11 Mar 2016

11 Mar 2016


Seeker is a data loss prevention/sensitive data discovery solution designed to fill the gap between excessively feature-rich DLP software priced out of most reasonable budgets and free DLP software that is generally either not able to manageably  scan at any significant scale or not able to effectively work with many file formats. Seeker is designed to help organizations sized from small to large that are utilizing Windows servers, Windows Clients, SMB file sharing, and websites, in locating inadvertently stored sensitive data such as social security numbers and credit card numbers. Seeker uses built-in Microsoft technologies to deliver accurate results, integrates with Active Directory, and provides search customizations.

mainscreenshot    reporting

Seeker, LLC was created by an IT security professional disappointed with present-day software offerings in the area of data loss prevention/sensitive data discovery software for businesses – more specifically, with the fact that vendors tend to charge a license fee aggressively targeting mid-to-large-sized companies and universities by charging per-user/per-server/per-workstation/per-website license fees on a scale that barely declines with increasing installation sizes.  As anyone tasked with IT purchasing in a mid-size or large organization knows, this can get very pricey, very quickly.

The difference between Seeker and common licensed DLP products:

Seeker was designed with a strong focus on allowing an administrator to work from a single console to scan data at rest across servers, client workstations, websites, and SMB file shares in a Windows and Active Directory environment. Unlike essentially all other products that can achieve this goal, Seeker is licensed per scanning console, with unlimited targets). Therefore, an administrator needing to scan data across 50 Windows servers, 5 NAS devices available via SMB shares, 5 websites, and 140 Windows client workstations can pay for a Seeker scanner license, which is $1000 for enterprise and $500 for education/non-profits at this time.  A competitor charging $800 per scanned server, NAS, or website, and $20 per workstation would charge $50,800 to accomplish the same goal, and this almost always entails paying “maintenance” or “renewal” fees every subsequent year for around 20% of that amount. Translation: Seeker would cost 98-99% less than competitors using this common pricing model.

Advantages of Seeker over free DLP software:

  • Ability to scan a relatively large number of servers, workstations, file shares, or websites in a thorough way in a short time from one console.
  • Ability to scan a large number of machines in a cursory way in a very short time from one console.
  • Ability to scan files with formats other than plain text.
  • Extensibility in method of scanning files – anything which can be indexed with Windows Search can be scanned by Seeker, in addition to some other formats.
  • Ability to scan a relatively large number of machines or shares solely for undesirable permissions, or for those permissions in combination with patterns which appear to be sensitive data.

Other notable capabilities of Seeker:

Seeker will not only perform scans for patterns such as credit cards and SSNs, but it can do some things that are fairly unique:

  • Seeker can flag files within scan results having file system ACLs that might be of concern (e.g. the Everyone group has Read rights to a file with SSNs).
  • Seeker allows you to alert on given strings in the path of a file, i.e. “Dropbox” or “OneDrive”.
  • Seeker is extensible in terms of file formats which can be scanned. Seeker uses IFilters (the technology Microsoft uses to convert files to plain text while indexing data) to read files. Any file with an IFilter can be scanned, provided you install that IFilter on the scanning system.
  • Seeker can optionally scan using a cursory scan mode that takes advantage of Microsoft’s Windows Search index on clients to get back all files with a desired pattern (such as SSNs or CCNs) within the first 1024 characters (of indexed text). In our experience, this not only returns the majority of matching files that would be returned from complete scans of the files, but it does it extremely quickly. Within a few seconds a client often completes this task, Seeker’s console runs multiple threads simultaneously, so results from even a large network can be returned very quickly. At this time, we are not aware of any faster way to scan and are not aware of any other product that does this.