Tech Tip: How to Mask Sensitive Data Before It Is Sent to a Tool

Does your organization handle sensitive data on a daily basis? If so, compliance can be a thorn in your side. The reason: Where sensitive data appears in packets can be a mystery, making it difficult to identify and protect.

Fortunately, Gigamon GigaVUE® devices equipped with the GigaSMART® Adaptive Packet Filtering feature can search through packets for sensitive data and mask it before it’s sent to a tool.

All you have to do is specify the certain sequence of data that you want masked. This data pattern will then be overwritten with a configurable 1‐byte mask (such as 00 or FF), regardless of where the original pattern appears in the packet. As an alternative, you can also specify a particular section of the packet (for example, between byte offset 60 and 80 in the IP packet).

As an added benefit, you don’t need to know the exact value of the data that needs to be masked, as long as the format of the pattern is known. For example, you can specify that all IP packets known to contain Social Security numbers in the format xxx‐xx‐xxxx (where each “x” is a digit) will be replaced with a configurable mask.

For more details, refer to the “Masking with Pattern Matching” section of the GigaVUE‐OS CLI User’s Guide, which you can find in the Gigamon Customer Portal.

Comments are currently closed.