The purpose of file scans (on endpoint device drives and in general) is to identify files containing sensitive information so that admin users are notified of potential risks and can take appropriate measures to protect the sensitive information in question, by either:
Adjusting data governance permissions
Taking measures prescribed by their organization's data governance policy
It is not necessary to detect all occurrences of each type of sensitive information within a given file for that, so Coro limits the number of such detected occurrences to optimize performance and (in the case of endpoint devices) improve end-user experience.
Coro recognizes US social security numbers (SSNs). Coro additionally detects SSNs on a predefined list of keywords if the SSN is in an unrecognized format.
Tickets containing sensitive information, but do not require manual review by admin users, are automatically closed.
Such tickets are included in the Coro console ticket log for audit, monitoring, analysis, and to satisfy regulatory compliance requirements. They are typically triggered automatically by events such as the detection of sensitive information in an email, file, or file sharing. Some examples of this type of ticket include:
Personal data: IP and MAC address.
Non-public data: Monthly payment (financial content) and email address.
Health data: Medical Records Number (MRN).
Coro can identify stored sensitive information on user devices that potentially violate one or more regulatory or data compliance standards. Such information falls into one of the following categories:
Personal data: Information connected to a specific individual that can be used to uncover that individual's identity, such as full name, email address, passport number, or social security number.
Credit card data: A set of security standards created by major credit card providers designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
Health data: Data collected, stored, used, or transmitted during the provision of health care services. This data includes patient name, medical history, and health insurance information.
Non-public data: Personal financial data that is collected and stored by financial institutions. NPI is a combination of PII and other indicators. For example, social security numbers are PII indicators, but in combination with credit card information, they are also classified as NPI.
To see the full list of sensitive information detectors that Coro can identify, see Sensitive data recognized by Coro.
These tickets are most likely not false positives, but rather Coro is generating data monitoring tickets according to your enabled monitoring options under Endpoint Data Governance.
Coro’s Endpoint Data Governance monitors storage of privacy-sensitive data on endpoint device drives, detected by remotely initiated scans.
To learn more about configuring Endpoint Data Governance data monitoring in Coro, see Sensitive data settings.
Yes, you can exclude sensitive data types in your Endpoint Data Governance settings.
To learn more about configuring Endpoint Data Governance settings in Coro, see Sensitive data settings.
See the Federal Information Security Modernization Act (FISMA) compliance document.
FISMA aims to reduce the potential risk of unauthorized data use, and to develop, document, and implement an information security and protection program disclosure. The governed federal agencies need to comply with the information security standards guidelines, and mandatory required standards developed by NIST.
Endpoint Data Governance tickets are only created from data in english.
Endpoint Data Governance can process standalone image files but does not support scanned PDFs or images embedded in documents such as Microsoft Word files.
To enable image file scanning on endpoint devices, make sure that Tesseract is installed on all affected devices. For more information, see Installing Tesseract on Windows or Installing Tesseract on macOS.
Coro does not support image file scanning on Linux devices.
The supported image formats are:
- jfif
- jpeg
- jpg
- png
- tiff
- webp
- x-portable-anymap
- x-portable-bitmap
- x-portable-graymap
- x-portable-pixmap
Endpoint Data Governance can analyze SQL code found in shared files; however, it cannot scan SQL code embedded in the stored procedures of database systems.
Coro detects sensitive data types specific to multiple regions. This includes data such as national ID numbers, passport numbers, driver's licenses, tax identifiers, and healthcare data. Each data type is classified by regulatory category and regional format to support compliance with local privacy laws.
For more information, see Sensitive data recognized by Coro.