I am new here and this is my first post so bare with me.
I have been tasked with researching how our business can locate the PAN data (credit card numbers) on our network. I was reading the Nitro user guide and found that section 220.127.116.11 Sensitive Data Masks> "The sensitive data mask feature prevents unauthorized viewing of sensitive data by replacing the sensitive information with a generic user defined string, called the Mask."
My question is... does this mean that Nitro can reach out and mask credit card numbers on the systems that report information to the SEIM? OR is this just masking the credit card data that is fed into the Nitro tool (for Nitro users)?
Also under Asset Management I see that Nitro has a network discovery function. Does this mean that Nitro can reach out and find all network devices to ensure that all required event logs are pointed to the SEIM?
Thanks in advance for any information.
The network discovery feature can use certain discovery protocols, such as SNMP, CDP, and I think a few others if defined with appropriate data and discover some devices, but not to the extent of all devices, mostly just network devices configured for discovery.
As far as I am aware, the sensitive data masks will prevent the data from appearing in the SIEM in a readable format, without the user having proper authorization. It basically uses a regex for a predefined format to find data, and hide it so it cannot be seen in the SIEM. It will not actively go out in the network and mask this data.
If you are searching for credit card specific information, you could potentially do a regex search against the ELM utilizing the regexes specified in the sensitive data masks section for credit card information, and see if it returns any data found matching the regex (presuming your PAN device is showing the data unencrypted and logging the data visibly via syslog) which I believe PAN uses syslog forwarding with support for TLS.
Hopefully that helps, or if you have any additional questions, feel free to reach out to me.
Great answer Ryan; and to add to the answer of searching for credit card information McAfee's Data Loss Prevention (DLP) is a great tool that i believe natively monitors and identifying such events.