Ground Labs Enterprise Recon

Ground Labs Enterprise Recon provides enterprise-wide sensitive data discovery in accordance with a range of compliance regulations. It comes in three versions: Enterprise Recon PCI, Enterprise Recon PII, and Enterprise Recon Pro. The former focuses solely on PCI data, while the latter two can also handle more general PII data. In addition, the Pro version provides data risk management capabilities. Although we do not discuss it further in this document, Ground Labs also offers Card Recon, a more specialised offering for discovering PCI data on individual machines.

Enterprise Recon is available both on-prem and in the cloud (as a service, in the latter case). It provides an open API that allows it to integrate with third party applications, as well as a range of in-house connectors, and it boasts particularly close integration with Data Loss Prevention (DLP) products. Moreover, it supports a variety of data sources, including file systems, relational databases (such as MySQL, Sybase, Teradata, PostgreSQL, Oracle and DB2), MongoDB, InterSystems Caché, SAP Hana, Microsoft SharePoint, and all three major cloud providers (including S3).

Customer Quotes

“Enterprise Recon PII is integral in how we think about our sensitive data management, ensuring we maintain our customers’ trust while meeting both organizational and regulatory compliance standards. We are able to do all this, without disruption, 24 hours a day, seven days a week.”
Verifone

“Our relationship with Ground Labs has helped customers across the Thales partner ecosystem to access powerful data discovery solutions to find, secure and remediate sensitive data.”
Thales

Enterprise Recon can discover a wide range of data, coming with over 300 predefined data types that span a variety of regulations, including GDPR, PCI DSS, CCPA, HIPAA, PIPEDA, PDPA and the Australian Privacy Act. You can also create custom data types. The product’s discovery process will determine the content type of each of your files and/or records, perform appropriate decoding and transformation, then attempt to match your data against the aforementioned data types. The latter is accomplished using GLASS (‘Ground Labs Accurate Search Syntax’), Ground Labs’ bespoke pattern matching technology.

GLASS can operate across multiple architectures simultaneously, and it can match against multiple patterns concurrently. It can operate on both structured and unstructured data, and in aid of the former it features an OCR (Optical Character Recognition) engine for extracting text from images. Moreover, it uses contextual information to improve the accuracy of its matches, by either bringing in or filtering out data based on its surrounding context. This means that, for example, you could write a pattern that locates address information but that discards corporate addresses based on particular terms or keywords that appear near the data. This can go the other way, as well, where otherwise innocuous data can be identified as sensitive based on its context. GLASS also leverages checksums, function calls, and various other methods for data validation, in addition to pattern matching.

The discovery process itself is both comprehensive and has a sufficiently low footprint to run in the background, without disrupting any ongoing business processes. Once it is finished, Enterprise Recon exposes your results in a dashboard, shown in part of Figure 1. This allows you to review your results, including detailed information about each match and samples of the matched data as well as relevant contextual data. You can, if necessary, manually curate your matched data, then proceed to remediate (and thus secure) any sensitive data you’ve found.

Fig 1a – Enterprise Recon Dashboard

Fig 1b – Enterprise Recon Dashboard

Fig 1c – Enterprise Recon Dashboard

Depending on the data source and the type of file, up to four remediation actions may be available to you: mask, quarantine, encrypt, and delete. Mask (partially) replaces your data with a series of ‘x’ characters; quarantine moves the data to a secure location; encrypt is self-explanatory; and delete permanently removes it from your system. Importantly, the latter is not available for databases. This is a good thing: database admins don’t tend to appreciate that sort of intervention. Particularly sensitive information (credit card numbers, for instance) can also be discovered and masked automatically as it’s moved into the Ground Labs platform. In addition, all remediation actions are logged.

Various other capabilities are available, including data risk scoring and management, data classification, and data access management. The former, in particular, provides an additional dashboard that offers a consolidated view of risk exposure (thus enabling risk remediation). The platform also allows you to locate all data associated with a given individual, and thereby supports data subject access requests (DSARs).

Enterprise Recon has a number of capabilities worth commenting on. For starters, it will discover an impressively wide range of data types out of the box, and speaks to the majority of compliance regulations that are currently active. The fact that you can define your own data types extends it to address any existing regulation, at least in principle, and allows its discovery to remain malleable in the face of changing regulations or non-regulatory requirements. It also supports a relatively wide range of data sources, including both relational and NoSQL databases (and both structured and unstructured data), and provides remediation capabilities. In addition, DSAR support is appreciated, though in our opinion it could stand to be slightly more automated. Likewise, the product’s remediation capabilities are useful, but minimal, and its masking function in particular falls short of a full solution.

However, Enterprise Recon offers more than just regulatory compliance, despite the clear emphasis it places upon it. Its data discovery capabilities can also be put to use to locate data that, while not covered under any regulation, may be particularly valuable to your organisation and therefore worth securing. For example, you might want to identify intellectual property buried within your system or obtained during a corporate acquisition. You might also plausibly want to leverage its discovery, classification and risk management capabilities for their own sake, outside the context of sensitive data.

All that said, it is clear that GLASS is the greatest asset provided by Enterprise Recon. It’s designed to be easy to use, performant, highly accurate, and overall fit-for-purpose, and although we would like to see it support other matching techniques, it’s hard to criticise the combination of pattern matching, contextual analysis, and data validation that it provides.

The Bottom Line

Enterprise Recon is a highly fit-for-purpose solution for discovering data across your enterprise. If you need a better understanding of your data – for regulatory compliance, risk management, or for any other reason – it is well worth evaluating.