Educause Security Discussion mailing list archives
Re: Identity Finder
From: Richard A MacLaughlin <ramaclau () VALDOSTA EDU>
Date: Tue, 5 Jan 2010 10:41:11 -0500
This might actually be in response to a message I sent the listserv right before the Christmas break. I still have to look through all the responses I got because there was a lot of useful information. Richard A. MacLaughlin Information Security Valdosta State University Phone: (229) 333-5974 Fax : (229) 245-4349 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Felecia Vlahos Sent: Saturday, December 19, 2009 7:15 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Identity Finder Randy, We are using the free find_ssn at San Diego State University in conjunction with commercial RSA DLP (previously Tablus Content Sentinel). We did a detailed analysis of several products in 2008 and RSA DLP came out slightly better than Identity Finder. We tested multiple platforms, deployment methods (i.e. enterprise versus each system), software dependencies, file types, and SSN configurations. VT Spider was an amazing product for free, great work! We had an "up and coming" product, Safe Vantage Deep Scout, that was good but not as full featured as the other commercial products. The RSA DLP campus license was ridiculous, (like $300,000 ridiculous) so we bought 2500 clients and we are passing them around to each area to scan sections at a time of our campus. In the meantime we have advised the entire campus use find_ssn to immediately locate and remove legacy SSN data. We're making better progress with the free product than the commercial (mostly due to reduce staffing in this budget crisis). We have DLP RSA locked in with maintenance for the next two years and then we plan to review updates to products, including Safe Vantage. I'll share the report with anyone interested. If anyone does a likewise detailed analysis, I'd appreciate a copy as I lost my staff that did the original work. Another plug for VT Spider, we use it as a double check on incidents and in every case it found all the data, even Word Perfect files, and SSNs broken across columns in excel. Worst false positives were in geology (latitudes and longitudes). Thanks, Felecia Vlahos San Diego State University fvlahos () mail sdsu edu On Fri, 18 Dec 2009 06:37:24 -0800, randy marchany <marchany () vt edu> wrote:
We wrote one of the freeware tools (Find_SSN, Find_CCN) and use IdentityFinder as well. IdentityFinder has the ability to be run on remote machines and some of our dept admins like that feature. The other tools don't have that ability. IdentityFinder does NOT run on Unix systems and since most of our database servers run on Unix/linux system, IdentityFinder doesn't help us there. The Windows version is excellent but I'm disappointed in the Mac version. Someone else mentioned the Mac version is a work in progress and I would agree with that assessment. It's still a very good product. Our Find_SSN/CCN tool runs on all platforms (Mac, Windows, Linux/unix). As far as false positives go, our tool is the best at reducing the number of false positives. The biggest complaint you will get from your users is "do I have to look at ALL of those files to see if there's sensitive data?". The answer is a) yes b) move all of those files into a folder and encrypt it and look for it later. All of the tools including ours will generate false positives. The key is having a sensitive data policy or standard in place. This will help you with users who don't want to look through all of them. The other problem with these tools is that none of them play well with Outlook/exchange .pst files which is probably where most of the sensitive data would be found in email attachments. I believe IdentityFinder requires you to log into Exchange first and that's their hook into .pst type files. My info may be dated but I believe it's still correct. This is the biggest issue with upper mgt. I would suggest building a test folder with regular files, Microsoft office files (.xls, .doc, Project, Visio, etc.), PDF files, .pst files, binaries, small database table) and run all of the tools against that folder and see the results. The advantage of the commercial tools include the report format (auditors will like it) but the freeware tools will simply generate a list of hyperlinks that point to the files in question. Randy Marchany VA Tech IT Security Office
-- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Current thread:
- Re: Identity Finder Richard A MacLaughlin (Jan 05)