Uncover Sensitive Data with the Classifier Tool

uncover-sensitive-data-with-classifier-tool

Understanding what sensitive data resides in your enterprise database is a critical step in securing your data. Imperva offers Classifier, a free data classification tool that allows you to quickly uncover sensitive data in your database.

Classifier contains over 250 search rules for popular enterprise databases such as Oracle, Microsoft SQL, SAP Sybase, IBM DB2 and MySQL and supports multiple platforms like Windows, Mac and Linux. Once you download and install Classifier, you can start discovering sensitive data, such as credit card numbers, person IDs (which includes ID-type elements associated with a person like user name, user ID, and employee ID), access codes and more in your database. The tool also jumpstarts you on your road to compliance with General Data Protection Regulation (GDPR) as well as data security. This post will walk you through the steps of using the tool.

First, you need to meet the prerequisites listed in the Classifier User Guide. Then you can begin your scan, view the results, and evaluate corrective action options. Let’s get started.

Running a Scan

Running a Classifier scan is a simple, four-step process.

  1. Open Classifier.
  2. Select your database type from the drop down list. (Options include Oracle, Microsoft SQL Server, SAP Sybase, IBM DB2, and MySQL.)
  3. Enter details for the selected database, as follows (see Figure 1):
    • Host/IP
    • Port (or use default Port)
    • Schema – a collection of database objects (i.e. table) associated with one particular database user name
    • User Name
    • Password
    • Database Name / Instance / SID

NOTE: Microsoft SQL Server supports Windows Authentication, which is enabled by default. To disable and manually enter a User Name and Password, click the Authentication button next to the User Name field. Enter the appropriate User Name and Password (see Figure 2).

  1. Click Go to start the scan. The scan will run without the database experiencing any downtime or performance degradation.

uncover sensitive data - set scan parameters - 1

Figure 1: Set scan parameters in Classifier

uncover sensitive data - disable windows authentication - 2

Figure 2: Disable Windows Authentication

Review the Results

The results of the scan are presented on an easy-to-read dashboard (see Figure 3).

uncover sensitive data - classifier dashboard - 3

Figure 3: Classifier executive summary dashboard [click to enlarge]

The dashboard is organized into three panes:

Top Pane — Displays an executive summary of the sensitive data contained within your database as well as an indication of the amount of sensitive data present.

  • Number of sensitive data categories detected
  • Number of total sensitive data
  • Time to complete the scan

Middle Pane — Displays summary statistics that include:

  • Ratio of sensitive/non-sensitive database columns
  • Data Classification Results — Different categories of sensitive data found, such as personal identification number, mailing address, access codes, etc.
  • Ratio of each sensitive data category

Bottom Pane — Displays Classification Details, organized into a sort-able table with the following types (see Figure 4 for a larger view):

  • Category — Displays type of sensitive data
  • Table Count
  • Column Count
  • Row Count

In the example above, there are a total of 30 columns of sensitive data, which accounts for 11% of this scanned database. Among the sensitive data found, 7% are access codes, 20% is free text, 10% are person IDs, and 49% are person names. When you look at the classification details, you can find the actual amount under each category.

To better understand which schema, tables, and columns are contained within each category, you can click on a category row under the Classification Details section to expand the content. You can drill down into details of a specific category, including row counts associated with each schema, table and column identified by the scan (see Figure 4).

uncover sensitive data - classification details - 4

Figure 4: Category detail example showing a total of 2 tables that contain 17 rows of person ID data [click to enlarge].

Next Steps

Now that you’ve identified what sensitive data resides in your database, you can then take appropriate actions, such as data monitoring or data masking, to further secure your data. It’s easy to use Classifier to quickly uncover sensitive data that may be at risk within your organization. While this free tool searches database metadata, our enterprise data security products provide additional capabilities, such as database content searching, reporting and export functionality.

Download Classifer, a free data classification tool.

Learn more about how Imperva can help secure your data.