Identity Finder Locates, Quarantines Sensitive Documents to Prevent ID Theft

Identity Finder reduces the risks of data leakage and identity theft by finding forgotten or hidden sensitive information and thoroughly eradicating or protecting the data.

While storage costs continue to decline and storage capacities grow exponentially, companies can store every scrap of data created and received. There is a downside, as data volumes expand and spiral out of control to the point where there is no way to know what data is exposed and vulnerable.

Identity Finder announced the latest version of its data-protection software on Feb. 14 at the RSA Conference in San Francisco. Identity Finder reduces the risk of data leakage and identity theft by locating and securing information, regardless of file type and where it is located on the network, Todd Feinman, CEO of Identity Finder, told eWEEK. In version 5.0, Identity Finder added remote remediation capabilities for administrators to take action on users' computers from a centralized console.

Identity Finder searches for all files containing sensitive data, which is defined by the IT manager, on file and e-mail servers, network databases, company Websites and hard drives, he said. Once found, the software prompts the user to digitally shred, redact, encrypt or quarantine the information according to corporate policy, he said. "It's unbelievable how much information we've forgotten is on our computers," Feinman said.

Considering the amount of new data being stored every day and the amount of legacy data being archived, it's "an insurmountable task" for IT administrators to know exactly where Social Security numbers, birth dates, credit card numbers and other personal identifying information or confidential data are stored, said Feinman. With Identity Finder, administrators can locate all instances of these types of information and ensure they are either removed or protected, he said. Quarantining a file means moving it to a "safe" location, such as an encrypted file system, according to Feinman.

Protecting employees and customers has an actual dollar cost. Hackers and identity thieves employ increasingly sophisticated methods to gain access to private information for personal gain, said Feinman. The Identity Theft Resource Center recorded a nearly 33 percent increase in data breaches from 2009 to 2010. An average data breach can cost a health care organization approximately $6.6 million, or $200 per breached record, according to a recent Ponemon Institute survey.

"It's unbelievable how many places hackers can find information," Feinman said, noting that there are often several copies of a single document scattered throughout the enterprise. For example, a document with a Social Security number may be on a user's hard drive, in the "sent" folder on the e-mail server, in the recipient's e-mail inbox and on the recipient's hard drive. And that's assuming the recipient hadn't forwarded the information to anyone else, he said.

About 70 percent of the installed user base uses the Identity Finder client while administrator usage generally makes up about 5 percent, Feinman said. Even so, both the client and console has been fully updated, he said.

The client is now more accurate, employing advanced search algorithms to reduce false positives, performs better, with multi-core processing enabling concurrent analysis, and can search deeper, said Identity Finder. The search capability can locate and shred Windows shadow files and previous versions, the company said. The client is now compatible with Lotus Notes, SharePoint and Exchange Server, according to Identity Finder.

The DLP Console has been fully revamped with a more intuitive interface to increase usability and customization, Feinman said. More importantly, the remote remediation capabilities allow IT administrators to remotely perform security actions on the user's computer, he said.

If the software found violations, such as credit card numbers, on the user's hard drive, the user would be prompted and reminded to secure that data. If the user doesn't take action, the administrator can proactively step in and take care of it from the console, according to Feinman. The administrator can also bypass the end-user to scan and secure the data remotely. They can also analyze data in real time using the data filters, he said.

Identity Finder will be generally available in early March and pricing will remain the same with Desktop licenses starting at $19.95 each and site licenses starting at $5,000, Feinman said. Existing users will be able to use the new auto-update feature being rolled out to update to the new version.

Feinman told about an instance when the software found nothing on a system. It turned out the person had run the software on a brand-new computer, he said.