Verizon recently released its 2013 Data Breach Investigations Report (DBIR), the most comprehensive, longest-running and well-respected report of its kind. In that report, Verizon researchers reiterate what Identity Finder's research has shown for years: Data-at-Rest breaches account for the majority of the risk, but the minority of the attention:

Two-thirds of breaches involved data stored or “at rest” on assets like databases and file servers. The other one-third was being processed when compromised. (DBIR, p. 47)

Fortunately, of the 10 most targeted asset types world-wide (e.g. Desktops, servers), Identity Finder will protect at least 7, including Databases, Desktops, Laptops, File servers, Mail servers, and web servers. (DBIR, p. 22)

Verizon researchers were also able to identify the types of data that were most desired and most compromised. These included payment data, log-in credentials, trade secrets, personal information, bank account numbers, classified data, medical information, and copyrighted information. Of the top 10 most compromised data types world-wide, Identity Finder will find and secure at least 8 in any file format, on just about any device with a hard drive. (DBIR, p. 22, 46)

Verizon's report also confirmed that most breaches target storage devices rather than people, since servers, laptops, and other devices contain large amounts of PII and proprietary data at rest. Of all studied breaches,

71% targeted user devices, [and] 54% compromised servers. (DBIR, p. 6, 42)

Regularly scan and clean these devices so you know your risk level, and can lock down devices with a large amount of sensitive information. In fact, Verizon's first recommendation in the report relates to the importance of data discovery, data minimization, and regular scanning. (DBIR, p. 7) Identity Finder is the industry leader for all of these activities. In addition, DLP software is part of Verizon’s "20 Critical Security Controls" which all organizations should do at a minimum. (DBIR, p. 57)

Identity Finder can help solve one of the industry's most persistent problems—of all studied breaches, "69% [were] discovered by external parties, [and] 69% took months or more to discover" (DBIR, p. 6, 51). Customers who run Identity Finder on all of their devices become aware of leaks long before they become breaches. Because it often takes so long to discover a breach, it is important to run Identity Finder repeatedly over several months to minimize risk.

...we must accept the fact that no barrier is impenetrable... (DBIR, p. 52)

Network intrusions will occur; minimize your risk by decreasing the size of your data target with Identity Finder.

In about one month, Identity Finder's customers will start taking advantage of dozens of new features in the Identity Finder Enterprise DLP Suite v7.0 and modules. These features are designed to improve efficiency, accuracy, performance and stability I wanted to send you a quick note regarding our upcoming release of our Enterprise DLP Suite v7.0. In about a month, our customers will start taking advantage of a multitude of new features designed to operate their DLP program more efficiently and effectively. Accuracy, performance, and stability were at the forefront of priorities for this release, however we have been able to include a plethora of new functionality as well.

Here are the Top 25 New Features in the Identity Finder 7.0 DLP Suite and modules:

1. Linux Endpoint: Deploy a native Red Hat Enterprise Linux (RHEL) agent.
2. Advanced PCI Data Search: New and improved PCI Data AnyFind to discover additional CCNs, Magnetic Stripe/Track 1 and 2 data, CVVs, and expiration dates.
3. Advanced Financial Data Search: New and improved Bank Information AnyFind to discover IBAN, ABA Routing, and SWIFT/BIC codes.
4. Classification: Develop custom classification scheme or use built-in definitions to automatically or manually classify results on the console.
5. Preview Remotely: Preview results in context on the Console. Includes ability to configure size of contextual information.
6. Cloud Storage Search: Search Dropbox, Amazon Cloud Drive, Microsoft SkyDrive, Google Drive, and Box.
7. Workflow: Create rules to assign results to users, notify them, and track their progress.
8. Office 365 Support: Use Exchange Module to search hosted Exchange servers.
9. Faster Web Searches: Enhancements to backend to increase speed and performance on large and very large searches.
10. Enhanced Database Searches: Search inside embedded and attached files as well as binary fields.
11. Removable Drive Watcher Service: Automatically search removable drives upon insertion.
12. Access Control List View: View ACLs for file results on the Console to determine who has access to sensitive data.
13. Notifications: Configure E-mail and/or SNMP traps to alert users of newly assigned and automatically classified results.
14. Enhanced Reporting: Console reporting includes additional columns to report on Roles, ACLs, Assignments, Classifications, etc.
15. Assigned Results View: Users can receive via email an automatically generated secure link to view and take action on their results in Console.
16. UI-Free Background Searching: Run searches as user in background without displaying any user interface.
17. PDF and OCR Searching: Speed increases to searching text based PDFs and all image based files.
18. Console Filtering: Numerous updates to allow column sorting and filtering across the Console to customize administrative and user views.
19. Service Monitor: Ensure Identity Finder services are restarted by "watchdog," if the Identity Finder service is maliciously or inadvertently stopped.
20. Service Obfuscator: Administrators may rename Identity Finder services to hide them from end users.
21. Ignore Action Explanations: Allow users to provide reasons when they whitelist results.
22. Details Screen: New Console view displays detailed results information to improve workflow and remediation.
23. Audit Logging: Additional audit logging on the console.
24. Enhanced File Configuration: New option to search all files except common binary files such as application files, music, videos, etc.
25. Auto-update Hostnames: As endpoint hostnames change, Console will automatically be updated

Our customers appreciate our powerful agent and agentless search functionality enabled by the Identity Finder Endpoint. Identity Finder 7.0 now takes advantage of powerful Windows service features for our enterprise customers. Our new Enterprise Agent which will allow administrators to:

• Hide: You may hide the Identity Finder service so it is invisible to end users.
• Obfuscation: You can now rename the Identity Finder agent to obfuscate its purpose.
• Always Running Service: Identity Finder 7.0 has a "Watchdog" service that will prevent users from shutting down the Identity Finder service and ensure Identity Finder is always running.
• New Drive Watcher Service: Identity Finder 7.0 will now automatically watch for and automatically search removable drives when they are inserted.

These features will permit our customers to distribute searching and increase performance.

The Enterprise Agent allows searches to run in the background during off hours and when it is convenient for admins to schedule them. This means the graphical client interface is now optional and Identity Finder can optionally run unbeknownst to logged in users. Our customers find this advantageous because it allows their employees to focus on their jobs and not worry about our software. The software does all the work for them.

With more robust functionality like this comes the need for more features. Therefore we now allow customers to rename our agent and obfuscate its purpose. Not only can they now "hide" the service as needed, but also implement a ‘watchdog’ service to prevent users from shutting it down. This ensures Identity Finder will always be running.

The Enterprise Agent will become a significant platform for Identity Finder going forward with more and more functionality to help automate the finding of sensitive data.Here are two sneak peek screenshots:

I'm excited to introduce one of our most popular feature requests: Console Preview, or remote preview through the Identity Finder Console. This feature is currently available in the latest beta of Identity Finder's DLP Products and will be rolled out in Identity Finder 7.0.

Many of our enterprise customers centrally manage hundreds or thousands of endpoints through the Identity Finder Console. IT managers, department heads and administrators often need to remotely view Identity Finder matches without having to use the Endpoint.

Our new Console Preview feature gives our customers one single place to go for discovering, analyzing, and remediating sensitive data. As illustrated below, the Console Preview contains much more information, including Workflow, Access Control Lists, File Properties, and Match/Action History. With this new information our customers can see more context or perform an independent review of the data, and therefore make better remediation decisions without using the Endpoint.

Here is a sneak peek screenshot:

I'm happy to provide another sneak peek into the new Cloud Folders feature in Identity Finder 7.0, due to be released in the next couple of months.

Bring Your Own Device (BYOD) is convenient for employers and employees, but introduces several security risks when employees use cloud-based file syncing utilities such as Dropbox, SkyDrive, Amazon Cloud Drive, Google Drive, and Box. These applications allow employees to access their data wherever they need it, but they also open and extend the perimeter of an organization’s data footprint.

Organizations can gain insight and control into data leakage with Identity Finder by searching Cloud folders and drives. Whether our customers care about mitigating risk, complying with PCI-DSS or HIPAA, or simply want to know whether sensitive information has left the organization through cloud services, they will love Identity Finder’s Cloud Search features.

Below are a few screenshots:

We are excited to offer a sneak peek to one of Identity Finder 7.0's most requested features: Workflow. The Workflow feature permits customers to assign results to specific employees, automatically notify users, track cleanup, and facilitate accountability. Fortunately, you don't have to wait to test out Workflow.  It's available in the latest beta of Identity Finder’s DLP products.

Using Identity Finder 7.0's Workflow feature, department heads and administrators can assign results to end users and track the status of that result, from identification through remediation. Holding end users accoutable for unprotected sensitive information improves employee behavior and decreases data security risk.

The Workflow feature allows customers to automatically assign results based on granular, robust criteria; just like the Automated Classification Feature. For example, if a spreadsheet contains SSNs and is stored in the subfolder "H:\jdoe\work," Identity Finder can be configured to automatically assign those results to John Doe. The good news doesn’t stop there: Notifications can automatically notify and alert individuals via e-mail or other methods.

The Identity Finder 7.0 Workflow feature will let users view and report on their Assigned data while admins track their cleanup to ensure risk is mitigated. Identity Finder’s Console and Client applications both provide remediation functionality so Workflow will help ensure one or the other or both are used effectively. The Workflow feature is just one more element of Identity Finder's committment to reduce real risk of data loss by improving employee behavior and tracking PII cleanup.

Screenshots

Many of our customers have asked us to enable their users and administrators to classify results found by Identity Finder’s searches into Identity Finder's built-in groups, or custom groups such as "Top Secret," "Confidential," "FOUO," "Private," "Public," etc.

Identity Finder 7.0 will now be able to perform automatic classifcation based on granular, robust, and customizable criteria. For example, if a spreadsheet contains social security numbers and is located on a specificied file server, Identity Finder can automatically classify those results as "Critical" or "Confidential," depending on what kind of classification scheme our customers prefer.

Classification permits our customers create customized reports on classified data. This is excellent for end users who need to see "Top Secret" documents with sensitive information they own, as well as for administrators who must determine which servers contain the highest amount of "Confidential" information across the enterprise.  Any customer who needs to create a data inventory or prioritize remediation will find Identity Finder 7.0's Classification indespensible.

Take a look at the screenshots below, which also illustrate some of the new Workflow abilities of Identity Finder 7.0, which we'll talk about more in the coming weeks.

Notice the definition to automatically classify results.  Of course users can manually classify as well.

Notice the new column all the way on the right showing the matching color of the classification scheme.

Notice the new details screen with manual classification options under the Workflow section.

For Immediate Release
Media Contact: Aaron Titus
(646) 863-8301 x 2

St. Louis, MO—Hackers going by the name "LulzSecWiki" have posted the names, social security numbers, addresses, phone numbers, employers, work phone numbers, income and other financial information for approximately 315 St. Louis residents. The hackers claim the information came from Midwestern Bankcentre.

A phone message at Midwest Bankcentre indicates that a security incident occured on March 29th, and their website includes a security alert that, "our customers are reporting fraudulent debit & credit card activity... we strongly recommend our customers monitor all of their accounts for suspicious activity."

Identity Finder has analyzed the information which appears to contain:

• Full Names
• Physical and Mailing Addresses
• 315 Email addresses (~100 Unique)
• 315 Social Security Numbers (~100 Unique)
  
• 417 Phone Numbers (~140 Unique)
  
• Income and Other Financial Information

The information posted on a website that has been viewed more than 260 times, and was publically available as of April 8, 2013.  Even after the site is removed, the information may remain publically available through search engine caches for several weeks. "Individuals affected by this breach are at extreme risk of identity theft and should take immediate action to place credit freezes on their accounts," says Aaron Titus, Chief Privacy Officer at Identity Finder, "Exposure of this sensitive information, including social security numbers, can have far more damaging effects for victims than an exposed credit card number."

Most victims live in St. Louis, but many in Arnold, Wildwood, Imperial, Cedar Hill, Oakville, Fenton, St. Charles, Barnhart, Festus, Wentzville, Pevely, Columbia, O'Fallon, Ballwin, and Freeburg, MO.

Identity Finder alerted Midwest BankCentre about the apparent breach. Update: 4/8/2013 10pm: Midwest BankCentre has confirmed the breach with a statement on their home page that reads, in part, "...on April 8, 2013, Midwest BankCentre learned of a security breach affecting some of its customers' personal information. The Secret Service was immediately notified and is investigating." The bank will contact all affected customers and offer LifeLock identity theft protection. As of 10:30pm, the sensitive personal information remained online, and had reached 330 views.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free

Advanced PCI, IBAN, and SWIFT Search

We're excited to give our customers a sneak peek to a new feature available in the latest beta of Identity Finder’s DLP products: Searching for PCI data, credit cards, and bank information.

Many of our customers use Identity Finder to become PCI Compliant and minimize the risk fo a data breach. Others use Identity Finder to create a comprehensive sensitive data inventory to manage risk. Regardless of how you use Identity Finder, you're going to love our new AnyFind™ features. We have added several credit card types, magnetic track data searching, as well as the extra PCI information that includes expiration dates and card verification value (CVV) search.

We have seen a significant demand for advanced PCI features, and we've been hard at work to deliver them. Several of our financial services customers have been asking for the new bank information such as IBANs, routing numbers, and SWIFT codes.

Thanks to the feedback from thousands of our enterprise customers, we have developed new ways to eliminate additional false positives in certain file types. That means our extremely high accuracy rate will be even higher for customers who care about finding this type of data.

Without further ado, here is are two sneak peek screenshots:

For Immediate Release
Media Contact: Aaron Titus
(646) 863-8301 x 2

Washington, D.C.—Identity Finder has analyzed a hack by the Anonymous hacker "Par:Anoia," claiming to have attacked a website belonging to the U.S. Department of State. Our preliminary analysis indicates that the hack appears to be legitimate, affecting roughly 200 people, and relatively low-risk.

Identity Finder's analysis indicates that the hack contains the following information:

• 199 Email Addresses, most of which belonged to state.gov, and a few universities
• ~207 Possible Hashed Passwords. The seemingly hashed strings were unidentified
• Zero Home Addresses
• 194 names

The breached database is named "test_hrwg_careers_usa_ctc_com," which seems to be related to http://careers.hrwg-careers.usa-ctc.com/, which has been taken offline. A cached version indicates that it is a State Department career website, and not likely tied into sensitive State Department systems. The attack appears to be a SQL Injection attack, where a hacker tricks a website into exposing the entire contents of a database.

"This appears to be a legitimate breach," said Aaron Titus, Chief Privacy Officer at Identity Finder. "Although the total risks associated with this breach appear low, if the hashes in the breach are actually passwords, and they are cracked, and the state department employees re-use those passwords on sensitive State Department systems, those systems could be compromised."

"We recommend that the State Department reset the passwords for all affected employees as a precaution," said Titus.

About

Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free