PHI, HIPAA, etc.

This expanded scan does not affect the existing policy behaviour to trigger a DLP incident when the content matches one of the additional classifications. For example, if a document is scanned for SSN DLP policy and it does not have a match for an SSN number, but has source code in it, no incident is created as the policy did not intend to do so. However, this document will be shown in the DSPM Data Explorer Dashboard as it contains source code (pre-canned classification) instead of SSNs.

Use Case

A user in your organization uploads 10 files to their email. The policy-driven (primary) scan checks for sensitive data based on applicable classification, for example, credit card information, which is specified in the policy. Among these 10 files, three files may contain credit card information, whereas the remaining seven files may not have a match. However, the DSPM engine performs expanded scanning for all 10 files to identify if they may have contained any other sensitive data, like PCI, PHI, EAR, HIPAA, Financial and Security Compliance, etc., along with credit card information, which has a policy defined.

Key Capabilities

  • Deeper Visibility. Detect and populate DSPM Data Explorer with data not included by primary policy definitions.
  • Compatibility. Supports file-based events across all Cloud Service Providers (CSPs).
  • Optimized Performance. Zero impact on Near Real-Time (NRT) event processing.
  • Centralized Logging. Automatically populates results within the DSPM Data Explorer for unified data investigation.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.