Data Security
Announcing Card Recon and Enterprise Recon 1.16
Well it’s finally out. Our team has been working hard these past few months to complete this latest release of Card Recon and Enterprise Recon for all to enjoy and we must say, this is no ordinary release. Not only does it include the normal bevy of false positive updates, bug fixes and general improvements that you would expect, it also introduces a suite of major features which we know many of you, particularly those with larger environments have been asking for.
Deleted files, file slack space, and process memory scanning
Some of you may have noticed in the last 6 months we quietly introduced new scanning options for Card Recon to identify unencrypted cardholder data handling within process memory and deleted files that reside on unallocated disk sectors. Version 1.16 expands this capability further by adding detection within file slack space which is useful if you have files containing CHD which scale up and down in size.
Furthermore, we have now taken these features and fully integrated them into Enterprise Recon enabling detection of cardholder data within deleted files, slack file space, and process memory on remote systems where an Enterprise Recon agent is deployed.
Audio file scanning support
Do you run a contact centre, pay-by-phone IVR or record calls as part of quality assurance? Many organizations may not realize the impact call recording technologies have on PCI compliance scope, particularly when your customer provides cardholder information whilst the call being is recorded!
If the above scenario describes your situation, this feature becomes very relevant. The Audio File scanning feature enables both Enterprise Recon and Card Recon to detect cardholder data stored as DTMF (touch-button) tones within audio recordings. Try it within your call centre. The findings might surprise you.
Enterprise Recon's new features
Within this 1.16 release many advancements were made exclusively within Enterprise Recon due to the volume of feature requests Enterprise Recon customers submitted. These include:
- Remote File Content Viewer
For some time now we have planned a secure remote file content viewer within Enterprise Recon that functions similar to the Match Inspector found within Card Recon. The challenge our engineers faced was ensuring the feature does not impact your PCI compliance scope by storing, processing or transmitting cardholder data across the network between the Enterprise Recon Node agent and the Master Server/Reporting Console.
In short, we cracked it and have implemented an approach that dynamically masks the file content at the node before data is transmitted across the network. The result is you can now double-click on any file on a remote host to view the contextual data surrounding a finding without fear of more PCI compliance scope being introduced.
- Remote Secure File Delete
To complement the remote file viewer, we have bundled in a secure remote delete feature enabling Enterprise Recon administrators to permanently delete files where unencrypted cardholder data has been discovered on a remote system. This feature renders file data permanently unrecoverable should undelete or any other data recovery be attempted.
We believe this feature alone will greatly decrease remediation time to review and permanently delete files storing cardholder data residing across multiple systems on your network.
- Active Directory Integration
Enterprise Recon now supports authentication via Active Directory for console users to further enhance interoperability with your central PCI compliance controls including password management and user permission groups. Furthermore, large deployments will benefit from automatic Host Group Assignment using Active Directory host groups already established. This feature is a true time-saver for customers with a large number of hosts.
- Exchange 2010 Support and Exchange 2003 / 2007 Improvements
Support for identifying cardholder data within Microsoft Exchange mailboxes has been further enhanced with improvements to Exchange 2003 and 2007 database scanning support. This includes thorough scanning of each individual email within a given mailbox including attachments.
To extend on this capability, Enterprise Recon now provides full support for Exchange 2010 databases directly off the file system. This also includes scanning Microsoft backups of your Exchange Database when packaged into a BKF formatted file.
- Oracle, DB2, Sybase, Postgres, MySQL and MSSQL via ODBC
You asked. We delivered. Many customers indicated a desire to scan Oracle, DB2 and other enterprise databases. Whilst the existing default method of directly reading supported database file types natively off the disk is highly effective, we understand some still have a requirement to scan live databases via traditional ODBC. For this reason we have introduced ODBC support into Enterprise Recon enabling scanning of 5 additional database types. The compliance report will display a count of all findings including the location within the database where it was found.
- Major On-Screen Display Improvements
Since it’s original release, Enterprise Recon has supported scanning of various Database and email formats and displayed a detailed breakdown of locations where cardholder data was found.
Our interface designers have taken this a step further with a rework of the on-screen compliance report interface including the addition of a live file-by-file breakdown and visual data type markers such as email and databases. The updated layout displays a greater amount of information making it easier to understand and establish the true PCI compliance storage risks that exist on a given host.
Download now
Enterprise Recon users will find the upgrade process simple - just run the updated installer on your existing Master Server. Enterprise Recon will then automatically upgrade all nodes with the scanning engine update. In addition the update must also be installed on any host where the reporting console is installed.
To download the the latest version(s) of Card Recon or Enterprise Recon visit https://www.groundlabs.com/support
If you're considering Enterprise Recon for your own PCI compliance needs please contact us and our team will be happy to provide a free trial.