Endpoint data governance¶
Why does Coro only detect a small number of sensitive data occurrences within a file when a file scan is run?¶
The purpose of file scans (on endpoint device drives and in general) is to identify files containing sensitive information so that admin users are notified of potential risks and can take appropriate measures to protect the sensitive information in question, by either:
-
Adjusting data governance permissions
-
Taking measures prescribed by their organization's data governance policy
It is not necessary to detect all occurrences of each type of sensitive information within a given file for that, so Coro limits the number of such detected occurrences to optimize performance and (in the case of endpoint devices) improve end-user experience.
What social security number (SSN) pattern does Coro detect?¶
Coro recognizes US social security numbers (SSNs). Coro additionally detects SSNs on a predefined list of keywords if the SSN is in an unrecognized format.
Under what circumstances will Coro automatically close Data Loss Prevention (DLP) tickets?¶
Tickets containing sensitive information, but that do not require manual review by admin users, are automatically closed.
Such tickets are included in the Coro console ticket log for audit, monitoring, analysis, and to satisfy regulatory compliance requirements. They are typically triggered automatically by events such as the detection of sensitive information in an email, file, or file sharing. Some examples of this type of ticket include:
-
Personal Identifiable Information (PII): IP and MAC address.
-
Nonpublic Personal Information (NPI): Monthly payment (financial content) and email address.
-
Protected Health Information (PHI): Medical Records Number (MRN).
Why does Coro create multiple Data Loss Prevention (DLP) tickets related to the same event?¶
Coro can identify stored sensitive information on user devices that potentially violate one or more regulatory or data compliance standards. Such information falls into one of the following categories:
-
Personally Identifiable Information (PII): Information connected to a specific individual that can be used to uncover that individual's identity, such as full name, email address, passport number, or social security number.
-
Payment Card Industry (PCI): A set of security standards created by major credit card providers designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
-
Protected Health Information (PHI): Data collected, stored, used, or transmitted during the provision of health care services. This data includes patient name, medical history, and health insurance information.
-
Non-Public Personal Information (NPI): Personal financial data that is collected and stored by financial institutions. NPI is a combination of PII and other indicators. For example, social security numbers are PII indicators, but in combination with credit card information, they are also classified as NPI.
The following table lists sensitive information detectors that Coro is able to identify and their respective categories:
| Detector Name | Type | Data Type I | Data Type II |
|---|---|---|---|
| Account Number | Content | NPI | |
| Annual Credit Report | Form | NPI | |
| Bank Routing Number | Content | PII | NPI |
| Bank Statement | Form | NPI | |
| Bill Of Sale | Form | NPI | |
| Car Title | Form | NPI | |
| CDT (Current Dental Terminology) Codes | Content | PHI | |
| Certificate | Content | ||
| CPT (Current Procedural Terminology) Codes | Content | PHI | |
| Credit Card Number | Content | PCI | NPI |
| Credit Card Statement | Form | NPI | |
| Custom Keywords | Content | ||
| Date | Content | PHI | NPI |
| Driver License | Content | PII | NPI |
| Email Address | Content | PII | NPI |
| Financial Content | Content | NPI | |
| FR-44 | Form | NPI | |
| General Medical Keyword | Content | PHI | |
| Health Insurance Claim | Content | PHI | |
| IBAN | Content | PII | NPI |
| ICD-10 | Content | PHI | |
| Insurance Card | Form | NPI | |
| Insurance Plan Payment | Form | NPI | |
| IP | Content | PII | NPI |
| IP V4 | Content | PII | NPI |
| IP V6 | Content | PII | NPI |
| Lease Agreement | Form | NPI | |
| Mac Address | Content | PII | NPI |
| Medical Beneficiary Identifier (MBI) | Content | PHI | |
| Medical File | Content | PHI | |
| Medical Records Number (MRN) | Content | PHI | |
| MISC 1099 | Form | NPI | |
| Odometer Disclosure | Form | NPI | |
| Password | Content | ||
| Pay Stub | Form | NPI | |
| Person Name | Content | PII | NPI |
| Personal Net Worth | Form | NPI | |
| Phone Number | Content | PII | NPI |
| Social Security Number | Content | PII | NPI |
| Source Code | Content | ||
| SR-22 | Form | NPI | |
| Swift | Content | ||
| Taxpayer Identification Number (ITIN) | Content | PII | NPI |
| US Health Care NPI | Content | PHI | |
| US Address | Content | PII | |
| US Bank | Content | PII | NPI |
| US DEA Number | Content | PHI | |
| US Employer Id Number | Content | PII | NPI |
| US Passport | Content | PII | NPI |
| Username | Content | NPI | |
| Vehicle Identification Number (VIN) | Content | PII | NPI |
| Vehicle Registration | Form | NPI | |
| W-2 | Form | NPI |
What is a false positive Data Loss Prevention (DLP) ticket?¶
These tickets are most likely not false positives, but rather Coro is generating data monitoring tickets according to your enabled monitoring options under Endpoint Data Governance.
Note
Coro’s Endpoint Data Governance monitors storage of privacy-sensitive data on endpoint device drives, detected by remotely initiated scans.
To configure Endpoint Data Governance data monitoring in Coro:
-
Select Control Panel from the toolbar:
-
Select Endpoint Data Governance:
-
Enable or disable each option as applicable to your needs.
Can I exclude certain indicators to limit the number of tickets generated by Coro?¶
Yes, you can exclude Endpoint Data Governance monitoring options.
To exclude Endpoint Data Governance monitoring options:
-
Select Control Panel from the toolbar:
-
Select Endpoint Data Governance.
-
Disable the desired monitoring options:
Is there a document available that details how Coro helps companies follow the National Institute of Standards and Technology (NIST) framework?¶
See the Federal Information Security Modernization Act (FISMA) compliance document.
FISMA aims to reduce the potential risk of unauthorized data use, and to develop, document, and implement an information security and protection program disclosure. The governed federal agencies need to comply with the information security standards guidelines, and mandatory required standards developed by NIST.
What is data loss prevention (DLP)?¶
DLP is a cybersecurity strategy and set of tools aimed at safeguarding sensitive information from unauthorized access, sharing, or theft within an organization.
Coro's Endpoint Data Governance enables admin users to remotely scan endpoint devices for storage of:
-
PII (personally identifiable information)
-
PHI (protected health information)
-
PCI (payment card information)
-
NPI (non-public information)
For further information, see Introducing Endpoint Data Governance.