Open Raven Platform Release: New Asset Details Views, New Access and Permissions Details, Snapshot Scanning, and Integration with Snowflake
Spring is almost here, and it's about time. During these dark days of winter, team Open Raven has been heads-down, cranking out new features and capabilities. Everything from next-level asset details with new access and permissions information to scanning structured data snapshots, new APIs, and a new integration with Snowflake for ingesting Open Raven data.
Let's dive in.
New Asset Details Views
When looking at a particular cloud asset, an analyst must rapidly consider many factors - owner, location, configuration settings, and known misconfigurations or policy violations. Having the relevant details available at a glance is critical. Last month, we significantly reorganized how Open Raven displays asset-related information to help analysts see essential details in a single view.
The improved views now show even more information at a glance. The overview tab displays the asset owner and the associated account, if an asset is publicly accessible, encrypted, or replicated elsewhere, discovered data classes, and policy violations. In addition to the Overview tab, we redesigned the Data and Violations details tabs, and we added a new Access details tab.
New User Access and Permissions Details
The new Access tab within an Asset Detail view reveals critical identity and access information about users and policies. For example, for an unstructured data store, the Access tab identifies who has access, how they have access (via direct or assumed role), and permissions. Available details include permission levels (read, write, manage, etc.) and the access method (direct vs. assumed). Details about access policies include how the policy was granted to the user and the permissions the policy conferred upon the user. Analysts can verify that the right users can access that data asset and identify overly permissive access policies with the Access tab.
Snapshot Scanning
We've expanded our ability to scan structured data by offering the ability to scan snapshots in addition to scanning with customer-managed credentials. Whereas scanning structured data with managed credentials provides a higher level of security (see our blog), snapshot scanning provides more flexibility, especially in environments with a large number of databases where obtaining and managing many credentials is challenging.
Users will see the following message indicating that snapshot scanning will be used when setting up a structured data scan for assets where credentials are unavailable.
External APIs
New API endpoints enable customers to automate common use cases using the Open Raven platform. Use cases include scanning new data stores, exporting data for analysis or archiving, integrating asset metadata into an IT asset management database, or exporting and archiving data findings for compliance purposes.
Operationalize Open Raven Data in Snowflake
We have some exciting news for security teams using Snowflake to process and analyze their security data. They can now use Snowflake to ingest data discovered from the Open Raven Data Security Platform. With unified visibility in Snowflake, customers can search, correlate, and report using data discovered through Open Raven. For example, if the customer is looking at a data store that may have been affected by a breach, they can use the Open Raven data set and pull in related metadata, data classes, and any policy violations. Or, users can pull in the Data Catalog and use the findings to weigh risk among data stores in their environment.
Bug Fixes & Enhancements
- Asset Groups that were created as part of a scan (vs created directly by a user) will no longer appear on the Asset Group page.
- Data catalog filters are now preserved when the user is navigating between various data catalog pages.
- Data Classes:
– Email addresses - additional checks for valid domains.
– Names - improved detection by accounting for prefixes, suffixes, extended Latin characters. - Updated several policy rules for compatibility with findings from structured data assets.