Open Raven Platform Release: Operationalizing Data Scanning, Violations Management, and Investigations
New year, new functionality. Releases in January centered on operationalizing data security with enhancements to Scan Runs and Violations management and new advanced search capabilities in the Data Catalog that support investigations. Also, we released several new data classes. Let's dig in.
Operationalizing Data Scanning
Data services, assets, and data classes change over time — new services, more assets, constantly changing amounts and types of data, etc. — and require new or modified scans. Along the way, there may have been scans that were either deprecated, misconfigured, accidentally created, or no longer needed. Both impact how teams operationalize scanning.
To enhance the scan management experience, we've added a filter so users can remove scan jobs from view and better manage their scanning activity. Let's say you initiated a scan only later to cancel it and change the config. Or, you have a large number of assets or groups and regularly scheduled scans. Now, in either Scan Runs or Scheduled Scans, you can right-click on a specific job and select "Delete scan" to remove the scan from view.
Operationalizing Violations Management
We added two new capabilities to Violations that support operationalization. The first is the ability to create conditional filters, enabling security teams to better scope queries when triaging violations. Selecting multiple items within a filter object utilizes an OR condition. Selecting multiple filter objects utilizes an AND condition. For example, in the picture below, security teams can use conditional logic to create queries for high-severity open violations associated with assets in AWS account A or B, with either Financial or Personal data findings. Security teams can then take action on specific violations or create and assign tickets to the appropriate issue owner. Conditional filters are also available in Assets and Data Catalog.
The second new functionality that supports operationalizing violations is creating automations directly from a rule. Expanding on the previous example, clicking on one of the violations takes you to the Violations Details window. From here, users can click the "Create automation" button.
Using the editor, users can create automated response actions. In the example below, the automation will send a Slack alert to #security-alerts when a high-severity violation for the specified rule is discovered.
Data Catalog Enhancements
The Data Catalog is an excellent starting point for investigating data security risk. In addition to providing comprehensive visibility, security teams can ask questions using powerful filters. This past month, we released two new enhancements to the Data Catalog.
The first is the integration of SaaS data into the Data Catalog along with IaaS and PaaS data. Security teams can now use the Data Catalog to better understand SaaS data risk and ask questions. Let's say you want to determine which employees store PII in Google Drive and how much. By filtering on Resource Type = Google My Drive and Data Collection = Personal Data, you can instantly see all My Drive assets that contain PII.
By clicking on the actions at the end of a row, you can drill into each My Drive for a detailed list of all relevant files and data findings.
The second new feature is Advanced Search. With Advanced Search, you can query the entire Data Catalog for a specific data string from a data preview or the name of a file in an unstructured data store. Let's say you are looking for a specific email address and have the redacted version based on a data finding. Using advanced search, you can find every instance of that redacted address.
New Data Classes
- Argentina Driver's License Number
- Argentina National ID (DNI)
- Argentina Passport Number
- Argentina Phone Number
- Argentina Taxpayer Number
- JSON Web Token
- South Korea Driver's License Number
- South Korea National ID (RRN)
- South Korea Passport Number
- South Korea Phone Number
- South Korea Tax ID