PII Scanning Recommendations

[Drew Perry <aperry () MURRAYSTATE EDU>]

I'm in the middle of our quarterly PII scans to our web-facing data servers.
Typically we scan with a combination of SENF and Spider, while I manually
audit the results (i.e. check each and every file myself). As I'm sure you
all know, this results in a HUGE list of false-positive reviews. As yet, we
do not have a large budget for this aspect of Information Security. I have
investigated PII products like Seek-N-Secure and Identity Finder, which are
infinitely better. But in the cost/benefit analytical world of "So we have
one that works for free, but costs your time; or we can spend $10,000 or so
for better tools for each of our data servers...." And I'm sure you know who
wins out.

So my question is this: What are you guys doing? Has anyone come up with a
middle-ground solution to this problem? The free tools are good, not great,
but free. The expensive tools are great, not perfect, but expensive. What's
the upper-middle class response to PII scans?

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

*P*  Save a tree. Please consider the environment before printing this
message.