Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Product Review: Deepdive's DD300

Deepdive's DD300 appliance helps you identify and discover data on your network.



Deepdive Technologies
Price: $18,000

To protect the important data on your network, you have to be able to identify what information you care about, locate it and report. Deepdive's DD300 appliance helps you manage this daunting task with its powerful search capabilities.

Setup and Discovery B+  

The DD300 interface is a modern .NET Win32 application that installs in seconds. Built on proprietary Linux and hardware ASICs, the DD300 plugs passively into any network and readily accepts a DHCP address. Configuration walks you through all initial network settings. It can be up and running in minutes.

You can do network discovery or specify known targets. The DD300 will report all network file shares advertised on any host. Discovery is benign, using a standard RPC call requesting available shares. It's also quick, but enumerating the shares on the hosts does take time.

We conducted our test discovery on a local subnet using the range of IP address option. The resulting enumeration of the shares is displayed in the familiar tree layout.

Indexing B+  

Indexing is as easy as discovery and is accomplished in a single pass--simply check the hosts you want. You can select single or multiple hosts, even specific folders and subfolders.

At selection time, the DD300 will prompt you to mount the shares. There's some waiting if you are mounting dozens of shares.

The indexing configuration wizard takes you logically through a comprehensive sanity check to ensure you index only content you are interested in. To speed indexing, common .dll, binary and system files are excluded by default.

Searching A  

The DD300 search capabilities are so robust and dynamic you'd be hard-pressed to come up with any form of structured or unstructured data that can't be found. You want SSNs? DOB? Address, state, ZIP formats? Need to search .pst files for emails with certain content or keywords? No problem.

The query can be enhanced by enabling different search features. Stemming recognizes an equivalence between multiple grammatical forms, such as "library" and "libraries." Phonics, synonyms and "fuzzy" searching features find close matches.

The results show number of query hits, file name and type, network path, date created and date last modified.

In testing, our SSN search resulted in dozens of file matches in Excel spreadsheets, PDFs, and a PowerPoint file with an embedded chart.

One disappointment: We'd like to see NTFS file permissions as opposed to the document metadata because most documents are blank or inaccurate. This would help identify that data owner(s) for reporting or investigative purposes.

Reporting C+  

Reporting is not a strong point, although Deepdive has made some strides in providing a basic reporting function that's quick, easy and an effective communication tool for use with management.

The source information for reporting is taken directly from the column fields selected when viewing the results (number of query hits, file name and type, network path, etc.). So, you may need to revisit the columns you selected on the results view so the pertinent information you want is available to report on.

Reports can be exported to Excel or PDF, but the files are awkward and not succinctly formatted.


From discovery to indexing to searching and reporting, the DD300 is a versatile, intuitive and feature-rich data discovery device.

Testing methodology: We set up test file servers and workstations with data files across dozens of shares.

Article 7 of 15

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All