BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Data Discovery using the Retina Network Security Scanner

Posted May 9, 2013    Morey Haber

One of the challenges facing every organization is locating where Personally Identifiable Information (PII) resides on workstations and servers. This data, by nature, is sensitive. However, if this data is not properly being tracked, secured, or even encrypted it can result in data loss. This type of data loss can result in a violation of various industry and government regulatory initiatives such as PCI and HIPAA. The process of finding and reporting where this information resides is called Data Discovery.

Many solutions that perform Data Discovery require the deployment of a persistent agent on a host in the form of a DLP (Data Loss Prevention) solution or a network based scanning solution that remotely crawls the file system and opens every file across the network and inspects the contents for PII. Both solutions are less than ideal as they require another agent on the asset and management infrastructure or they need secure access to a remote file system. Furthermore, they additionally require the opening and closing of every file remotely to verify the contents. This can be very time consuming, network intensive, and could result in sensitive data being opened over potentially insecure network paths.

With the Retina Network Scanner version 5.19.0 (and higher), BeyondTrust proudly introduces the most flexible solution to enumerate the contents of files on Windows targets utilizing the Retina Local Scanning Service.

The Retina Local Scanning Service (RLSS) provides the ability to perform local tasks on the target being scanned. Such tasks include the ability to control and execute console commands. As such, the RLSS is a temporary service that is deployed, performs an action, and then is removed. The use of RLSS adds greater flexibility to the type and depth of information that Retina can gather.

RLSS functionality now includes the ability to audit for Personally Identifiable Information (PII) on remote targets.  This functionality is supported at the Retina audit level and supports the following personal information:

RNSS-Personal-Information-Support

If Personally Identifiable Information is discovered, the exact PII string is not written back to the Retina Network Security Scanner User Interface or Retina CS (will require version 4.5; coming soon). This is intentional. Consider recording the finding and spreading the discovered PII across the network (due to the Data Discovery itself) and storing it again in yet another solution. The Data Discovery process itself made the PII data leak situation worse. Instead, Retina provides full details of the filename and path and the type of content that was discovered. This is illustrated below:

Data Discovery using the Retina Network Security Scanner

The Retina Network Security Scanner has solved the problem of data discovery in a more secure and efficient method than the most common tools on the market. Using the advanced dissolvable scanning capabilities of RLSS, a vulnerability assessment scan can now find sensitive data, report on the asset, and identify the file, path, and type of data discovered. This answers the question of where my sensitive data is at rest and helps meet regulatory initiatives that require the identification and protection of personally identifiable information.

Watch the product video now >

For more information on the Retina Network Security Scanner or Retina CS, please click here.

Tags:
, , , , , ,

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,