Enterprise Recon Cloud 2.13.0
ER Cloud 2.13.0 Release Notes
The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon Cloud 2.13.0.
For a quick view of the changes since the last Enterprise Recon Cloud release, see Summary of Changes.
Contents:
- Highlights
- Important Notes
- Enterprise Recon Cloud 2.13.0 Changelog
- Features That Require Agent Upgrades
New and Improved Features
Stronger PDF Scanning for Sensitive Data Discovery
The Portable Document Format (PDF) is one of the most widely used digital file formats; most contracts, reports, application forms, records, and many other documents are typically saved as PDF files. Because of the highly complex structure of the format, PDF files may contain sensitive data that can be easily missed or overlooked.
Understanding the need for more robust scanning capabilities, Enterprise Recon Cloud 2.13.0 now has improved capabilities to scan and identify sensitive information in PDF files.
Enhancements to PDF scanning include the following capabilities:
- Improved detection of sensitive data in plain (i.e., standard fonts) and stylized (e.g., custom or symbol fonts) texts.
- More effective detection of sensitive data in embedded images (the Enable OCR feature must be turned on).
- Expanded detection of sensitive data in interactive form elements such as text or fill-in fields.
- Improved detection of sensitive data in non-English characters (including, but not limited to, Turkish, Korean, and Arabic characters), whether in plain or stylized texts.
- Enhanced scanning capabilities for encrypted PDF files.
These PDF scanning improvements in Enterprise Recon Cloud address the often unpredictable data structures of PDF files, ensuring a more comprehensive coverage in data discovery.
A Windows or Linux Agent is required to take advantage of these enhancements in ER Cloud.
New Platform Integrations
Scan and Remediate the Latest macOS Version
NEW You can now scan and remediate macOS 15 (Sequoia) environments in Enterprise Recon Cloud 2.13.0. Scanning (local scanning, agentless scanning, and remote scanning via SSH), remediation, access control actions, data classification, and reporting features are supported for the newly supported operating system.
An Agent Upgrade is required to scan macOS Sequoia Targets.
Official Support for Azure File Share (SMB)
NEW SMB Azure file shares are now officially supported in Enterprise Recon Cloud 2.13.0 as a Network Storage Location.
To start scanning Azure file shares, see Network Storage Locations.
New and Improved Data Types
Detect Sensitive Medical Data
NEW In response to the rapid digital transformations of the medical industry and the increasing volume of medical data stored in digital systems, Enterprise Recon Cloud 2.13.0 introduces the new Drug Name data type, classified under the newly added Medical Data category.
The new Drug Name data type can detect (i) branded drug names registered in the US and the UK and (ii) generic drug names in the USAN, BAN, AAN, and WHO INN lists.
These enhancements are part of our ongoing efforts to expand discovery capabilities and align with industry standards.
Important Security Enhancements
Critical OS Security Updates
Security updates for Amazon Linux is available in Enterprise Recon Cloud 2.13.0. These critical updates address recently identified vulnerabilities and improve system stability.
To keep the Amazon Linux OS up to date, refer to Update the Amazon Operating System.
Important Module Updates
CRITICAL: Microsoft OneNote Re-authentication
Who needs to upgrade
All users who scan Microsoft OneNote Targets must upgrade to Enterprise Recon Cloud 2.13.0. Scanning OneNote locations is no longer possible in Enterprise Recon Cloud versions 2.12.1 and older.
If there are Microsoft OneNote locations included in your existing scan schedules (ongoing or not yet started), ER Cloud 2.12.1 and older will report them as inaccessible locations.
What are the changes in this release
The Microsoft OneNote Target in Enterprise Recon Cloud 2.12.1 and older uses the application permission tokens, which was recently deprecated by Microsoft.
In Enterprise Recon Cloud 2.13.0, the Microsoft OneNote module has been updated to use the more secure delegated permission tokens for authentication. This means that you will now be required to sign in with your Microsoft account to grant Enterprise Recon Cloud access to scan OneNote resources.
This is a critical upgrade and re-authentication requirement following Microsoft’s recent deprecation of authentication tokens with application permissions for Microsoft OneNote.
What needs to be done
To be able to scan Microsoft OneNote Targets:
- Upgrade the Master Server to the latest version. See Update ER Cloud.
- Update Microsoft OneNote credential sets added in earlier versions of Enterprise Recon Cloud by performing re-authentication. See Re-authenticate Microsoft OneNote Credentials.
- Create new single-Agent scans for:
- impacted Microsoft OneNote locations that were reported as inaccessible locations, and
- existing scans with OneNote locations. Existing scans (ongoing or not yet started) that include OneNote locations may be interrupted even after re-authenticating. Creating new scans to replace the existing ones ensures that the scans transition to the new authentication method and run successfully.
Early Access
The Early Access stage allows Ground Labs to collect a round of usability and performance feedback before a feature is made generally available.
If you would like to request access to any of the Early Access features, please get in touch with the Ground Labs Support Team for assistance.
Early Access Features
- Apache Hive - Enables sensitive data discovery on Apache Hive (and Cloudera Hive) database Targets.
Important Notes
CRITICAL: One Way Upgrade to Enterprise Recon Cloud 2.13.0
Certain data sets, storage formats and components for the
Master Server have been updated in
Enterprise Recon Cloud 2.13.0.
Therefore once the Master Server is updated from Enterprise Recon Cloud 2.12.1 to
ER Cloud 2.13.0, the
datastore is not backward compatible and downgrading
ER Cloud 2.13.0 to an earlier
version is not supported.
Please contact the Ground Labs Support Team
for assistance with upgrading the Master Server.
End-of-Support Platforms and Features in Enterprise Recon Cloud 2.13.0
The following platforms and/or features have reached end of support in Enterprise Recon Cloud:
- macOS Workstation Targets
- macOS Monterey 12
- Email Targets - Exchange Domain
- Exchange Server 2013
- Server Targets - Confluence On-Premises
- Confluence Data Center 7.4 LTS
- Confluence Data Center 7.19 LTS
- Server Targets - SharePoint Server
- SharePoint Server 2013
- Network Storage Locations - Hadoop Clusters
- Apache Hadoop 2.7
- Database Targets
- MySQL 5.7 and older
- Oracle Database 18c and older
Upcoming End-of-Support Platforms and Features
The following platforms and/or features will reach end of support and be removed in the upcoming Enterprise Recon Cloud release:
- Network Storage Locations - Hadoop Clusters
- Apache Hadoop 2.8
Changelog
The Changelog is a complete list of all the changes in Enterprise Recon Cloud 2.13.0.
What’s New?
- New Data Types
- NEW Drug Name
-
New Platform Integrations:
- NEW macOS Sequoia 15
Enhancements
-
Improved Features:
- Enterprise Recon Cloud 2.13.0 has been updated with clear messaging in the web UI and API beginning 30 days before the current ER Cloud license expires. With this change, users are now required to upload a new license to be able to continue accessing all Enterprise Recon Cloud web UI and API functionalities.
- Enterprise Recon Cloud 2.13.0 has improved the scanning and detection of sensitive data in PDF files with plain text and stylized or obscure text, embedded images, interactive form elements (e.g., text and fill-in fields), and sensitive data in non-English characters (including, but not limited to, Turkish, Korean, and Arabic characters) in plain or stylized text. This update also brings enhanced scanning capabilities for encrypted PDF files.
- You can now scan files and folders in Google Drive’s Shared drives.
- The Oracle database module has been enhanced to fully support tables with primary or unique keys defined by two or more columns. This improves row coverage when scanning Oracle databases, addressing a previous limitation that could cause some rows to be skipped.
- Updated compression libraries and other enhancements for increased application security.
- Agentless scanning in Enterprise Recon Cloud 2.13.0 has been optimized to support more concurrent scans with lower memory usage. This helps improve scanning efficiency, especially in environments with a large number of Targets that are not feasible for an Agent-based scanning approach.
- Enterprise Recon Cloud 2.13.0 has an updated Microsoft OneNote module that uses the more secure delegated permission tokens for authentication. To continue scanning Microsoft OneNote Targets, (i) upgrade the Master Server to the latest version, (ii) update Microsoft OneNote credential sets by performing re-authentication (see Re-authenticate Microsoft OneNote Credentials), and (iii) create new single-Agent scans for impacted locations and existing scans with OneNote locations.
- You can now scan Azure file shares (SMB) as a Network Storage Location.
- Minor UI enhancements.
Bug Fixes
- Scans for small files in Google Drive Targets took longer than expected for Google Workspace accounts with a large amount of data stored in Google Drive.
- Only the first 1000 tables were probed and scanned for Azure Storage tables. For the fix to take effect, re-add and/or re-scan the impacted Azure table Target locations.
- The sort function for the "Match" column on the Targets page was not working.
- Scanning for both Personal Names (Austrian) and Personal Names (German) data types in a single scan resulted in an increased number of personal detail data matches.
Features That Require Agent Upgrades
Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon Cloud 2.13.0:
- You can now scan macOS Sequoia 15 Targets. Requires macOS Agents.
For a table of all features that require an Agent upgrade, see Agent Upgrade.
Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon Cloud with forthcoming features, please email your interest to product@groundlabs.com.