Enterprise Recon Cloud 2.13.0

Download ER Cloud 2.13.0 User Guide (PDF)

ER Cloud 2.13.0 Release Notes

The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon Cloud 2.13.0.

For a quick view of the changes since the last Enterprise Recon Cloud release, see Summary of Changes.

Contents:

  1. Highlights
  2. Important Notes
  3. Enterprise Recon Cloud 2.13.0 Changelog
  4. Features That Require Agent Upgrades

New and Improved Features

Stronger PDF Scanning for Sensitive Data Discovery

The Portable Document Format (PDF) is one of the most widely used digital file formats; most contracts, reports, application forms, records, and many other documents are typically saved as PDF files. Because of the highly complex structure of the format, PDF files may contain sensitive data that can be easily missed or overlooked.

Understanding the need for more robust scanning capabilities, Enterprise Recon Cloud 2.13.0 now has improved capabilities to scan and identify sensitive information in PDF files.

Enhancements to PDF scanning include the following capabilities:

  • Improved detection of sensitive data in plain (i.e., standard fonts) and stylized (e.g., custom or symbol fonts) texts.
  • More effective detection of sensitive data in embedded images (the Enable OCR feature must be turned on).
  • Expanded detection of sensitive data in interactive form elements such as text or fill-in fields.
  • Improved detection of sensitive data in non-English characters (including, but not limited to, Turkish, Korean, and Arabic characters), whether in plain or stylized texts.
  • Enhanced scanning capabilities for encrypted PDF files.

These PDF scanning improvements in Enterprise Recon Cloud address the often unpredictable data structures of PDF files, ensuring a more comprehensive coverage in data discovery.

A Windows or Linux Agent is required to take advantage of these enhancements in ER Cloud.

New Platform Integrations

Scan and Remediate the Latest macOS Version

NEW You can now scan and remediate macOS 15 (Sequoia) environments in Enterprise Recon Cloud 2.13.0. Scanning (local scanning, agentless scanning, and remote scanning via SSH), remediation, access control actions, data classification, and reporting features are supported for the newly supported operating system.

An Agent Upgrade is required to scan macOS Sequoia Targets.

Official Support for Azure File Share (SMB)

NEW SMB Azure file shares are now officially supported in Enterprise Recon Cloud 2.13.0 as a Network Storage Location.

To start scanning Azure file shares, see Network Storage Locations.

New and Improved Data Types

Detect Sensitive Medical Data

NEW In response to the rapid digital transformations of the medical industry and the increasing volume of medical data stored in digital systems, Enterprise Recon Cloud 2.13.0 introduces the new Drug Name data type, classified under the newly added Medical Data category.

The new Drug Name data type can detect (i) branded drug names registered in the US and the UK and (ii) generic drug names in the USAN, BAN, AAN, and WHO INN lists.

These enhancements are part of our ongoing efforts to expand discovery capabilities and align with industry standards.

Important Security Enhancements

Critical OS Security Updates

Security updates for Amazon Linux is available in Enterprise Recon Cloud 2.13.0. These critical updates address recently identified vulnerabilities and improve system stability.

To keep the Amazon Linux OS up to date, refer to Update the Amazon Operating System.

Important Module Updates

CRITICAL: Microsoft OneNote Re-authentication

Who needs to upgrade

All users who scan Microsoft OneNote Targets must upgrade to Enterprise Recon Cloud 2.13.0. Scanning OneNote locations is no longer possible in Enterprise Recon Cloud versions 2.12.1 and older.

If there are Microsoft OneNote locations included in your existing scan schedules (ongoing or not yet started), ER Cloud 2.12.1 and older will report them as inaccessible locations.

What are the changes in this release

The Microsoft OneNote Target in Enterprise Recon Cloud 2.12.1 and older uses the application permission tokens, which was recently deprecated by Microsoft.

In Enterprise Recon Cloud 2.13.0, the Microsoft OneNote module has been updated to use the more secure delegated permission tokens for authentication. This means that you will now be required to sign in with your Microsoft account to grant Enterprise Recon Cloud access to scan OneNote resources.

This is a critical upgrade and re-authentication requirement following Microsoft’s recent deprecation of authentication tokens with application permissions for Microsoft OneNote.

What needs to be done

To be able to scan Microsoft OneNote Targets:

  1. Upgrade the Master Server to the latest version. See Update ER Cloud.
  2. Update Microsoft OneNote credential sets added in earlier versions of Enterprise Recon Cloud by performing re-authentication. See Re-authenticate Microsoft OneNote Credentials.
  3. Create new single-Agent scans for:
    • impacted Microsoft OneNote locations that were reported as inaccessible locations, and
    • existing scans with OneNote locations. Existing scans (ongoing or not yet started) that include OneNote locations may be interrupted even after re-authenticating. Creating new scans to replace the existing ones ensures that the scans transition to the new authentication method and run successfully.

Early Access

The Early Access stage allows Ground Labs to collect a round of usability and performance feedback before a feature is made generally available.

If you would like to request access to any of the Early Access features, please get in touch with the Ground Labs Support Team for assistance.

Early Access Features

  • Apache Hive - Enables sensitive data discovery on Apache Hive (and Cloudera Hive) database Targets.

Important Notes

CRITICAL: One Way Upgrade to Enterprise Recon Cloud 2.13.0

Certain data sets, storage formats and components for the Master Server have been updated in Enterprise Recon Cloud 2.13.0. Therefore once the Master Server is updated from Enterprise Recon Cloud 2.12.1 to ER Cloud 2.13.0, the datastore is not backward compatible and downgrading ER Cloud 2.13.0 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance with upgrading the Master Server.

End-of-Support Platforms and Features in Enterprise Recon Cloud 2.13.0

The following platforms and/or features have reached end of support in Enterprise Recon Cloud:

Upcoming End-of-Support Platforms and Features

The following platforms and/or features will reach end of support and be removed in the upcoming Enterprise Recon Cloud release:

Changelog

The Changelog is a complete list of all the changes in Enterprise Recon Cloud 2.13.0.

What’s New?

  • New Data Types
    • NEW Drug Name

  • New Platform Integrations:

    • NEW macOS Sequoia 15

Enhancements

  • Improved Features:

    • Enterprise Recon Cloud 2.13.0 has been updated with clear messaging in the web UI and API beginning 30 days before the current ER Cloud license expires. With this change, users are now required to upload a new license to be able to continue accessing all Enterprise Recon Cloud web UI and API functionalities.
    • Enterprise Recon Cloud 2.13.0 has improved the scanning and detection of sensitive data in PDF files with plain text and stylized or obscure text, embedded images, interactive form elements (e.g., text and fill-in fields), and sensitive data in non-English characters (including, but not limited to, Turkish, Korean, and Arabic characters) in plain or stylized text. This update also brings enhanced scanning capabilities for encrypted PDF files.
    • You can now scan files and folders in Google Drive’s Shared drives.
    • The Oracle database module has been enhanced to fully support tables with primary or unique keys defined by two or more columns. This improves row coverage when scanning Oracle databases, addressing a previous limitation that could cause some rows to be skipped.
    • Updated compression libraries and other enhancements for increased application security.
    • Agentless scanning in Enterprise Recon Cloud 2.13.0 has been optimized to support more concurrent scans with lower memory usage. This helps improve scanning efficiency, especially in environments with a large number of Targets that are not feasible for an Agent-based scanning approach.
    • Enterprise Recon Cloud 2.13.0 has an updated Microsoft OneNote module that uses the more secure delegated permission tokens for authentication. To continue scanning Microsoft OneNote Targets, (i) upgrade the Master Server to the latest version, (ii) update Microsoft OneNote credential sets by performing re-authentication (see Re-authenticate Microsoft OneNote Credentials), and (iii) create new single-Agent scans for impacted locations and existing scans with OneNote locations.
    • You can now scan Azure file shares (SMB) as a Network Storage Location.
    • Minor UI enhancements.

Bug Fixes

  • Scans for small files in Google Drive Targets took longer than expected for Google Workspace accounts with a large amount of data stored in Google Drive.
  • Only the first 1000 tables were probed and scanned for Azure Storage tables. For the fix to take effect, re-add and/or re-scan the impacted Azure table Target locations.
  • The sort function for the "Match" column on the Targets page was not working.
  • Scanning for both Personal Names (Austrian) and Personal Names (German) data types in a single scan resulted in an increased number of personal detail data matches.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon Cloud 2.13.0:

  • You can now scan macOS Sequoia 15 Targets. Requires macOS Agents.

For a table of all features that require an Agent upgrade, see Agent Upgrade.

Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon Cloud with forthcoming features, please email your interest to product@groundlabs.com.