Logs

Problem

Businesses have application logs that contain sensitive data. That sensitive data needs to be redacted or scrubbed for following reasons

• Compliance: GDPR, HIPAA, CCPA and many other privacy laws enforce all customer sensitive data to be scrubbed/redacted/or not accessible after certain time period.
• Security: Insider attacks are common where employees who have access to customer's sensitive data lead to data exfiltration
  

Solution

Strac Log Redactor is a Data Loss Prevention (DLP) software. It masks (aka redacts) sensitive data elements in logs while still giving the opportunity to authorized users to view those logs in Strac UI Vault. A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what logs.

Below is a sample list of sensitive data elements that will be detected & redacted:

• Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
• PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
• PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
• Payments (aka Financial Details) or PCI (Payment Card Industry) Data Elements: Bank Account, Routing Numbers, Credit Card Number, CVV, Expiration Date, Debit Card, IBAN, etc.‍
• Secrets: API Keys, Passwords, Passphrases, etc.
• Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
• Physical Network: IP Addresses, MAC Address, etc.
• Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
• Profanity: Curse words, abuse words, etc.
• Custom: Create your own rules or use regex

Checkout Strac's catalog of sensitive data elements that Strac automatically detects and redacts.