Network Scanning Software
There’s a good reason why managed service providers use network scanning software. While managing numerous, demanding networks, MSPs have found themselves responsible for increasingly large amounts of data. Quantity is an issue.
But so, too, is the quality of data. In addition to overseeing petabytes of data, MSPs and IT professionals must reckon with the sheer variety of data. Whether backing up Word documents or encrypting credit card data, MSPs often find themselves with their hands full — and their clients clamoring for additional services.
One group of data demands particularly great attention: personally identifiable information, or PII. According to a definition from the U.S. Department of Labor, personally identifiable information “permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.”
The Department of Labor describes PII in greater detail. PII, the department says, includes information that can directly identify individuals. This includes names, addresses, phone numbers and Social Security numbers. PII also includes other kinds of identifiers, such as one’s race, gender or birth date.
Not All PII is Equal
PII can be broken down further into two categories: sensitive and non-sensitive. Some of the above-listed information, such as phone numbers, can be considered non sensitive. This information is often readily available through public records.
Sensitive information is where the heart of the issue lies. This information can harm individuals if released publicly. It includes medical records, financial records and any of a host of unique identifiers, such as passport information.
IT professionals, when running network scanning software, may learn that their networks host a wide variety of both sensitive and non-sensitive PII. Making things more complicated, this PII likely exists in three different states: at rest, in use and in motion.
Data at rest is stored on network endpoints. These include file servers and other information-storage locations, like Sharepoint and web servers. Data at rest can include archival files, as well as data stored in remote backup sites.
When data is in a state of use, it is actively being accessed. This is the state of data when employees are doing their jobs – accessing and making changes to files, for instance.
When data is in motion, it is traveling across computer networks. This can include data that is sent by email, or the daily backing up of files on a remote server.
The Task for IT
If you’re starting to sweat while counting the permutations, you’re not alone. With so much data to account for, and so many different states of data, IT professionals face a herculean task. Networks must be secure. They must be stable.
But still, IT professionals know that they must balance their desire for control against employees’ freedoms. After all, employees need to be able to access the files on which their business depends. It’s a balancing act. And MSPs must work to figure out which data is most sensitive, and which employees can access that data for their work.
The alternative — unfettered data access — clearly isn’t an option.
Consequences of Data Breaches
Data breaches have grown more and more common. 2016, through the month of August, saw some 600 confirmed data breaches, exposing more than 21 million records, according to a tally by the Identity Theft Resource Center. These breaches touched every industry, from banking to healthcare to athletics. Among those listed as a victim of a breach: USA field hockey. No one, it seems, is immune from data breaches.
Breaches’ problem isn’t just that they’re pervasive; they can be extremely damaging. When PII is breached, individuals can face embarrassment and blackmail, according to a report by the National Institute of Standards and Technology. This was certainly the case when the dating site Ashley Madison was hacked in 2015, and hackers released records for 32 million users. Countless relationships were likely damaged, and anyone on the Internet could uncover whether someone was using the site, provided they had that person’s email address.
These kinds of breaches clearly can take a toll on an organization’s reputation. If customers and other users learn that their PII has been breached, they may lose a large degree of faith in the organization. This can cause long-term harm. Customers may take their business elsewhere, and organizations may see employee attrition, as business sags and morale begins to falter.
But in a more immediate timeframe, organizations face steep costs associated with data breaches. Target, for instance, found itself compelled to offer credit monitoring services to its customers, in the wake of a massive breach in 2013.
Some regulated industries, such as healthcare and finance, face steep legal fines when their data has been breached. In one case, the urgent-care center Concentra faced a $1.73 million fine from the federal government, after 870 medical records were breached.
The Importance of Network Scanning Software
The importance of network scans extends beyond PII. Indeed, organizations now face perhaps the most challenging network security climate.
A couple figures speak to the current situation. In a 2015 global survey, PricewaterhouseCoopers found that, since 2009, information security incidents have risen 66 percent annually. In total, the world saw about 43 million security incidents in 2014, the survey found.
Here’s another worrying figure: 82 percent of survey respondents said that it’s “likely” or “very likely” that they’d be a victim of an attack that year.
Attacks come in many forms. They include hacking, social engineering, malware, phishing, SQL injections and man-in-the-middle attacks, among many others. These kinds of attacks continue to grow in sophistication. And there’s no sign that they’re abating.
How to Uncover PII
This troubling picture has heightened the attention that MSPs place on network scanning software. With its ability to root out vulnerabilities, scanning software has become an increasingly crucial tool for IT professionals.
But in the crowded market for scalable, efficient solutions, one option has gained the industry-wide trust of MSPs. That’s SolarWinds MSP's (formerly LOGICnow) MSP Risk Intelligence.
With our deep PII scans, you can protect sensitive data by finding all the locations where it’s hidden. No stones are left unturned. Find all the PII across your networks, including:
- Sensitive PII. Our lightweight scans uncover sensitive PII that’s scattered across workstations and devices. This data includes bank account information, driver’s license numbers, social security numbers, ACH data and much more.
- Credit card data. Dig through the petabytes of data to find cardholder data from Mastercard, Visa, American Express, Diner’s Club and others.
- Data at rest and in motion. Our PII scans don’t just find data that’s tucked away in a workstation. It also reveals sensitive PII that’s in motion, helping you to locate major risks for data breaches.
- Health records. Help your clients meet HIPAA compliance by locating multiple types of protected health information. This includes patient charts, photos, medical records and account numbers.
Protect Against Attacks
Our deep vulnerability scans allow you to find your greatest risks — and fix them before a threat arrives. With vulnerability scans, you can uncover:
- Software that requires patching. Uncover unpatched software across all of your networks, a crucial source of intelligence as you work to protect commonly exploited technologies, including Java and Flash.
- Unsecured data across devices. Our lightweight, host-based scans skirt around the headache-inducing issue of device permissions, allowing you to run deep scans across workstations, servers and networks.
- Emerging threats. Our vulnerability scans are more powerful because they sync with the Common Vulnerability Scoring System database, which tracks developing threats every day.
- Email threats. MAX Risk Intelligence digs deep into email for known vulnerabilities.
- VPN risks. You can set up scans to run any time a new device connects to your network.
Many data breaches aren’t malicious. They’re the results of employee accidents.
And many of these breaches can be prevented by limiting user access to PII. Before you set access permissions, though, you have to know who has access to what.
MSP Risk Intelligence is here to help.
With our permissions discovery tools, uncover permissions issues, such as:
- Inappropriate permissions. With network-wide scans, you can discover who has access to sensitive data, including those who shouldn’t. Scans look at a fine-grain level, including read/write access, and across a wide variety of file types.
- Leaked payment data. Find payment data that sales associates have collected, and which remain unsecured.
- At-risk trade secrets. Our scans reveal vulnerabilities that threaten your intellectual property.
Put a Dollar Figure on It
There’s nothing that makes life easier for executives than the ability to weigh costs and benefits. Traditionally, that’s been tricky for MSPs.
Not so with MSP Risk Intelligence. Our reporting platform puts an exact dollar figure on an organization’s vulnerabilities, helping you to make a business case for strong, layered security. Our powerful software also gives you the ability to clearly — and concretely — communicate the value of your support.
Try out MSP Risk Intelligence for free. See why so many MSPs have decided to choose intelligence.
About SolarWinds MSP
SolarWinds MSP delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security.SolarWinds MSP’s products, including Risk Intelligence, RMM, Backup & Recovery, Mail Protection, Access Manager, Manager and Anywhere — comprise the market’s most widely trusted integrated solution.
Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as the first ever IT notification feature powered by prescriptive analytics and machine learning.
SolarWinds MSP’s passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.
For more information, visit www.SolarWindsMSP.com.
U.S. Dept. of Labor: https://www.dol.gov/general/ppii
ID Theft Center: http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReport2016.pdf
HealthCare IT News: http://www.healthcareitnews.com/slideshow/6-biggest-hipaa-breach-fines?page=3