Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Classifying Content > Database fingerprinting > Preparing for database fingerprinting > Selecting the data to fingerprint
Selecting the data to fingerprint
Administrator Help | Forcepoint DLP | Version 8.7.x
Fingerprinting is a powerful means of data monitoring and protection, but the processing can be time-consuming. For this reason, carefully consider what information to fingerprint.
When selecting the data to fingerprint, follow the rules below to achieve the right balance between optimal performance and accurate detection of your sensitive data.
1. Avoid fingerprinting short values
Fingerprinting columns with short field values can lead to multiple false-positive incidents.
For numeric fields, we recommend that you fingerprint values with 5 digits and higher (>=10000) because:
*
4 digits easily match years (frequently appearing in email)
*
3 digits are quite common
*
1 and 2 digits numbers match days of month
The validation script template is a script that removes numbers with values less than the configured minimum (see Patterns & Phrases for more details).
 
* 
Note 
If you must fingerprint a numeric column and removing numbers is not an option, please make sure that this column is always combined with another in the policy rule. For example, if it is an account number field, combine it with the Name, Address, or SSN of the person owning the account.
For non-numeric fields, we recommend that you fingerprint values with 4 or more characters. The reasoning is that:
*
3 letters are commonly used in abbreviations (TLA - Three Letters Abbreviation)
*
2 letters match U.S. states, country codes, etc.
*
1 letter has no real meaning
The validation script template removes non-numeric fields shorter than the configured length in characters.
 
* 
Note 
If you must fingerprint a non-numeric column and removing values is not an option, please make sure that this column is always combined with another in the policy rule. For example, if it is last name field, combine it with the first name, address or SSN of the person owning the account. Regardless, do NOT fingerprint fields shorter than 3 characters.
2. Avoid fingerprinting columns with repetitive values
Columns having repetitive values are quite common in databases. Fingerprinting such columns may cause performance issues both during the fingerprinting stage and real-time analysis. Fingerprinted repetitive fields may lead to large amounts of records matching analyzed transactions, and it will take time for the policy engine to go over the results.
For now, Forcepoint recommends that you avoid fingerprinting columns with repetitive values. Many times, such columns have a very limited range of values, and they actually can be turned into a dictionary and attached to other policy rules in a database policy.
3. Avoid fingerprinting uninteresting/irrelevant values
Some database tables/CSV files may contain values that should be ignored and excluded from fingerprinting. For example, a table may contain a value of 'N/A' instead of valid SSN. Looking through incidents (after the data was fingerprinted), you may locate additional candidates for ignoring.
The validation script template (described under Creating a validation script) allows you to ignore values that are specified in an external "ignored dictionary" file. If preferred, you can write your own scripts that filter any custom type of irrelevant data.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Classifying Content > Database fingerprinting > Preparing for database fingerprinting > Selecting the data to fingerprint
Copyright 2020 Forcepoint. All rights reserved.