Data Loss Prevention

Hello all,

Trying to get a better understanding of how DB scanning works. Per the Admin guide: " Scanning of SQL databases occurs for a specific set of column data types. The SQL Database scan extracts data of the following Java Database Connectivity (JDBC) types:

CLOB, BLOB, BIGINT, CHAR, LONGVARCHAR, VARCHAR, TINYINT, SMALLINT, INTEGER, REAL, DOUBLE, FLOAT, DECIMAL, NUMERIC, DATE, TIME, and TIMESTAMP.

The mapping between these column types and those of a specific database depends on the implementation
of the JDBC driver for the scan.

Does the scan go through each colum and row looking to match the contents of the said colum/row against a specific set of policies? 

Chitown,

The answer is yes.. DLP will issue a SQL query and then try to match the policy against the returned values. The SQL query is different for each DB type, so that query can be modified or configured depending on the DB type and config. Work with your DBA to get the right query tuned. 

You can configure the SQL query by editting the sqldatabasecrawler.properties on the Discover Server. It is also where you can add/configue other DB targets after you install the right JDBC driver.

https://help.symantec.com/cs/DLP15.0/DLP/v15600809_v120691346/Installing-the-JDBC-driver-for-SQL-database-targets?locale=EN_US

https://help.symantec.com/cs/DLP15.0/DLP/id-SF0B0131613_v120691346/SQL-database-scan-configuration-properties?locale=EN_US

Good Luck

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE

Thank you Ronak, yes that helps a lot! The other part of this being able to throttle DB scans. I know from the Enforce server there isn't much that can be done. Is there anything on the Network Discover side I can do to throttle how DBs are scanned? 

Chitown,

You can throttle the amount of data /rows per minute.. 

That should be helpful.. also the SQL command can also include a limiter to only provide X number of rows. 

Good Luck

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE