Re: PII Scanning Recommendations

[Drew Perry <aperry () MURRAYSTATE EDU>]

Thought I'd add in another headache I forgot to mention the first time
around. With SENF, we set our minimum detection level to 5 to make sure we
don't miss any smaller lists (the default is 15). The standard SSN seed that
comes with SENF apparently picks up on the item location information in the
header of all the newer format (docx, xlsx, etc.) Microsoft Office documents
and flags it as a match. There are more than 5 of these in each of those
format document. So every newer Microsoft Office document gets flagged as a
PII match. You can imagine how this works out on a file server. Yeeesh!

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

*P*  Save a tree. Please consider the environment before printing this
message.



On Fri, Sep 9, 2011 at 7:45 AM, Youngquist, Jason R.
<jryoungquist () ccis edu>wrote:

>  Drew,****
>
> ** **
>
> I’m in the same boat as well.  We just started using Spider 2008 (the
> non-beta, the beta one crashed to much) to do some scanning, and it’s free,
> but like you said tons of false positives and I actually did a test with
> some well –known file types, putting test SSNs and credit card numbers in
> them and Spider only found out about half of them.  So, even after I run a
> Spider scan on a server, it still doesn’t give me a great feeling knowing
> that it could be missing a lot of things.****
>
> ** **
>
> So if you find an upper-middle class PII scanner that doesn’t cost as much
> as the commercial products you mentioned, I’d be interested in as well.***
> *
>
> ** **
>
> ** **
>
> Result of my test.****
>
> ****
>
> ** **
>
> Jason Youngquist, CISSP****
>
> Information Technology Security Engineer****
>
> Technology Services****
>
> Columbia College****
>
> 1001 Rogers Street, Columbia, MO  65216****
>
> (573) 875-7334****
>
> jryoungquist () ccis edu****
>
> http://www.ccis.edu****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Drew Perry
> *Sent:* Thursday, September 08, 2011 4:42 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] PII Scanning Recommendations****
>
> ** **
>
> I'm in the middle of our quarterly PII scans to our web-facing data
> servers. Typically we scan with a combination of SENF and Spider, while I
> manually audit the results (i.e. check each and every file myself). As I'm
> sure you all know, this results in a HUGE list of false-positive reviews. As
> yet, we do not have a large budget for this aspect of Information Security.
> I have investigated PII products like Seek-N-Secure and Identity Finder,
> which are infinitely better. But in the cost/benefit analytical world of "So
> we have one that works for free, but costs your time; or we can spend
> $10,000 or so for better tools for each of our data servers...." And I'm
> sure you know who wins out.****
>
> ** **
>
> So my question is this: What are you guys doing? Has anyone come up with a
> middle-ground solution to this problem? The free tools are good, not great,
> but free. The expensive tools are great, not perfect, but expensive. What's
> the upper-middle class response to PII scans?****
>
>
> Drew Perry
> Security Analyst
> Murray State University
> (270) 809-4414
> aperry () murraystate edu****
>
> ** **
>
> *P*  Save a tree. Please consider the environment before printing this
> message.****
>
> ** **