Enterprise Recon 2.4
ER 2.4 Release Notes
The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon 2.4.
For a quick view of the changes since the last Enterprise Recon release, see Summary of Changes.
Contents:
New Features
Monitor and Prioritize Risk Areas with the Risk Dashboard
PRO In today's ever-evolving cyber security threat landscape, organizations need the capability to manage sensitive data risks quickly and effectively.
The Risk Dashboard in Enterprise Recon 2.4 helps organizations achieve this by providing a visual overview of the risks surrounding their sensitive data, all in one place. The Risk Dashboard summarizes key information including high risk target locations and the risk level trend over time, allowing you to easily monitor, prioritize and manage the sensitive data risks across your organization.
See Dashboard - Sensitive Data Risks and Risk Mapping for more information.
Customizable Settings for Delegated Remediation
PRO Enterprise Recon 2.4 offers several improvements to the Delegated Remediation feature. The new Delegation Management page enables Global Admin and System Manager users to (i) customize the default subject and contents of the notification email that is sent to delegatees, and (ii) configure the link validity of delegated remediation tasks.
In the Tracker page, the relative remediation progress is displayed in the "Remediated Locations" column. Besides that, delegators now have the option of deleting active or expired tasks using the "Trash" function.
See Delegated Remediation for more information.
Control Access to Sensitive Data on macOS Targets
PRO The Data Access Management feature is now supported for macOS Targets, allowing you to control access to sensitive data on macOS file systems to further your organization's efforts in meeting compliance requirements.
On top of the existing feature capabilities, you can configure Enterprise Recon to send alerts or emails to notify specific users whenever any Access Control operations are taken for selected Target locations. The feature has also been enhanced to reflect a user or user group's effective access permissions for match locations in Windows file systems.
See Data Access Management and Notification Policy for more information.
Bulk Operations for Faster Remediation, Classification, and Access Control
This release includes a major architectural change which improves how Enterprise Recon manages Remediation (e.g. Masking, Delete Permanently, Encryption, and Quarantine), Data Classification with MIP, and Access Control (collectively referred to as "post-scan remediation") operations on sensitive data locations.
With the previous approach, only one post-scan remediation job could be executed at a time. This meant that the time required to serially execute and process the results for post-scan remediation operations may increase significantly when a large number of locations were involved.
The enhancements in Enterprise Recon 2.4 significantly speeds this up by enabling post-scan operations to be processed in batches while removing the requirement to reinitialize the remediation engine for each operation.
An Agent Upgrade is required to take advantage of this capability in ER2.
Improved Support for Teradata Databases
The Enterprise Recon 2.4 Teradata database module has been updated from using the "NOSPOOLONLY" to "NOSPOOL" option. This allows data to be exported with and without spooling when scanning Teradata databases that use the FastExport utility. In addition, pagination is now supported for Teradata databases using FastExport connections to enable tables to be queried by partition. This helps to reduce the risk of scanning failures if the allocated spool space is insufficient when spooling data for large tables.
The fix for adding and probing Teradata databases that are running on non-default listener ports is also included in this release.
New Data Types
NEW The 12-digit Indian Aadhaar number is a unique identification number for all residents of India. It serves as a universal proof of identity which can be linked to an individual's driving license number, permanent account number (PAN), filed income tax returns, bank account numbers, mobile phone numbers, insurance policies, mutual fund investments, and more. While enrollment is voluntary, there are currently more than 1.3 billion Aadhaar numbers in circulation, accounting for more than 90% of India's population.
As an Aadhaar number can expose so much sensitive personal information related to an individual, it is important to protect the security of Aadhaar numbers. With the new Indian Aadhaar Number data type in Enterprise Recon 2.4, you can scan, encrypt and control access1 to locations that store unsecured Aadhaar numbers to ensure compliance with the applicable data privacy laws.
Important Notes
CRITICAL: One Way Upgrade to Enterprise Recon 2.4
Certain data sets, storage formats and components for the Master
Server have been updated in Enterprise Recon 2.4.
Therefore once the Master Server is updated from ER 2.3.1 (and below) to
ER 2.4, the datastore is
not backward compatible and downgrading ER 2.4 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance
with upgrading the Master Server.
End-of-Support Platforms and Features in Enterprise Recon 2.4
The following platforms and/or features will reach end of support in Enterprise Recon 2.4:
- HP-UX node agents
- Microsoft Windows workstation / server Targets
- Windows XP Embedded
- Windows Vista
- Windows 7
- Windows Server 2003
- Windows Server 2008 32-bit
- macOS workstation Targets
- OSX Mountain Lion
- OSX Mavericks
- UNIX server Targets
- HP-UX
Only Remote SSH scans will be supported for HP-UX servers using Linux / UNIX proxy agents.
- FreeBSD 10
The minimum version to install node agents to run local scans is FreeBSD 11. Only Remote SSH scans will be supported for FreeBSD 10 servers.
- HP-UX
- Exchange Domain Targets
- Microsoft Exchange Server 2007
- Microsoft SQL database Targets
- Microsoft SQL 2005
Upcoming End-of-Support Platforms and Features
The following platforms and/or features will reach end of support in the next release of Enterprise Recon:
- Linux 2.4 node agents
To continue scanning Linux server Targets, install the Linux 2.6 node agent instead.
- Email Targets
- Microsoft Exchange (EWS)
To continue scanning the Microsoft Exchange Server, use the Exchange Domain protocol instead.
- Microsoft Exchange (EWS)
Changelog
The Changelog is a complete list of all the changes in Enterprise Recon 2.4.
What’s New?
- New Data Types
- NEW Indian Aadhaar Number
-
Added:
- PRO The Risk Dashboard summarizes key information including high risk target locations and the risk level trend over time, allowing you to easily monitor, prioritize and manage the sensitive data risks across your organization. See Dashboard - Sensitive Data Risks for more information.
Enhancements
- Improved Features:
- Enterprise Recon 2.4 has an updated Dropbox Business and Dropbox Personal module which requires the latest access token for authentication. Previous access tokens will no longer be supported by Enterprise Recon from September 2021. To continue scanning Dropbox Business and Dropbox Personal Targets without interruption, (i) upgrade the Master Server, and (ii) update Dropbox credential sets added in earlier versions of Enterprise Recon by performing re-authentication. See Re-authenticate Dropbox Credentials for more information.
-
You can now scan Notes data in Exchange Online Targets.
- The secure location specified when performing a Quarantine remediation action will be automatically created if the path does not exist.
- Improved performance with respect to memory consumption and better handling of datastore connections for terminated user sessions.
-
Improved handling of data allowance accounting in the event of a scanning engine failure.
- The Data Classification with MIP feature has been enhanced to (i) display clearer messaging when applying classification labels with encryption that require file protection, and (ii) support backward compatibility with earlier Agent versions. This enhancement also requires the MIP Runtime Package to be updated.
- You can now Control Access to sensitive data files on macOS Targets. See Data Access Management for more information.
- You can now refine the results view in the Investigate page to display locations that have been assigned for delegated remediation with the "Delegated" operation status filter.
- Users with Global Admin or System Manager permissions can now customize the default email subject, email message, and link validity for delegated remediation tasks. See Managing the Delegated Remediation Task Settings for more information.
- You can now scan unlicensed shared mailboxes in Exchange Online Targets.
- The "Delegated Locations" column in the Tracker page has been enhanced to display the total number of remediated locations over the total number of assigned locations for a Delegated Remediation task.
-
You can now delete expired or active Delegated Remediation tasks from the Tracker page.
- ER2 has been enhanced to support bulk operations to improve the performance and results processing for Remediation, Classification and Access Control actions. An Agent Upgrade is required to enable this capability in ER2.
- The Data Access Management feature has been enhanced to reflect a user or user group's effective access permissions for match locations in Windows file systems.
- Pagination is now supported for Teradata databases using FastExport connections to enable tables to be queried by partition. This helps to reduce the risk of scanning failures if the allocated spool space is insufficient when spooling data for large tables.
- You can now configure alerts and notification emails for Access Control operations (e.g. "Access Control Completed", "Access Control Failed"). See Notification Policy for more information.
- The Microsoft SQL database module has been enhanced to identify and convert UTF-16 encoded data stored in non-Unicode columns. This enables ER2 to scan the table data in-place and not be treated as BLOBs.
- Enhanced the Oracle database Target Report to use the "ROWID" as the unique identifier for match locations found in tables using composite keys.
- Added the "dosfstools" package in the ER2 ISO installation media to enable installations of ER2 on certain bare metal systems.
- Minor UI enhancements.
Bug Fixes
- Scanning tables containing non-BLOB data for Teradata Targets that were added to ER2 using the host's fully qualified domain name (FQDN) would return the "FastExport exited with non zero exit code: 12" error.
- The web UI would generate a failure and restart if any text was provided in the "Please sign-off to confirm reassign" field before ER2 had finished retrieving access permission information for all selected locations. The failure would happen when trying to Control Access to a Target with a large number of locations with (mostly) similar access permission sets across all locations.
- Teradata database Targets could not be added or probed successfully when the custom port option was specified in the "Path" field.
- The "Status" and "Sign-off" columns in the Investigate page did not get updated for Classification operations.
- Incorrect Access information was displayed in the Investigate page if the file owner did not have permissions to a file, but belonged to a user group with any level of access permissions to it. This only impacted Target locations on Linux / Unix file systems.
- Azure Blobs larger than 4 MB in size could not be probed successfully.
- The Investigate page would fail to load if a match location contained certain Unicode characters.
- In certain scenarios, scanning Teradata databases would result in various FastExport errors and be logged as inaccessible locations. ER2 has been updated from using the "NOSPOOLONLY" to "NOSPOOL" option, allowing data to be exported with and without spooling when scanning Teradata databases using the FastExport utility.
- Clearer messaging for errors related to probing or scanning OneDrive Business Targets.
- The Target Group and Summary reports did not indicate the correct match count if match locations were remediated with the mark-only options.
- Agent host machines were not added as Targets even though the "Create a target defaulting to group <Target Group Name>" option was selected when using the "Verify All" feature. This may occur when using the "Verify All" feature for thousands of unverified Agents.
- Files would be partially scanned if HTML tags and the "&" symbol were detected in the contents of the file.
- File contents could not be decoded properly and would cause scans to stall when scanning certain types of compressed PDFs with repeated elements (e.g. images, tables, attachments).
Features That Require Agent Upgrades
Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon 2.4:
- The secure location specified when performing a Quarantine remediation action will be automatically created if the path does not exist.
- The Data Classification with MIP feature has been enhanced to (i) display clearer messaging when applying classification labels with encryption that require file protection, and (ii) support backward compatibility with earlier Agent versions. This enhancement also requires the MIP Runtime Package to be updated.
- ER2 has been enhanced to support bulk operations to improve the performance and results processing for Remediation, Classification and Access Control actions. An Agent Upgrade is required to enable this capability in ER2.
For a table of all features that require an Agent upgrade, see Agent Upgrade.
PRO This feature is only available in Enterprise Recon PRO Edition. To find out more about upgrading your ER2 license, please contact Ground Labs Licensing. See Subscription License for more information.
Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon with forthcoming features, please email your interest to product@groundlabs.com.