Nov 15
Spirion Settings Viewer

​To view all policies from within the Spirion Console you can use the Spirion Settings Viewer.

https://support.spirion.com/hc/en-us/articles/115000018052-Settings-Reference-Guide#settingsviewer 

Oct 01
ISACA Houston Presentation

cprethercircle.pngCory Retherford (www.coryretherford.com)

Solutions Engineer, Spirion

Specializing in security architecture and data management.ISACAPic.jpg
SANS certifications and (ISC)² Member and certifications.
20 years as an IT professional with focus in data security and operational data security risk reduction.
Real world solutions implementation experience in large and complex environments.

Abstract

Will discuss the critical steps and fundamentals in protecting sensitive data against data leaks.  Narrowing the project scope and creating data awareness is critical for a security programs success.  Will discuss an approach to the implementation of a data steward project and implementing technical automation to help drive information worker security awareness and concentrating resources on protecting critical systems with personally identifiable information (PII).

Download the Presentation

ISACAPresentation.pdf

Sep 25
Spirion SQL 2016 Requirement

As we move forward with a delivery of the next version of Spirion one of the prerequisites using Microsoft SQL Server if you are not using the Enterprise version, you will need to install the SP1 update previsou to installing Spirion or an upgrade. This is a good practice to be patched and up to date on your Windows servers and SQL servers.SQL2016SP1.png

https://support.spirion.com/hc/en-us/articles/115000019051-Console-Setup-Validation-Rules

Sep 22
GDPR and Data Management

The General Data Protection Regulation

On May 25, 2018 a new regulation across Europe known as The General Data Protection Regulation (GDPR) will be enacted. This transformational regulation defines measures that must be in place to effectively manage data at rest.

From a technical perspective there will be several provisions of the GDPR as they pertain to technical measures organizations must implement to protect and understand their data footprint. As an organization, your due diligence is to protect any data and more specifically data about any individual.

The required technical controls are still being defined and it's quite clear you must know what data you collect (for real) and where it is (for real)?

Reality

Security practitioners will be challenged to align their organizations to comply with the GDPR provisions. The technical controls you have or plan to implement now will affect business anywhere in the world that collect any European (EU) data, so it is up to the organization to understand the data footprint. Understanding the types of data being collected and where data is located (Databases, File servers, laptops, desktops, e-mail, websites such as SharePoint, etc.) are extremely important as it related to GDPR. An organization cannot protect data it is unaware of or its location.

Data management is part of all business process and the management of where that data exists is very challenging. As an IT professional for 20 years protecting all forms of data, my experience is that any rights management process you think works cannot assure you that all your data only exists on your database or file servers. We are humans and we all copy data from these devices to work on our local workstations or devices we take home. Once this data leaves these central repositories we have extended our network and organizational resources scope of security responsibility beyond the network.

What's Next?

The principal security posture is awareness of the data type (CCN, NIN, PIN, NID, ssPIN, etc) footprint and the sensitivity of this data through data classification for risk management, legal discovery, and compliance.  Written business procedures and guidelines define the classifications however; it is the responsibility of management, IT professionals, and the employees to specify appropriate data handling procedures, retention, and appropriate storage.

Data stewardship is a passion of mine that matured over the decades of developing written process and then implementing the busness logic to the technical operations to facilitate the written process.  Data is difficult to appropriately manage through manual process alone.  As a key player stewarding data for more time than anyone could digest I hope to provide some perspective and lessons learned through my journey of interpreting business logic process and building technical process and implementation around the discovery and handling of data and how it aligns with the GDPR.

More to come… Article 5(2), 25(1), 32(b)

Sep 13
My Experience Report as a Former Spirion Customer and Advocate

My Experience as a Former Spirion Customer and Advocate and now a member of the Spirion Team.
https://www.spirion.com/blog/experience-report-former-spirion-customer-advocate/

Sep 12
Using Spirion for Data Retention

One of the helpful workflow rules provided in Spirion is the ability to Shred or Quarantine data that has not been accessed for a duration of time or data older than so many Days/Months/Years, etc.

To do this following these steps:

  1. Navigate to the Console > Ribbon > Choose Workflow.
  2. Select Rule and choose Add.
    1. Select the Definition tab.
      1. Select the following Definition options:
        1. Access Date / Last X Years / 30
          1. This rule states that any document not access in 30 years
        2. Create Date / Older Than X Months / 360
          1. This rule states any document created more than 30 years ago
      2. (See Image)
    2. Select the Actions tab.
      1. Select the Perform the following remediation action:
        1. Quarantine to move data to an offline or hardened storage device. ​
        2. Shred to delete the data using DOD multi pass process.
  3. Complete the remaining tabs
  4. Select Finish


This workflow will now provide a data retention function.

Sep 07
Spirion Create Stop All Tasks

Scenario - After a scan task has been initiated, how do you stop the already running Spirion scan. This may be required to stop a scan if an operations team needs to perform maintenance on the endpoint for patching, etc.

  • To stop a scan in progress you create an empty "Scheduled Task" in the Console in the Policies tab.  You assign the endpoint you wish to execute the stop request to the this "Scheduled Task" using the below image options settings.  Because the agent has already executed a command from the Console its necessary to create an additional "Stop Scan(s)" policy template to execute the additional command.
    • Settings:
      One Time
      Local System Account
      Stop all instances of Spirion and run this search
      Do not run

  1. The agent will receive this new task policy update, stop the existing search, and execute this empty task.  This empty task will not initiate any command except a stop all instances of Spirion scans.
Sep 07
Spirion Search Progress “Deletion”

To clear jobs you can set this in the application settings screen.

Days to keep completed search progress information.

By default, search progress information for completed searches is kept for 7 days. Valid values are 0-9,999. A value of 0 means the search progress information of a completed search will be deleted the next time the Importing service job executes.  The default value is 7 which will cause search progress information to be deleted 7 days after the search has completed.

http://my.spirion.com/Help/EnterpriseConsole/index.htm#3436.htm#o3489

Aug 02
Spirion RBAC Active Directory Security Groups

This guide resource from the Spirion user guide should help in addition to the specific settings I have provided below - https://my.spirion.com/help/enterpriseconsole/index.htm#3460.htm?Highlight=groups

Pre-configuration using Active Directory Security Groups

  1. Open the Spirion Console Administrator Tool (CAT).
    1. The console must have the Enable AD User Authentication: setup for the following.
      1. For Example.
      2. Verify that Allow Auto-Roles: is selected.

The following are specific setup steps to setup an AD Group.

  1. Locate the AD Groups domain group Properties by using the Active Directory Users and Computers Snap in > Select the Attribute Editor > Select the distingusedName.
    1. Copy the Value from this field, for example.
      1. CN=SPIRION_ADMINS,OU=Spirion,OU=Security_Groups,OU=Demographic.
    2. Pro Tip* You can test the above LDAP path using the CAT > Authentication and AD Settings side tab and clicking the Test button at the bottom by either pasting the path into the LDAP Query: box or by navigating to it by clicking the Verify Query bottom which will display the AD OU's.
  2. Navigate to the Console > Admin Tab > Roles.
    1. Create a new Role > The Create Role window opens.
      1. Select the Click here to add new item under the AD Groups:
        1. Note* AD Roots is not used for single forest domains.
  3. Add the value copied from the distingusedName for the group.
    1. Click OK.
      1. Assign the General Permissions and Tag Permissions as appropriate.
  4. Have the AD User log into the console to verify access.
Jul 20
Spirion Custom MSI Package Builder Creation

To upgrade or customize the Windows client build an MSI using the Identity Finder MSI Builder.

The following article has instructions and a download link for the Identity Finder MSI Builder version 10 - https://identityfinder.zendesk.com/hc/en-us/articles/115000019892#Creating%20an%20MSI%20Using%20MSIBuilder

  1. These are the custom settings I use.

         

         

  1. Modify the Application Integration:
    1. Select "Manage" and select all options.

         SpirionManageCustomMSIBuilder.png

  1. Click OK, Click Save
  2. Click Build MSI

 

1 - 10Next
Copyright © | CoryRetherford, LLC | Contact MeNetwork Storage and Security Solutions, LLC, Rights Reserved.®
TLS 1.2, AES with 256 bit encryption

 ‭(Hidden)‬ Blog Tools