A look at Spyglass Software Surveyor Enterprise

As a consulting company, we are always looking to add good tools to our toolbox. We got a demo of a tool that can look for sensitive data within your network. It is called Surveyor Enterprise from Spyglass Software. While it can be used for a lot of purposes, for us the attraction was due to fact that it can help us in PCI-DSS engagements.

PCI-DSS requires data such as PAN to be stored in encrypted form and other sensitive data to not be stored at all. Surveyor Enterprise requires agents (or small programs) to be installed on all the computers with the network that you want to look for sensitive data. Once that is done, the agents index all the files and data on the computers that they are installed on. When the server sends a request, the agents report back with all the files that they think contain sensitive data that the administrator is searching for.

This is a discovery and remediation tool. It is not a tool that will intercept and/or prevent sensitive information from being transmitted or stored.

The software is written in Java so it is cross-platform and the search engine is based on the open source Lucene engine. The agents support SSL connections to the server. They need a DNS entry to identify the server that they should talk to. The agents can be installed on each computer using an installer or deployed on a bunch of computers using the command line. For large organizations, the initial deployment would be using the command line.

Surveyor Enterprise from Spyglass Software

The administrator can enter boolean and regular expressions to search for data. All the data is complied on the Enterprise server grouped by the host (computer). The administrator can select a host and look at all the files that contain sensitive data that match the search criteria. It can also look into databases if credentials are provided. The agents can be installed on all the major operating systems. Once the files containing sensitive information are discovered, moving the mouse pointer over the filename will show an excerpt of the contents. If required, the administrator can download the actual file from the individual computer to the server.

The administrator can also notify the users of the individual computers that files on their system contain sensitive data. The user can respond to the notification and the administrator can either approve or ask the user to delete the file(s).

In my opinion, it is a very powerful tool that can find all sorts of sensitive information. As a consultant, I would love to have this tool. In my experience, whenever asked if they had sensitive data in clear text lying around, clients usually say that that is not the case. The more realistic ones admit that they think that data is not lying around in the clear but that they cannot be sure. But this tool can help them identify where their sensitive data is located. If you are a CISO, you may want to obtain a tool such as this one to get a clear picture.

From the client’s perspective, it can be a scary tool. You better have a trust-worthy person running this tool. The administrator can do all kinds of searches such as for documents containing trade secrets or Outlook pst files. These files can then be downloaded to the server without the files’ owners even knowing about it. Welcome to the perfect insider attack scenario. You just have to read my post on the report from the Ponemon Institute to learn about how common insider attacks are.

Links:
Spyglass Software