Remediation options

Introduction

This article shall cover all remediation options as well as relevant frequently asked questions.

 

"Act directly on selected locations"

Masking

Ground Labs products are able to redact sensitive information (such as credit card numbers) in simple file types such as log files, text files, and other non-custom-encoded file types. Please note that this feature is not currently supported for complex file types (such as Microsoft Office and PDF files)

The option masks/censors PAN data (16-digit card number) in matches found within the file itself.

(Before mask)
5105105105105100
(After mask)
510510XXXXXX5100

For complex file types, we recommend the use of either the quarantine/encrypt options or the "Delete Permanently" remediation option, which will ensure that the data is no longer available in any form. 

Quarantine

The quarantine option helps move selected files containing matches to a different directory of choice.
We recommend moving to a secure & encrypted directory.

Delete permanently

The delete option performs a secure erase (1 overwrite pass) of selected files.

Currently, it is not possible to change/increase the number of overwrite passes performed, however this feature is in the works.

Encrypt files

The encrypt option archives selected files into an AES protected ZIP package.

 

"Mark location for compliance report"

The options here changes how the matches are shown in your report.

Confirmed

This confirms a real match.

Remediated manually

This shows a particular match has been manually remediated directly.

Test data

This marks a match as a test data.

False match

This confirms a false positive.

Remove mark

This removes an existing mark.

 

Remediation on databases?

Remediation options are disabled for databases.

Remediation of databases is a dangerous proposition. In reality, there are few DBAs or application owners who would allow an application like Enterprise Recon WRITE access to tables and rows of a production database.

By allowing remediation for databases, it introduces an unnecessary risk of any accidental remediation mishaps which may cause irreversible major damage to the production value of your databases.

Whilst such as a feature has been considered previously and discussed with clients, the ultimate conclusion clients operating mission critical environments reach is that such a feature would be deemed too dangerous for practical use and would thus be disabled.

To help the user better understand where matches are found we narrow results down to the column/s where each match was found.

In the example above, the match "406041######2825" was found in columns "STREET_ADDRESS_1" & "STREET_ADDRESS2", these columns directly correlate to the columns in your schema table.

 

Remediation on emails?

Only the option to delete emails containing matches is available.
This remediation option performs exactly the same as normally deleting emails through your email client (eg. Microsoft Outlook, Gmail).
All contents of the email are deleted, including any attachments.

On the topic of data masking, it is not functionally possible to rewrite the content of an email within a live email server.

To do so would create serious ramifications around the data integrity of email systems given that if email servers offered this capability, the potential could exist to create false evidence of email conversations that never took place.

 

Remediation on free disk space (shadow volumes)?

It is only possible to permanently delete the entire shadow volume due to its nature, no other remediation options are possible.

 

All information in this article is accurate and true as of the last edited date.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.