Enterprise Recon 2.5.0

ER 2.5.0 Release Notes

The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon 2.5.0.

For a quick view of the changes since the last Enterprise Recon release, see Summary of Changes.

Contents:

  1. Highlights
  2. Important Notes
  3. Changelog
  4. Features That Require Agent Upgrades

New Features

Official Support for Investigate in Enterprise Recon PCI

PCI The Investigate page is now available in Enterprise Recon PCI edition. With the Investigate page, you get a contextual view of sensitive data findings across all the storage locations in your organization. For example, are there common procedural gaps in specific departments or sites with the highest number of sensitive data matches? Are remediation efforts effectively implemented across all servers in the organization?

The built-in features in the Investigate page provide more granular control for you to parse, filter, sort and review match results to suit your requirements and context. The single integrated view of all Targets in the Investigate page also allows you to easily remediate and generate custom match reports for multiple Targets with a single click.

For more information on the full suite of features available, see Investigate.

Improved Support for Local Process Memory Scanning on Linux Systems

The local process memory module in Enterprise Recon 2.5.0 has been optimized to detect and scan only allocated memory pages for Linux servers running on kernel version 2.6.25 and above. For Target systems where the scanning engine is unable to accurately determine if a memory page is allocated, Enterprise Recon 2.5.0 reads and scans each memory mapping up to the defined memory size limit. This helps to mitigate or reduce the impact on Target systems where the scanned process allocates memory maps unnecessarily when reading unavailable memory pages.

Processes using memory mapping sizes that exceed the defined limit and cannot be fully scanned will be reported as inaccessible locations.

New Platform Integrations

Identify and Secure Sensitive Data in Salesforce

NEW The digital transformation drive in customer relationship management (CRM) has led to the increased adoption of integrated CRM systems across organizations of all sizes and industries. With integrated CRM systems, a wealth of customer data from various communication channels are stored in a centralized location, making CRM systems a lucrative target for hackers.

With Enterprise Recon 2.5.0, you can identify sensitive data in your Salesforce Standard Objects (including Salesforce Files and Chatter), Custom Objects and Big Objects, and mark these locations for further action. The Salesforce module gives you the flexibility to scan all or specific Objects in your organization's production and sandbox environments.

An Agent Upgrade is required to scan Salesforce Targets. See Salesforce for more information.

Scan the Newest Windows and macOS Devices

NEW With Enterprise Recon 2.5.0, you can now scan workstations and servers that are running the latest operating systems for Windows and macOS - Windows 11, macOS Big Sur 11.5 and macOS Monterey 12.0.

All three newly added Target platforms support local scanning, agentless scanning, and remote scanning via SSH.

Enterprise Recon 2.5.0 also introduces local scanning support for macOS Catalina 10.15 Targets.

An Agent Upgrade is required to scan Windows 11, macOS Catalina 10.15 (local scanning), macOS Big Sur 11.5 and macOS Monterey 12.0 Targets.

Important Notes

CRITICAL: One Way Upgrade to Enterprise Recon 2.5.0

Certain data sets, storage formats and components for the Master Server have been updated in Enterprise Recon 2.5.0. Therefore once the Master Server is updated from ER 2.4 (and below) to ER 2.5.0, the datastore is not backward compatible and downgrading ER 2.5.0 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance with upgrading the Master Server.

Upcoming End-of-Support Platforms and Features

The following platforms and/or features will reach end of support and be removed in a subsequent release of Enterprise Recon:

  • Linux 2.4 node agents
    To continue scanning Linux server Targets, install the Linux 2.6 node agent instead.
  • Email Targets
    • Microsoft Exchange (EWS)
      To continue scanning the Microsoft Exchange Server, use the Exchange Domain protocol instead.

Changelog

The Changelog is a complete list of all the changes in Enterprise Recon 2.5.0.

What’s New?

  • New Platform Integrations
    • NEW Salesforce
    • NEW Windows 11
    • NEW macOS Big Sur 11.5
    • NEW macOS Monterey 12.0
  • Added:

Enhancements

  • Improved Features:

    • NEW You can now perform local scans for macOS Catalina 10.15 Targets. Requires macOS Agents.
    • Improved performance with up to 30% lower memory usage when processing scan results for Enterprise Recon PCI and Enterprise Recon PII editions.
    • ER2 has been enhanced to (i) improve the performance of scans at the post-processing stage, and (ii) reduce the response time for the Match Objects and Remediation APIs.
    • Clearer messaging when logging Inaccessible Locations for errors related to encrypted MS Excel file formats.
    • Minor UI enhancements.

Bug Fixes

  • Authentication operations with Exchange Online would fail due to expired refresh tokens when scanning very large mailboxes or complex files, interrupting the scanning progress of Exchange Online Targets.
  • Match samples displayed in Target reports may be corrupted if the Master Server does not have complete match data information for the location.

  • The Agent service would generate a failure and the scan schedule would be stuck at the "Loading" state if Windows Agents were used to perform agentless scans on Linux or Unix-type Targets.
  • When adding or editing a risk profile, the Risk Profile page would generate a failure and restart if a data type group was deleted after adding two or more groups for the data type criteria.
  • Processing scans for Targets with a very large number of match locations would be stuck at the post-processing stage and result in report service failures when hitting the system memory usage limit.
  • In certain scenarios, the web UI would generate a failure and restart due to segmentation fault errors.
  • In certain scenarios, authentication operations with Box Enterprise would fail due to invalid or expired refresh tokens. This would result in "400 Bad Request" errors and interrupt the scanning progress of Box Enterprise Targets.
  • The selected platform would not be saved correctly when changing the operating system assigned to the Target from the Edit Target > Change OS workflow.

  • Microsoft Outlook .MSG files would incorrectly display the "Masked" remediation status even though the masking operation did not complete successfully.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon 2.5.0:

  • NEW Users can now scan Salesforce objects and files. Requires Windows or Linux Agents, with or without database runtime components.
  • NEW Users can now scan Windows 11 Targets. Requires Windows Agents.
  • NEW Users can now scan macOS Big Sur 11.5 and macOS Monterey 12.0 Targets. Requires macOS Agents.
  • NEW You can now perform local scans for macOS Catalina 10.15 Targets. Requires macOS Agents.
  • The Agent service would generate a failure and the scan schedule would be stuck at the "Loading" state if Windows Agents were used to perform agentless scans on Linux or Unix-type Targets.
  • PRO Data Classification with MIP is now supported for match locations on Windows Share Targets. See Data Classification with MIP - Requirements for more information.
  • Microsoft Outlook .MSG files would incorrectly display the "Masked" remediation status even though the masking operation did not complete successfully.

For a table of all features that require an Agent upgrade, see Agent Upgrade.


PRO This feature is only available in Enterprise Recon PRO Edition. To find out more about upgrading your ER2 license, please contact Ground Labs Licensing. See Subscription License for more information.


Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon with forthcoming features, please email your interest to product@groundlabs.com.