Educause Security Discussion mailing list archives
Re: PII Scanning Recommendations
From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Fri, 9 Sep 2011 08:07:45 -0500
Thought I'd add in another headache I forgot to mention the first time around. With SENF, we set our minimum detection level to 5 to make sure we don't miss any smaller lists (the default is 15). The standard SSN seed that comes with SENF apparently picks up on the item location information in the header of all the newer format (docx, xlsx, etc.) Microsoft Office documents and flags it as a match. There are more than 5 of these in each of those format document. So every newer Microsoft Office document gets flagged as a PII match. You can imagine how this works out on a file server. Yeeesh! Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu *P* Save a tree. Please consider the environment before printing this message. On Fri, Sep 9, 2011 at 7:45 AM, Youngquist, Jason R. <jryoungquist () ccis edu>wrote:
Drew,**** ** ** I’m in the same boat as well. We just started using Spider 2008 (the non-beta, the beta one crashed to much) to do some scanning, and it’s free, but like you said tons of false positives and I actually did a test with some well –known file types, putting test SSNs and credit card numbers in them and Spider only found out about half of them. So, even after I run a Spider scan on a server, it still doesn’t give me a great feeling knowing that it could be missing a lot of things.**** ** ** So if you find an upper-middle class PII scanner that doesn’t cost as much as the commercial products you mentioned, I’d be interested in as well.*** * ** ** ** ** Result of my test.**** **** ** ** Jason Youngquist, CISSP**** Information Technology Security Engineer**** Technology Services**** Columbia College**** 1001 Rogers Street, Columbia, MO 65216**** (573) 875-7334**** jryoungquist () ccis edu**** http://www.ccis.edu**** ** ** *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Drew Perry *Sent:* Thursday, September 08, 2011 4:42 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] PII Scanning Recommendations**** ** ** I'm in the middle of our quarterly PII scans to our web-facing data servers. Typically we scan with a combination of SENF and Spider, while I manually audit the results (i.e. check each and every file myself). As I'm sure you all know, this results in a HUGE list of false-positive reviews. As yet, we do not have a large budget for this aspect of Information Security. I have investigated PII products like Seek-N-Secure and Identity Finder, which are infinitely better. But in the cost/benefit analytical world of "So we have one that works for free, but costs your time; or we can spend $10,000 or so for better tools for each of our data servers...." And I'm sure you know who wins out.**** ** ** So my question is this: What are you guys doing? Has anyone come up with a middle-ground solution to this problem? The free tools are good, not great, but free. The expensive tools are great, not perfect, but expensive. What's the upper-middle class response to PII scans?**** Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu**** ** ** *P* Save a tree. Please consider the environment before printing this message.**** ** **
Current thread:
- PII Scanning Recommendations Drew Perry (Sep 08)
- Re: PII Scanning Recommendations Mclaughlin, Kevin (mclaugkl) (Sep 09)
- Re: PII Scanning Recommendations Mclaughlin, Kevin (mclaugkl) (Sep 09)
- Message not available
- Re: PII Scanning Recommendations Drew Perry (Sep 09)
- Re: PII Scanning Recommendations Mclaughlin, Kevin (mclaugkl) (Sep 09)