Use fingerprints to prove something doesn’t exist!

I remember when I first saw fingerprints.  Several people mentioned them as if they were just another thing.  I knew they were not, and I knew they were special.  In my What’s New in 2.2 article I mentioned how you could do a search for a file using a fingerprint that would find a file that was renamed.  Simple, but in this article we are going to do something a little more interesting.

We have a file – Presentation2.pptx – that looks like a presentation but it is in fact hiding credit cards info.

CC

We can see in the screenshot above the CC that means a credit card was found in the file, so that is a problem.  So we want to use the fingerprint to see if there is other copies.  So we use it to search – we double+clicked on it in the File Details area (seen above) and pasted it into search.

cc2

So we see that there is three copies of it on our array.  But what about off of our array?  What about on one or more of the end points – maybe someone copied off the array to use it for nefarious purposes.  DataGravity can tell you it is on the array, or if it is copied off but what about if it is passed around at work from one user to another?  DataGravity cannot help with that but Heureka can in fact help with that.

Heureka is a partner of DataGravity and while we do SHA-1 fingerprints for every file on our array, Heureka can do that for your endpoints.  You can configure it to do everything in your endpoints or some subset like a folder or whatever.  In my lab I had it do the whole drive C:.

In the Heureka software I created a hash group that contained the fingerprint from DataGravity. Then used it in a search.

cc3

cc4

You can see the result of this search.  There is, on one endpoint – called DGAdmin-2 (which I must admit is mine), two copies of this file.

Now we know the exposure, and we can clean up.  We delete the files from array, and DGAdmin-2.

Find1

This is just one very cool example why I think fingerprints are pretty cool! BTW, Heureka ships with the fingerprint of most malware, so very handy to use to find malware in your enterprise.  Plus with fingerprints from the DataGravity array it is very powerful.

As always, questions and comments welcome.

Michael

=== END ===

Tagged with: , ,
Posted in DataGravity, How To

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: