Sensitive data, treated as a threat finding
The Data Classification hunt flags regulated data found out of place across your protected assets. PII, PCI, PHI, GDPR data, and credentials surface as Threat findings with file-level evidence, in the same queue as ransomware.
The question you cannot answer today
Regulated data drifts. It accumulates in export directories, archives, file shares, and the data your platform protects. No control in the security stack inspects those locations for content. When an incident occurs, the first question from the board, regulators, and insurers is what data was exposed. Most teams cannot answer it per asset, with evidence.
Why credentials matter
Credentials sitting in protected data are re-entry material for an attacker. They represent immediate operational risk and deserve the same remediation urgency as active malware.
Out-of-place sensitive data becomes a finding
You select, per policy, which data classes are treated as out of place on which assets. The Data Classification hunt inspects assets in scope and raises a Threat finding for any selected data type found. Findings carry severity, status, and ownership, and sit alongside ransomware, malware, and encryption findings.
Set policy
Choose the data classes that do not belong on the assets in scope.
Hunt
Elastio inspects file content across the assets the platform already protects. No agent, no new deployment.
Act on evidence
Each finding lists affected files with paths, sizes, timestamps, and match signals. Route to the data owner or export the sensitive files report.
Production-Isolated · Zero-Impact Scanning
Unlike legacy discovery tools that deploy intrusive host agents or stress production databases during operational hours, Elastio’s Data Classification engine relies entirely on our out-of-host, side-scanning architecture. By analyzing data copies completely isolated from your active application tiers, Elastio guarantees zero impact on live system resources and zero production performance degradation.
What it classifies
Five class libraries, applied per policy across the assets the platform already protects.
National identifiers, SSN, TIN, dates of birth, passport numbers, driver licenses
Comprehensive national libraries (e.g., SSN with context, US TIN, and alphanumeric drivers' license regex/checksum definitions across North America and Europe).
PAN, CVV, track data, cardholder names
Luhn algorithm checksum validations for Primary Account Numbers (PAN), alongside strict sequence distance indicators to isolate CVV blocks, magnetic track signatures, and proximate cardholder name blocks.
MRN, ICD and CPT codes, diagnosis notes, NPI
National Provider Identifier (NPI), Medical Record Numbers (MRN), and complete reference regex arrays for ICD-9/10-CM and CPT code patterns.
EU resident PII, behavioral profiles, IP addresses
Locality-specific European Union personal identifiers (including National Insurance Numbers, French INSEE, German Tax IDs), localized passport configurations, and structured IPv4/IPv6 address strings.
API keys, OAuth tokens, private certificates, cloud credentials, .env files
High-entropy cryptographic strings, private key blocks (PEM, DER), active cloud infrastructure API tokens (e.g., AWS Access Key IDs), OAuth authorizations, and exposed .env / database configuration strings.
Findings you can defend
Every classification finding is built for audit. File-level evidence shows exactly what was found and where. Suppressing a finding requires an explicit reviewed acknowledgment, and every suppression is recorded. When the question comes, the answer is on file.
File-level evidence
Path, size, timestamps, and specific match signals per file.
Auditable suppression
No silent dismissals. Every disposition is acknowledged and logged.
Exportable reporting
Sensitive files report per asset, ready for the data owner, the auditor, or the regulator.
Detection tells you the data is clean. Classification tells you what is inside it.
Classification runs inside the Hunt pipeline that already inspects your data estate. When a recovery point is compromised, you can state what regulated data sat inside it. An incident becomes a quantified exposure statement instead of an open question.
Board statement
“We inspect our protected data for regulated content, we treat out-of-place sensitive data as a security finding, and we can state exposure per asset with file-level evidence.”
Find out what sensitive data sits in your protected estate
See whether your recovery is provable, and where regulated content lives inside the data your platform already protects.
Get Started